Nginx config file: Difference between revisions
(Created page with "{{Article |MainNavigation=No }}") |
(Change Category) |
||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{ | We use Nginx as HTTP and proxy server. Though each new website might have its own needs, two general pattern are: | ||
| | |||
}} | * static content | ||
* dynamic content served through a proxy reverse port | |||
=== Workflow === | |||
* create a new folder under <code>/var/www</code> and put your website code in there | |||
* create a new file under <code>/etc/nginx/sites-available</code> and name it after the website name (or something meaningful), then copy one of the two config setup below as a starting point and customize it based on the needs of your website | |||
* create a symlink to <code>/etc/nginx/sites-enabled</code> by doing:<syntaxhighlight lang="bash"> | |||
sudo ln -s /etc/nginx/sites-available/<new-website-config> /etc/nginx/sites-enabled/<new-website-config> | |||
</syntaxhighlight> | |||
* check if there's any nginx config problem with <code>sudo nginx -t</code> | |||
At this point you should have a basic setup working. Except we did not create a secure connection certificate for your website. So far we've been relying on the <code>certbot</code> program, which comes by using [https://letsencrypt.org Let's Encrypt]. So run the following commands: | |||
* <code>sudo certbot</code>, and you should get a list of all available domain names coming from the nginx config files — including the one you just created | |||
* find the domain name of your new website and type its number | |||
* usually we tell Certbot to force redirect any HTTP connection to HTTPS, you can decide this on a per-basis project in case it's not a good idea | |||
* Certbot will update your website nginx config file with some more settings for using HTTPS | |||
* test the website by visiting it! | |||
=== Static Content === | |||
<syntaxhighlight lang="nginx"> | |||
server { | |||
root /var/www/<website-dir>; | |||
index index.html; | |||
server_name <website-url>; | |||
error_page 404 /<custom-404>.html; | |||
location / { | |||
try_files $uri $uri/ =404; | |||
} | |||
// add route to specific subpage | |||
location /<subpage> { | |||
try_files $uri $uri/ =404; | |||
} | |||
// display page as list of files | |||
location /<files-share> { | |||
try_files $uri $uri/ =404; | |||
autoindex on; | |||
} | |||
} | |||
</syntaxhighlight> | |||
=== Dynamic Content served through a Proxy Reverse port === | |||
<syntaxhighlight lang="nginx"> | |||
server { | |||
server_name <website>.com ; | |||
root /var/www/<website>; | |||
access_log /var/log/nginx/<website>.access.log; | |||
error_log /var/log/nginx/<website>.error.log; | |||
location / { | |||
proxy_pass http://127.0.0.1:<port>; | |||
proxy_http_version 1.1; | |||
// example of proxy-headers for a Python application | |||
proxy_set_header Host $http_host; | |||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |||
proxy_set_header X-Forwarded-Proto $scheme; | |||
proxy_set_header Upgrade $http_upgrade; | |||
proxy_redirect off; | |||
proxy_buffering off; | |||
proxy_set_header X-Real-IP $remote_addr; | |||
proxy_set_header X-Forwarded-Host $server_name; | |||
} | |||
// example of resource caching | |||
location ~* \.(js|css|png|jpg|jpeg|gif|svg|ico|woff|woff2|ttf)$ { | |||
expires max; | |||
add_header Cache-Control "public, no-transform"; | |||
} | |||
} | |||
</syntaxhighlight> | |||
=== Nginx config settings === | |||
Some common settings to add in <code>/etc/nginx/nginx.conf</code> to help speed up the server and add support for several resource types:<syntaxhighlight lang="nginx"> | |||
gzip on; | |||
gzip_proxied expired no-cache no-store private auth; | |||
gzip_min_length 500; | |||
gzip_vary on; | |||
gzip_buffers 4 32k; | |||
gzip_types | |||
application/atom+xml | |||
application/geo+json | |||
application/javascript | |||
application/x-javascript | |||
application/json | |||
application/ld+json | |||
application/manifest+json | |||
application/rdf+xml | |||
application/rss+xml | |||
application/xhtml+xml | |||
application/xml | |||
font/eot | |||
font/otf | |||
font/ttf | |||
image/svg+xml | |||
text/css | |||
text/javascript | |||
text/js | |||
text/plain | |||
text/xml; | |||
gzip_disable "MSIE [1-6]\."; | |||
</syntaxhighlight> | |||
[[Category:Infrastructure]] | |||
Latest revision as of 15:01, 2 March 2023
We use Nginx as HTTP and proxy server. Though each new website might have its own needs, two general pattern are:
- static content
- dynamic content served through a proxy reverse port
Workflow
- create a new folder under
/var/wwwand put your website code in there - create a new file under
/etc/nginx/sites-availableand name it after the website name (or something meaningful), then copy one of the two config setup below as a starting point and customize it based on the needs of your website - create a symlink to
/etc/nginx/sites-enabledby doing:sudo ln -s /etc/nginx/sites-available/<new-website-config> /etc/nginx/sites-enabled/<new-website-config>
- check if there's any nginx config problem with
sudo nginx -t
At this point you should have a basic setup working. Except we did not create a secure connection certificate for your website. So far we've been relying on the certbot program, which comes by using Let's Encrypt. So run the following commands:
sudo certbot, and you should get a list of all available domain names coming from the nginx config files — including the one you just created- find the domain name of your new website and type its number
- usually we tell Certbot to force redirect any HTTP connection to HTTPS, you can decide this on a per-basis project in case it's not a good idea
- Certbot will update your website nginx config file with some more settings for using HTTPS
- test the website by visiting it!
Static Content
server {
root /var/www/<website-dir>;
index index.html;
server_name <website-url>;
error_page 404 /<custom-404>.html;
location / {
try_files $uri $uri/ =404;
}
// add route to specific subpage
location /<subpage> {
try_files $uri $uri/ =404;
}
// display page as list of files
location /<files-share> {
try_files $uri $uri/ =404;
autoindex on;
}
}
Dynamic Content served through a Proxy Reverse port
server {
server_name <website>.com ;
root /var/www/<website>;
access_log /var/log/nginx/<website>.access.log;
error_log /var/log/nginx/<website>.error.log;
location / {
proxy_pass http://127.0.0.1:<port>;
proxy_http_version 1.1;
// example of proxy-headers for a Python application
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_redirect off;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
}
// example of resource caching
location ~* \.(js|css|png|jpg|jpeg|gif|svg|ico|woff|woff2|ttf)$ {
expires max;
add_header Cache-Control "public, no-transform";
}
}
Nginx config settings
Some common settings to add in /etc/nginx/nginx.conf to help speed up the server and add support for several resource types:
gzip on;
gzip_proxied expired no-cache no-store private auth;
gzip_min_length 500;
gzip_vary on;
gzip_buffers 4 32k;
gzip_types
application/atom+xml
application/geo+json
application/javascript
application/x-javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/xhtml+xml
application/xml
font/eot
font/otf
font/ttf
image/svg+xml
text/css
text/javascript
text/js
text/plain
text/xml;
gzip_disable "MSIE [1-6]\.";