Difference between revisions of "Nginx"

From SME Server
Jump to navigationJump to search
Line 64: Line 64:
 
  config setprop nginx TCPPorts 80,443
 
  config setprop nginx TCPPorts 80,443
  
signal-event remoteaccess-update
+
signal-event remoteaccess-update
  
==Start==
+
 
 +
===Start===
  
 
  /etc/rc.d/init.d/nginx start
 
  /etc/rc.d/init.d/nginx start
 +
 +
 +
===Sample configurations===
 +
 +
These are JUST samples. You will need to work out your own.
 +
 +
 +
default.conf
 +
 +
  server {
 +
  # Listen on 80
 +
    listen              your.external.ip.address:80;
 +
  # Disable IPv6
 +
  #  listen              [::]:80;
 +
    server_name        domain.com host.domain.com;
 +
  # Passthru letsencrypt
 +
    location '/.well-known/acme-challenge' {
 +
    default_type "text/plain";
 +
      #root        /tmp/letsencrypt-auto;
 +
      root        /home/e-smith/files/ibays/Primary/html;
 +
    }
 +
 
 +
  # Upgrade everything else to https
 +
    location / {
 +
      return              301 https://$server_name$request_uri;
 +
    }
 +
  }
 +
 +
 +
 +
This is my rocket chat reverse proxy with websockets as an example:
 +
 +
  # Upstreams
 +
  upstream backend {
 +
      server 127.0.0.1:3000;
 +
  }
 +
 
 +
  # HTTPS Server
 +
  server {
 +
      listen your.external.ip.address:443;
 +
      server_name domain.com host.domain.com;
 +
 
 +
      # You can increase the limit if your need to.
 +
      client_max_body_size 200M;
 +
 
 +
      error_log /var/log/nginx/rocketchat.access.log;
 +
 
 +
      ssl on;
 +
      #ssl_certificate /etc/nginx/certificate.crt;
 +
      #ssl_certificate_key /etc/nginx/certificate.key;
 +
      ssl_certificate /etc/dehydrated/certs/reetspetit.info/fullchain.pem;
 +
      ssl_certificate_key /etc/dehydrated/certs/reetspetit.info/privkey.pem;
 +
     
 +
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
 +
 
 +
      location / {
 +
          proxy_pass http://backend/;
 +
          proxy_http_version 1.1;
 +
          proxy_set_header Upgrade $http_upgrade;
 +
          proxy_set_header Connection "upgrade";
 +
          proxy_set_header Host $http_host;
 +
 
 +
          proxy_set_header X-Real-IP $remote_addr;
 +
          proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
 +
          proxy_set_header X-Forward-Proto http;
 +
          proxy_set_header X-Nginx-Proxy true;
 +
 
 +
          proxy_redirect off;
 +
      }
 +
  }

Revision as of 00:09, 12 December 2018

Warning.png Warning:
Work in progress. Do NOT try this on a production server


It is possible to install nginx on SME. However, careful consideration must be given to the existing apache installation.


Warning.png Warning:
Before starting nginx you MUST decide what port to run it on and configure it accordingly


This is how to install on a specific port to avoid apache.

In this example we will use port 4483

Install

yum --enablerepo=epel install nginx


Configure

Create a link in rc7.d This enables nginx to start on boot. 

ln -s /etc/rc.d/init.d/nginx /etc/rc.d/rc7.d/S87nginx

Create /var/log/nginx and set permissions if required 

mkdir -p /var/log/nginx


Configs

Important.png Note:
rename existing configs to config_con_ or move them completely to avoid issues


e.g. 

cp /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.con_


Now add your own configuration

e.g. 

/etc/nginx/conf.d/myconf.conf

Check the port. You can use dehydrated/letsencrypt certificates

Ports

Open a port on your firewall 

config set nginx service TCPPort 4483 status enabled access public

signal-event remoteaccess-update

Now engine if correctly configured in the conf files will listen on 4483

Alternatively we can set apache to private so it only listens to local/internal connectins ,and nginx to external ones. 

config setprop httpd-e-smith access private

config setprop nginx TCPPort 443

signal-event remoteaccess-update

Or if you want port 80 as well 

config setprop nginx TCPPorts 80,443

signal-event remoteaccess-update


Start

/etc/rc.d/init.d/nginx start


Sample configurations

These are JUST samples. You will need to work out your own.


default.conf 

 server {
 # Listen on 80
   listen              your.external.ip.address:80;
 # Disable IPv6
 #  listen              [::]:80;
   server_name         domain.com host.domain.com;
 # Passthru letsencrypt
   location '/.well-known/acme-challenge' {
   default_type "text/plain";
     #root        /tmp/letsencrypt-auto;
     root        /home/e-smith/files/ibays/Primary/html;
   }
 
 # Upgrade everything else to https
   location / {
     return              301 https://$server_name$request_uri;
   }
 }


This is my rocket chat reverse proxy with websockets as an example: 

 # Upstreams
 upstream backend {
     server 127.0.0.1:3000;
 }
 
 # HTTPS Server
 server {
     listen your.external.ip.address:443;
     server_name domain.com host.domain.com;
 
     # You can increase the limit if your need to.
     client_max_body_size 200M;
 
     error_log /var/log/nginx/rocketchat.access.log;
 
     ssl on;
     #ssl_certificate /etc/nginx/certificate.crt;
     #ssl_certificate_key /etc/nginx/certificate.key;
     ssl_certificate /etc/dehydrated/certs/reetspetit.info/fullchain.pem;
     ssl_certificate_key /etc/dehydrated/certs/reetspetit.info/privkey.pem;
     
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
 
     location / {
         proxy_pass http://backend/;
         proxy_http_version 1.1;
         proxy_set_header Upgrade $http_upgrade;
         proxy_set_header Connection "upgrade";
         proxy_set_header Host $http_host;
 
         proxy_set_header X-Real-IP $remote_addr;
         proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
         proxy_set_header X-Forward-Proto http;
         proxy_set_header X-Nginx-Proxy true;
 
         proxy_redirect off;
     }
 }
Retrieved from "https://wiki.koozali.org/index.php?title=Nginx&oldid=37755"