Nginx config file: Difference between revisions

From Hackers & Designers
(Init)
(Change Category)
 
(2 intermediate revisions by the same user not shown)
Line 3: Line 3:
* static content
* static content
* dynamic content served through a proxy reverse port
* dynamic content served through a proxy reverse port
=== Workflow ===
* create a new folder under <code>/var/www</code> and put your website code in there
* create a new file under <code>/etc/nginx/sites-available</code> and name it after the website name (or something meaningful), then copy one of the two config setup below as a starting point and customize it based on the needs of your website
* create a symlink to <code>/etc/nginx/sites-enabled</code> by doing:<syntaxhighlight lang="bash">
sudo ln -s /etc/nginx/sites-available/<new-website-config> /etc/nginx/sites-enabled/<new-website-config>
</syntaxhighlight>
* check if there's any nginx config problem with <code>sudo nginx -t</code>
At this point you should have a basic setup working. Except we did not create a secure connection certificate for your website. So far we've been relying on the <code>certbot</code> program, which comes by using [https://letsencrypt.org Let's Encrypt]. So run the following commands:
* <code>sudo certbot</code>, and you should get a list of all available domain names coming from the nginx config files — including the one you just created
* find the domain name of your new website and type its number
* usually we tell Certbot to force redirect any HTTP connection to HTTPS, you can decide this on a per-basis project in case it's not a good idea
* Certbot will update your website nginx config file with some more settings for using HTTPS
* test the website by visiting it!


=== Static Content ===
=== Static Content ===
Line 96: Line 113:
gzip_disable "MSIE [1-6]\.";
gzip_disable "MSIE [1-6]\.";
</syntaxhighlight>
</syntaxhighlight>
[[Category:Infrastructure]]

Latest revision as of 15:01, 2 March 2023

We use Nginx as HTTP and proxy server. Though each new website might have its own needs, two general pattern are:

  • static content
  • dynamic content served through a proxy reverse port

Workflow

  • create a new folder under /var/www and put your website code in there
  • create a new file under /etc/nginx/sites-available and name it after the website name (or something meaningful), then copy one of the two config setup below as a starting point and customize it based on the needs of your website
  • create a symlink to /etc/nginx/sites-enabled by doing:
    sudo ln -s /etc/nginx/sites-available/<new-website-config> /etc/nginx/sites-enabled/<new-website-config>
    
  • check if there's any nginx config problem with sudo nginx -t

At this point you should have a basic setup working. Except we did not create a secure connection certificate for your website. So far we've been relying on the certbot program, which comes by using Let's Encrypt. So run the following commands:

  • sudo certbot, and you should get a list of all available domain names coming from the nginx config files — including the one you just created
  • find the domain name of your new website and type its number
  • usually we tell Certbot to force redirect any HTTP connection to HTTPS, you can decide this on a per-basis project in case it's not a good idea
  • Certbot will update your website nginx config file with some more settings for using HTTPS
  • test the website by visiting it!

Static Content

server {

  root /var/www/<website-dir>;
  index index.html;
  
  server_name <website-url>;
  error_page  404  /<custom-404>.html;
  
  location / {
    try_files $uri $uri/ =404;
  }
  
  // add route to specific subpage
  location /<subpage> {
  	try_files $uri $uri/ =404;
  }
  
  // display page as list of files
  location /<files-share> {
  	try_files $uri $uri/ =404;
  	autoindex on;
  }

}

Dynamic Content served through a Proxy Reverse port

server {
	server_name <website>.com ;

	root /var/www/<website>;
	access_log /var/log/nginx/<website>.access.log;
	error_log /var/log/nginx/<website>.error.log;

  location / {
    proxy_pass         http://127.0.0.1:<port>;
    proxy_http_version 1.1;

    // example of proxy-headers for a Python application
    proxy_set_header   Host $http_host;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto $scheme;
    proxy_set_header   Upgrade $http_upgrade;
    proxy_redirect off;
    proxy_buffering off;

    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-Host $server_name;
  }

  // example of resource caching
  location ~* \.(js|css|png|jpg|jpeg|gif|svg|ico|woff|woff2|ttf)$ {
    expires max;
    add_header Cache-Control "public, no-transform";
  }

}

Nginx config settings

Some common settings to add in /etc/nginx/nginx.conf to help speed up the server and add support for several resource types:

gzip on;
gzip_proxied expired no-cache no-store private auth;
gzip_min_length 500;
gzip_vary on;
gzip_buffers 4 32k;
gzip_types
  application/atom+xml
  application/geo+json
  application/javascript
  application/x-javascript
  application/json
  application/ld+json
  application/manifest+json
  application/rdf+xml
  application/rss+xml
  application/xhtml+xml
  application/xml
  font/eot
  font/otf
  font/ttf
  image/svg+xml
  text/css
  text/javascript
  text/js
  text/plain
  text/xml;
gzip_disable "MSIE [1-6]\.";