Nginx config file

From Hackers & Designers
Revision as of 11:52, 2 March 2023 by Fincato (talk | contribs) (add category)

We use Nginx as HTTP and proxy server. Though each new website might have its own needs, two general pattern are:

  • static content
  • dynamic content served through a proxy reverse port

Workflow

  • create a new folder under /var/www and put your website code in there
  • create a new file under /etc/nginx/sites-available and name it after the website name (or something meaningful), then copy one of the two config setup below as a starting point and customize it based on the needs of your website
  • create a symlink to /etc/nginx/sites-enabled by doing:
    sudo ln -s /etc/nginx/sites-available/<new-website-config> /etc/nginx/sites-enabled/<new-website-config>
  • check if there's any nginx config problem with sudo nginx -t

At this point you should have a basic setup working. Except we did not create a secure connection certificate for your website. So far we've been relying on the certbot program, which comes by using Let's Encrypt. So run the following commands:

  • sudo certbot, and you should get a list of all available domain names coming from the nginx config files — including the one you just created
  • find the domain name of your new website and type its number
  • usually we tell Certbot to force redirect any HTTP connection to HTTPS, you can decide this on a per-basis project in case it's not a good idea
  • Certbot will update your website nginx config file with some more settings for using HTTPS
  • test the website by visiting it!

Static Content

server {

  root /var/www/<website-dir>;
  index index.html;
  
  server_name <website-url>;
  error_page  404  /<custom-404>.html;
  
  location / {
    try_files $uri $uri/ =404;
  }
  
  // add route to specific subpage
  location /<subpage> {
  	try_files $uri $uri/ =404;
  }
  
  // display page as list of files
  location /<files-share> {
  	try_files $uri $uri/ =404;
  	autoindex on;
  }

}

Dynamic Content served through a Proxy Reverse port

server {
	server_name <website>.com ;

	root /var/www/<website>;
	access_log /var/log/nginx/<website>.access.log;
	error_log /var/log/nginx/<website>.error.log;

  location / {
    proxy_pass         http://127.0.0.1:<port>;
    proxy_http_version 1.1;

    // example of proxy-headers for a Python application
    proxy_set_header   Host $http_host;
    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header   X-Forwarded-Proto $scheme;
    proxy_set_header   Upgrade $http_upgrade;
    proxy_redirect off;
    proxy_buffering off;

    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   X-Forwarded-Host $server_name;
  }

  // example of resource caching
  location ~* \.(js|css|png|jpg|jpeg|gif|svg|ico|woff|woff2|ttf)$ {
    expires max;
    add_header Cache-Control "public, no-transform";
  }

}

Nginx config settings

Some common settings to add in /etc/nginx/nginx.conf to help speed up the server and add support for several resource types:

gzip on;
gzip_proxied expired no-cache no-store private auth;
gzip_min_length 500;
gzip_vary on;
gzip_buffers 4 32k;
gzip_types
  application/atom+xml
  application/geo+json
  application/javascript
  application/x-javascript
  application/json
  application/ld+json
  application/manifest+json
  application/rdf+xml
  application/rss+xml
  application/xhtml+xml
  application/xml
  font/eot
  font/otf
  font/ttf
  image/svg+xml
  text/css
  text/javascript
  text/js
  text/plain
  text/xml;
gzip_disable "MSIE [1-6]\.";
Retrieved from "https://wiki.hackersanddesigners.nl//index.php?title=Nginx_config_file&oldid=28591"