[Note] Many of the "Extra" Parameters found online were for older versions of NGinX and are now defaults and not needed. Keep it simple and only add parameters where needed, like to enable older weak protocols.
Installation on Ubuntu 14.04 Server
sudo apt-get install -y nginx
Restart Alias:
echo "alias nginxrestart='systemctl restart nginx ; nginx -t ; systemctl status nginx'" > ~/.bashrc source ~/.bashrc nginxrestart
Default Locations:
/etc/nginx/sites-{enabled,available}
## Create Sites in available, enable by symlinking to enabled and restart nginx
/etc/ssl/{certs,private}
#SSL Folders, Private has stricter Permissions
General Configs Examples
location / {
root /data/www;
}
##REDIRECT NON SSL
server {
listen 80;
server_name www.domain.com domain.com;
return 301 https://$host$request_uri;
}
##HTTP WEBSITE SERVING STATIC FILES
server {
listen 80;
server_name www.domain.com domain.com;
location / {
root /path/www;
}
}
##SSL HTTPS DOMAIN PROXY PASS
server {
listen 443 ssl;
server_name www.domain.com domain.com;
ssl on;
ssl_certificate /etc/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/private/server.key;
location / {
proxy_pass https://PrivateIP:443/;
include /etc/nginx/proxy.conf;
## ONE OF MY FAVORITE FEATURES, LINK TO COMMON CONFIGS!
}
}
##/etc/nginx/proxy.conf
cat << 'EOL'>/etc/nginx/proxy.conf proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffers 32 4k; proxy_redirect off; EOL
##/etc/nginx/websocket-proxy.conf
cat << 'EOL'>/etc/nginx/websocket-proxy.conf proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_set_header Authorization ""; proxy_read_timeout 86400; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_redirect off; EOL
##Configure Auth via HTPASSWD
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
##FOLLOW SYMLINKS
You can put these directives inside /etc/nginx/nginx.conf OR inside of individual location/server tags. [In NGinX.Conf it would go inside the http { } portion]
disable_symlinks off; ##Allow following Symlinks
autoindex on; ##Needed if Index.html doesn't point to files
Enable Apache (Some sites can't proxy port 80, causes redirects, but you can enable Apache default-ssl with invalid certs and just keep the "good" SSL Config on NGinX, the encryption will still be viewed as SSL Confirmed to end user)
sudo a2ensite default-ssl && sudo a2enmod ssl && sudo service apache2 restart
Usefull Reads:
https://help.ubuntu.com/community/Nginx/ReverseProxy
https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/789/37/certificate-installation-nginx
http://nginx.org/en/docs/http/ngx_http_upstream_module.html#variables
https://www.digitalocean.com/community/tutorials/understanding-nginx-http-proxying-load-balancing-buffering-and-caching
http://nginx.org/en/docs/http/websocket.html
http://stackoverflow.com/questions/12102110/nginx-to-reverse-proxy-websockets-and-enable-ssl-wss
http://pankajmalhotra.com/Websockets-SSL-TLS-Termination-Using-NGINX-Proxy/
https://spin.atomicobject.com/2012/02/28/load-balancing-and-reverse-proxying-with-nginx/
https://www.nginx.com/resources/admin-guide/load-balancer/