From SME Server
Jump to navigationJump to search

nginx logo

http server

Tags http serverproxyreverse proxy


Jean-Philippe Pialasse


Contrib 10:
The latest version of smeserver-nginx is available in the SME repository, click on the version number(s) for more information.


Nginx, stylized as NGIИX, is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache. The software was created by Igor Sysoev and publicly released in 2004. Nginx is free and open-source software, released under the terms of the 2-clause BSD license. The Koozali SME Server implementation is meant to be run behind the original httpd apache server using reverse proxy for your needs. It might be possible to reverse the order, but was not designed this way originally.


yum --enablerepo=smecontribs install smeserver-nginx


you can list the available configuration with the following command :

config show nginx

Some of the properties are not shown, but are defaulted in a template or a script. Here a more comprehensive list with default and expected values :

property default values
access local local,private, public
status enabled enabled,disabled

Internal Configuration

Default templating makes nginx use the content of /etc/nginx/conf.d/*.conf to define server content. You can put your appropriate config files tgere


yum remove smeserver-nginx  nginx


Please raise bugs under the SME-Contribs section in bugzilla

and select the smeserver-nginx component or use this link

Below is an overview of the current issues for this contrib:

No open bugs found.


Only released version in smecontrib are listed here.

smeserver-nginx Changelog: SME 10 (smecontribs)
2023/08/14 Jean-Philippe Pialasse 0.0.5-3.sme
- remove nginx restart from post-upgrade [SME: 12397]
2022/06/23 Jean-Philippe Pialasse 0.0.5-2.sme
- fix fragment order
2022/06/23 Jean-Philippe Pialasse 0.0.5-1.sme
- Initial import to Koozali SME 10
2018/03/09 Markus Neuberger - 0.0.1-1
- First release

Previous manual instruction left there

Warning.png Warning:
Work in progress. Do NOT try this on a production server

It is possible to install nginx on SME. However, careful consideration must be given to the existing apache installation.

Warning.png Warning:
Before starting nginx you MUST decide what port to run it on and configure it accordingly

This is how to install on a specific port to avoid apache.

In this example we will use port 4483


yum --enablerepo=epel install nginx


Create a link in rc7.d This enables nginx to start on boot.

ln -s /etc/rc.d/init.d/nginx /etc/rc.d/rc7.d/S87nginx

Create /var/log/nginx and set permissions if required

mkdir -p /var/log/nginx

Warning.png Warning:
The following may NOT be best practice and may need another approach, but works for testing

Adding this MAY open your server up to compromise. You have been warned.

Add user to group so nginx can access files/directories

usermod -a -G shared nginx
Important.png Note:
rename existing configs to config_con_ or move them completely to avoid issues


cp /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.con_

Now add your own configuration



Check the port. You can use dehydrated/letsencrypt certificates


Open a port on your firewall

config set nginx service TCPPort 4483 status enabled access public
signal-event remoteaccess-update

Now engine if correctly configured in the conf files will listen on 4483

Alternatively we can set apache to private so it only listens to local/internal connectins ,and nginx to external ones.

config setprop httpd-e-smith access private
config setprop nginx TCPPort 443
signal-event remoteaccess-update

Or if you want port 80 as well

config setprop nginx TCPPorts 80,443
signal-event remoteaccess-update

Sample configurations

These are JUST samples. You will need to work out your own.


 server {
 # Listen on 80
   listen              your.external.ip.address:80;
 # Disable IPv6
 #  listen              [::]:80;
 # Passthru letsencrypt
   location '/.well-known/acme-challenge' {
   default_type "text/plain";
     #root        /tmp/letsencrypt-auto;
     root        /home/e-smith/files/ibays/Primary/html;
 # Upgrade everything else to https
   location / {
     return              301 https://$server_name$request_uri;

This is my rocket chat reverse proxy with websockets as an example:

 # Upstreams
 upstream backend {
 # HTTPS Server
 server {
     listen your.external.ip.address:443;
     # You can increase the limit if your need to.
     client_max_body_size 200M;
     error_log /var/log/nginx/rocketchat.access.log;
     ssl on;
     #ssl_certificate /etc/nginx/certificate.crt;
     #ssl_certificate_key /etc/nginx/certificate.key;
     ssl_certificate /etc/dehydrated/certs/;
     ssl_certificate_key /etc/dehydrated/certs/;
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
     location / {
         proxy_pass http://backend/;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
         proxy_set_header Host $http_host;
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forward-Proto http;
         proxy_set_header X-Nginx-Proxy true;
         proxy_redirect off;