Nginx
Table of Contents
What is it?
- Web server and reverse proxy
Directory hierarchy
By the Filesystem Hierarchy Standard, you want your web content
to exist in either /var/www/, /srv, /usr/share/www.
nginx.conf
- Main control point
- This file reads in all other config files and combines them into a monolithic config file when server starts
Here is an example of a basic nginx.conf.
user nginx; # <= specifies the user to run the process under worker_processes 1; # <= number of internal processes error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; # this directive/section specifies how Ngin handles connections events { worker_connections 1024; } # http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; # <= added by me, as it's just convention }
sites-available & sites-enabled
- Convention which carries over from Apache
- Used to define configurations different websites being served
- Create files in
sites-availableand symbolically link tosites-enabled
conf.d
- Every file in this dir ending in
.confis read when Nginx is started
Configuration
- Managed in "blocks"
- blocks are layered
enclosed blocks inherits from
the block the are located in
Server
- Same as Apache's virtual hosts
- Specification for individual web sites that the server can host
Pitfalls and Common Mistakes
Check this url out. Especially the following sections:
- Root inside Location Block
- Missing (dissapearing) HTTP headers
How-to
Create serve simple website
- We put the
staticfiles in the dir/var/www/octochain.com/. Create the
nginxconfig file in the dir/etc/nginx/sites-available/. A very basic such config file:server { listen 80; server_name localhost; # <= ip to listen to root /var/www/octochain.com/; # <= folder to serve files from index index.html index.htm; # <= index.html, if doesn't exists try index.html location / { try_files $uri $uri/ /index.html; } }
- Create a symlink to
sites-availableand put it in thesites-enabledfolder under/etc/nginx/ - Restart
nginx(normally bysudo service nginx restart)
Website with forced HTTPS
server { listen 80 default_server; listen [::]:80 default_server; server_name www.octochain.com octochain.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name octochain.com www.octochain.com; ssl_certificate /etc/letsencrypt/live/www.octochain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.octochain.com/privkey.pem; root /var/www/octochain.com/; index index.html index.htm; location / { try_files $uri $uri/ /index.html; } }
Proxy with forced HTTPS
server { listen 80 default_server; listen [::]:80 default_server; server_name www.octochain.com octochain.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name octochain.com www.octochain.com; ssl_certificate /etc/letsencrypt/live/www.octochain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.octochain.com/privkey.pem; root /var/www/octochain.com/; # index index.html index.htm; location / { # try_files $uri $uri/ /index.html; proxy_pass http://localhost:8081; proxy_read_timeout 90; proxy_redirect http://localhost:8081 https://$server_name$request_uri; } }
Appendix A: Words yo
- reverse proxy
- proxy which retrieves resources on behalf of a client from one or more servers