Nginx config file: Difference between revisions
(Add workflow section) |
(add category) |
||
Line 113: | Line 113: | ||
gzip_disable "MSIE [1-6]\."; | gzip_disable "MSIE [1-6]\."; | ||
</syntaxhighlight> | </syntaxhighlight> | ||
[[Category:Maintenance]] |
Revision as of 10:52, 2 March 2023
We use Nginx as HTTP and proxy server. Though each new website might have its own needs, two general pattern are:
- static content
- dynamic content served through a proxy reverse port
Workflow
- create a new folder under
/var/www
and put your website code in there - create a new file under
/etc/nginx/sites-available
and name it after the website name (or something meaningful), then copy one of the two config setup below as a starting point and customize it based on the needs of your website - create a symlink to
/etc/nginx/sites-enabled
by doing:sudo ln -s /etc/nginx/sites-available/<new-website-config> /etc/nginx/sites-enabled/<new-website-config>
- check if there's any nginx config problem with
sudo nginx -t
At this point you should have a basic setup working. Except we did not create a secure connection certificate for your website. So far we've been relying on the certbot
program, which comes by using Let's Encrypt. So run the following commands:
sudo certbot
, and you should get a list of all available domain names coming from the nginx config files — including the one you just created- find the domain name of your new website and type its number
- usually we tell Certbot to force redirect any HTTP connection to HTTPS, you can decide this on a per-basis project in case it's not a good idea
- Certbot will update your website nginx config file with some more settings for using HTTPS
- test the website by visiting it!
Static Content
server {
root /var/www/<website-dir>;
index index.html;
server_name <website-url>;
error_page 404 /<custom-404>.html;
location / {
try_files $uri $uri/ =404;
}
// add route to specific subpage
location /<subpage> {
try_files $uri $uri/ =404;
}
// display page as list of files
location /<files-share> {
try_files $uri $uri/ =404;
autoindex on;
}
}
Dynamic Content served through a Proxy Reverse port
server {
server_name <website>.com ;
root /var/www/<website>;
access_log /var/log/nginx/<website>.access.log;
error_log /var/log/nginx/<website>.error.log;
location / {
proxy_pass http://127.0.0.1:<port>;
proxy_http_version 1.1;
// example of proxy-headers for a Python application
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_redirect off;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
}
// example of resource caching
location ~* \.(js|css|png|jpg|jpeg|gif|svg|ico|woff|woff2|ttf)$ {
expires max;
add_header Cache-Control "public, no-transform";
}
}
Nginx config settings
Some common settings to add in /etc/nginx/nginx.conf
to help speed up the server and add support for several resource types:
gzip on;
gzip_proxied expired no-cache no-store private auth;
gzip_min_length 500;
gzip_vary on;
gzip_buffers 4 32k;
gzip_types
application/atom+xml
application/geo+json
application/javascript
application/x-javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/xhtml+xml
application/xml
font/eot
font/otf
font/ttf
image/svg+xml
text/css
text/javascript
text/js
text/plain
text/xml;
gzip_disable "MSIE [1-6]\.";