Nginx config file: Difference between revisions
(Init) |
(Add workflow section) |
||
Line 3: | Line 3: | ||
* static content | * static content | ||
* dynamic content served through a proxy reverse port | * dynamic content served through a proxy reverse port | ||
=== Workflow === | |||
* create a new folder under <code>/var/www</code> and put your website code in there | |||
* create a new file under <code>/etc/nginx/sites-available</code> and name it after the website name (or something meaningful), then copy one of the two config setup below as a starting point and customize it based on the needs of your website | |||
* create a symlink to <code>/etc/nginx/sites-enabled</code> by doing:<syntaxhighlight lang="bash"> | |||
sudo ln -s /etc/nginx/sites-available/<new-website-config> /etc/nginx/sites-enabled/<new-website-config> | |||
</syntaxhighlight> | |||
* check if there's any nginx config problem with <code>sudo nginx -t</code> | |||
At this point you should have a basic setup working. Except we did not create a secure connection certificate for your website. So far we've been relying on the <code>certbot</code> program, which comes by using [https://letsencrypt.org Let's Encrypt]. So run the following commands: | |||
* <code>sudo certbot</code>, and you should get a list of all available domain names coming from the nginx config files — including the one you just created | |||
* find the domain name of your new website and type its number | |||
* usually we tell Certbot to force redirect any HTTP connection to HTTPS, you can decide this on a per-basis project in case it's not a good idea | |||
* Certbot will update your website nginx config file with some more settings for using HTTPS | |||
* test the website by visiting it! | |||
=== Static Content === | === Static Content === |
Revision as of 10:50, 2 March 2023
We use Nginx as HTTP and proxy server. Though each new website might have its own needs, two general pattern are:
- static content
- dynamic content served through a proxy reverse port
Workflow
- create a new folder under
/var/www
and put your website code in there - create a new file under
/etc/nginx/sites-available
and name it after the website name (or something meaningful), then copy one of the two config setup below as a starting point and customize it based on the needs of your website - create a symlink to
/etc/nginx/sites-enabled
by doing:sudo ln -s /etc/nginx/sites-available/<new-website-config> /etc/nginx/sites-enabled/<new-website-config>
- check if there's any nginx config problem with
sudo nginx -t
At this point you should have a basic setup working. Except we did not create a secure connection certificate for your website. So far we've been relying on the certbot
program, which comes by using Let's Encrypt. So run the following commands:
sudo certbot
, and you should get a list of all available domain names coming from the nginx config files — including the one you just created- find the domain name of your new website and type its number
- usually we tell Certbot to force redirect any HTTP connection to HTTPS, you can decide this on a per-basis project in case it's not a good idea
- Certbot will update your website nginx config file with some more settings for using HTTPS
- test the website by visiting it!
Static Content
server {
root /var/www/<website-dir>;
index index.html;
server_name <website-url>;
error_page 404 /<custom-404>.html;
location / {
try_files $uri $uri/ =404;
}
// add route to specific subpage
location /<subpage> {
try_files $uri $uri/ =404;
}
// display page as list of files
location /<files-share> {
try_files $uri $uri/ =404;
autoindex on;
}
}
Dynamic Content served through a Proxy Reverse port
server {
server_name <website>.com ;
root /var/www/<website>;
access_log /var/log/nginx/<website>.access.log;
error_log /var/log/nginx/<website>.error.log;
location / {
proxy_pass http://127.0.0.1:<port>;
proxy_http_version 1.1;
// example of proxy-headers for a Python application
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_redirect off;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
}
// example of resource caching
location ~* \.(js|css|png|jpg|jpeg|gif|svg|ico|woff|woff2|ttf)$ {
expires max;
add_header Cache-Control "public, no-transform";
}
}
Nginx config settings
Some common settings to add in /etc/nginx/nginx.conf
to help speed up the server and add support for several resource types:
gzip on;
gzip_proxied expired no-cache no-store private auth;
gzip_min_length 500;
gzip_vary on;
gzip_buffers 4 32k;
gzip_types
application/atom+xml
application/geo+json
application/javascript
application/x-javascript
application/json
application/ld+json
application/manifest+json
application/rdf+xml
application/rss+xml
application/xhtml+xml
application/xml
font/eot
font/otf
font/ttf
image/svg+xml
text/css
text/javascript
text/js
text/plain
text/xml;
gzip_disable "MSIE [1-6]\.";