Page tree

Welcome to FreeSoftwareServers Confluence Wiki

Skip to end of metadata
Go to start of metadata

[Note] Many of the "Extra" Parameters found online were for older versions of NGinX and are now defaults and not needed. Keep it simple and only add parameters where needed, like to enable older weak protocols.

Installation on Ubuntu 14.04 Server

sudo apt-get install -y nginx

Restart nginx

sudo service nginx restart

NGinX debug failed start

nginx -t

Default Locations:

/etc/nginx/sites-{enabled,available} 
## Create Sites in available, enable by symlinking to enabled and restart nginx
/etc/ssl/{certs,private}  
#SSL Folders, Private has stricter Permissions

General Configs Examples

location / {
root /data/www;
} 

##REDIRECT NON SSL

server {

   listen 80;
   server_name www.domain.com domain.com;

   return 301 https://$host$request_uri;

}

##HTTP WEBSITE SERVING STATIC FILES

server {

   listen 80;
   server_name www.domain.com domain.com;

   location / {
    root /path/www;
   }
}

##SSL HTTPS DOMAIN PROXY PASS

server {
listen               443 ssl;
server_name          www.domain.com domain.com;

ssl on;
ssl_certificate     /etc/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/private/server.key;

location / {

proxy_pass          https://PrivateIP:443/;
include             /etc/nginx/proxy.conf;
## ONE OF MY FAVORITE FEATURES, LINK TO COMMON CONFIGS!

 }
}
 
##/etc/nginx/proxy.conf
proxy_set_header        Host            $host;
proxy_set_header        X-Real-IP       $remote_addr;
proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size    10m;
client_body_buffer_size 128k;
proxy_connect_timeout   90;
proxy_send_timeout      90;
proxy_read_timeout      90;
proxy_buffers           32 4k;
proxy_redirect          off;

##/etc/nginx/websocket-proxy.conf

proxy_http_version      1.1;
proxy_set_header        Upgrade            $http_upgrade;
proxy_set_header        Connection         "Upgrade";
proxy_set_header        Authorization      "";
proxy_read_timeout      86400;
proxy_set_header        Host               $host;
proxy_set_header        X-Real-IP          $remote_addr;
proxy_set_header        X-Forwarded-Server $host;
proxy_set_header        X-Forwarded-For    $proxy_add_x_forwarded_for;
proxy_redirect          off;

##Configure Auth via HTPASSWD

auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;

##FOLLOW SYMLINKS
You can put these directives inside /etc/nginx/nginx.conf OR inside of individual location/server tags. [In NGinX.Conf it would go inside the http { } portion]
disable_symlinks off;    ##Allow following Symlinks
autoindex        on;     ##Needed if Index.html doesn't point to files

Enable Apache (Some sites can't proxy port 80, causes redirects, but you can enable Apache default-ssl with invalid certs and just keep the "good" SSL Config on NGinX, the encryption will still be viewed as SSL Confirmed to end user)

sudo a2ensite default-ssl && sudo a2enmod ssl && sudo service apache2 restart 


Read more on HTPASSWD

 

Usefull Reads:

https://help.ubuntu.com/community/Nginx/ReverseProxy
https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/789/37/certificate-installation-nginx
http://nginx.org/en/docs/http/ngx_http_upstream_module.html#variables
https://www.digitalocean.com/community/tutorials/understanding-nginx-http-proxying-load-balancing-buffering-and-caching

http://nginx.org/en/docs/http/websocket.html

http://stackoverflow.com/questions/12102110/nginx-to-reverse-proxy-websockets-and-enable-ssl-wss

http://pankajmalhotra.com/Websockets-SSL-TLS-Termination-Using-NGINX-Proxy/
https://spin.atomicobject.com/2012/02/28/load-balancing-and-reverse-proxying-with-nginx/
https://www.nginx.com/resources/admin-guide/load-balancer/

  • No labels