Nginx
Tags: nginx
commands
apt-get install nginx
nginx -v
systemctl status nginx
systemctl start nginx
systemctl stop nginx
systemctl reload nginx
systemctl status nginx mysqld php7.2-fpm | grep -E "(Loaded|Active)"
nginx -t # check without reloading the service
nginx -T # check and print all configuration files to screen
service nginx restart
Configuration structure
/etc/nginx
├── conf.d
├── fastcgi.conf
├── fastcgi_params
├── koi-utf
├── koi-win
├── mime.types
├── modules-available
├── modules-enabled
│ ├── 50-mod-http-geoip.conf -> /usr/share/nginx/modules-available/mod-http-geoip.conf
│ ├── 50-mod-http-image-filter.conf -> /usr/share/nginx/modules-available/mod-http-image-filter.conf
│ ├── 50-mod-http-xslt-filter.conf -> /usr/share/nginx/modules-available/mod-http-xslt-filter.conf
│ ├── 50-mod-mail.conf -> /usr/share/nginx/modules-available/mod-mail.conf
│ └── 50-mod-stream.conf -> /usr/share/nginx/modules-available/mod-stream.conf
├── nginx.conf
├── proxy_params
├── scgi_params
├── sites-available
│ └── default
├── sites-enabled
│ └── default -> /etc/nginx/sites-available/default
├── snippets
│ ├── fastcgi-php.conf
│ └── snakeoil.conf
├── uwsgi_params
└── win-utf
log directory
/var/log/nginx
├── access.log
└── error.log
site directory
/var/www
└── html
└── index.nginx-debian.html
location configuration example
# show files in a folder as list
location /images {
autoindex on;
}
# error page setting
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
location = /404.html {
internal;
}
# produce a fake 500 error
location = /500 {
fastcgi_pass unix:/this/will/fail;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
internal;
}
# restrict access to certain page
location = /appointments {
allow 192.168.0.0/24;
allow 10.0.0.0/8;
deny all;
}
redirect http to https
server {
listen 80 default_server;
# $server_addr could be domain or public ip
return 301 https://$server_addr$request_uri;
}
server {
# SSL configuration
listen 443 ssl default_server;
ssl_certificate /etc/ssl/certs/nginx.crt;
ssl_certificate_key /etc/ssl/private/nginx.key;
verify open ports
sudo lsof -P -n -i :80 -i :443 | grep LISTEN
netstate -plan | grep nginx
Configure nginx as reverse proxy
# file at /ect/nginx/conf.d/upstream.conf
upstream app_server_7001 {
server 127.0.0.1:7001;
}
upstream roundrobin {
# default is round robin
server 127.0.0.1:7001;
server 127.0.0.1:7002;
server 127.0.0.1:7003;
}
upstream leastconn {
# The server with the fewest connections will get traffic
least_conn;
server 127.0.0.1:7001;
server 127.0.0.1:7002;
server 127.0.0.1:7003;
}
upstream iphash {
# Connections will stick to the same server
ip_hash;
server 127.0.0.1:7001;
server 127.0.0.1:7002;
server 127.0.0.1:7003;
}
upstream weighted {
# More connections will be sent to the weighted server
server 127.0.0.1:7001 weight=2;
server 127.0.0.1:7002;
server 127.0.0.1:7003;
}
server {
listen 80;
location /proxy {
# Trailing slash is key!
proxy_pass http://app_server_7001/;
}
location /roundrobin {
proxy_pass http://roundrobin/;
}
location /leastconn {
proxy_pass http://leastconn/;
}
location /iphash {
proxy_pass http://iphash/;
}
location /weighted {
proxy_pass http://weighted/;
}
}
https://www.nginx.com/resources/wiki/start/
https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
http://nginx.org/en/docs/http/request_processing.html
http://nginx.org/en/docs/http/ngx_http_core_module.html#location
http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html
http://nginx.org/en/docs/http/ngx_http_auth_jwt_module.html
http://nginx.org/en/docs/http/ngx_http_upstream_module.html
http://nginx.org/en/docs/http/ngx_http_proxy_module.html
http://nginx.org/en/docs/http/load_balancing.html
https://en.wikipedia.org/wiki/Unix_domain_socket
find /some/dir/ -type f -exec chmod 644 {} \;
find /some/dir/ -type d -exec chmod 644 {} \;
Read more: