Nginx
It is possible to install nginx on SME. However, careful consideration must be given to the existing apache installation.
This is how to install on a specific port to avoid apache.
In this example we will use port 4483
Install
yum --enablerepo=epel install nginx
Configure
Create a link in rc7.d This enables nginx to start on boot.
ln -s /etc/rc.d/init.d/nginx /etc/rc.d/rc7.d/S87nginx
Create /var/log/nginx and set permissions if required
mkdir -p /var/log/nginx
Adding this MAY open your server up to compromise. You have been warned.
Add user to group so nginx can access files/directories
usermod -a -G shared nginx
Configs
e.g.
cp /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.con_
Now add your own configuration
e.g.
/etc/nginx/conf.d/myconf.conf
Check the port. You can use dehydrated/letsencrypt certificates
Ports
Open a port on your firewall
config set nginx service TCPPort 4483 status enabled access public
signal-event remoteaccess-update
Now engine if correctly configured in the conf files will listen on 4483
Alternatively we can set apache to private so it only listens to local/internal connectins ,and nginx to external ones.
config setprop httpd-e-smith access private
config setprop nginx TCPPort 443
signal-event remoteaccess-update
Or if you want port 80 as well
config setprop nginx TCPPorts 80,443
signal-event remoteaccess-update
Sample configurations
These are JUST samples. You will need to work out your own.
default.conf
server { # Listen on 80 listen your.external.ip.address:80; # Disable IPv6 # listen [::]:80; server_name domain.com host.domain.com; # Passthru letsencrypt location '/.well-known/acme-challenge' { default_type "text/plain"; #root /tmp/letsencrypt-auto; root /home/e-smith/files/ibays/Primary/html; } # Upgrade everything else to https location / { return 301 https://$server_name$request_uri; } }
This is my rocket chat reverse proxy with websockets as an example:
# Upstreams upstream backend { server 127.0.0.1:3000; } # HTTPS Server server { listen your.external.ip.address:443; server_name domain.com host.domain.com; # You can increase the limit if your need to. client_max_body_size 200M; error_log /var/log/nginx/rocketchat.access.log; ssl on; #ssl_certificate /etc/nginx/certificate.crt; #ssl_certificate_key /etc/nginx/certificate.key; ssl_certificate /etc/dehydrated/certs/reetspetit.info/fullchain.pem; ssl_certificate_key /etc/dehydrated/certs/reetspetit.info/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE location / { proxy_pass http://backend/; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; proxy_set_header X-Forward-Proto http; proxy_set_header X-Nginx-Proxy true; proxy_redirect off; } }
Start
/etc/rc.d/init.d/nginx start
/etc/rc.d/init.d/nginx stop
/etc/rc.d/init.d/nginx restart