Changes

From SME Server
Jump to navigationJump to search

Nginx (view source)

Revision as of 01:45, 12 December 2018

2,705 bytes added ,  01:45, 12 December 2018
no edit summary
Line 16: Line 16:  
==Configure==
 
==Configure==
   −
link in rc7.d
+
Create a link in rc7.d This enables nginx to start on boot.
   −
This enables nginx to start on boot.
+
ln -s /etc/rc.d/init.d/nginx /etc/rc.d/rc7.d/S87nginx
    
Create /var/log/nginx and set permissions if required
 
Create /var/log/nginx and set permissions if required
Line 24: Line 24:  
  mkdir -p /var/log/nginx
 
  mkdir -p /var/log/nginx
    +
{{Warning box| The following may NOT be best practice and may need another approach, but works for testing}}
 +
 +
Adding this MAY open your server up to compromise. You have been warned.
 +
 +
Add user to group so nginx can access files/directories
 +
 +
usermod -a -G shared nginx
    
===Configs===
 
===Configs===
Line 49: Line 56:     
  signal-event remoteaccess-update
 
  signal-event remoteaccess-update
 +
 +
Now engine if correctly configured in the conf files will listen on 4483
 +
 +
Alternatively we can set apache to private so it only listens to local/internal connectins ,and nginx to external ones.
 +
 +
config setprop httpd-e-smith access private
 +
 +
config setprop nginx TCPPort 443
 +
 +
signal-event remoteaccess-update
 +
 +
Or if you want port 80 as well
 +
 +
config setprop nginx TCPPorts 80,443
 +
 +
signal-event remoteaccess-update
 +
 +
 +
===Sample configurations===
 +
 +
These are JUST samples. You will need to work out your own.
 +
 +
 +
default.conf
 +
 +
  server {
 +
  # Listen on 80
 +
    listen              your.external.ip.address:80;
 +
  # Disable IPv6
 +
  #  listen              [::]:80;
 +
    server_name        domain.com host.domain.com;
 +
  # Passthru letsencrypt
 +
    location '/.well-known/acme-challenge' {
 +
    default_type "text/plain";
 +
      #root        /tmp/letsencrypt-auto;
 +
      root        /home/e-smith/files/ibays/Primary/html;
 +
    }
 +
 
 +
  # Upgrade everything else to https
 +
    location / {
 +
      return              301 https://$server_name$request_uri;
 +
    }
 +
  }
 +
 +
 +
 +
This is my rocket chat reverse proxy with websockets as an example:
 +
 +
  # Upstreams
 +
  upstream backend {
 +
      server 127.0.0.1:3000;
 +
  }
 +
 
 +
  # HTTPS Server
 +
  server {
 +
      listen your.external.ip.address:443;
 +
      server_name domain.com host.domain.com;
 +
 
 +
      # You can increase the limit if your need to.
 +
      client_max_body_size 200M;
 +
 
 +
      error_log /var/log/nginx/rocketchat.access.log;
 +
 
 +
      ssl on;
 +
      #ssl_certificate /etc/nginx/certificate.crt;
 +
      #ssl_certificate_key /etc/nginx/certificate.key;
 +
      ssl_certificate /etc/dehydrated/certs/reetspetit.info/fullchain.pem;
 +
      ssl_certificate_key /etc/dehydrated/certs/reetspetit.info/privkey.pem;
 +
     
 +
      ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don’t use SSLv3 ref: POODLE
 +
 
 +
      location / {
 +
          proxy_pass http://backend/;
 +
          proxy_http_version 1.1;
 +
          proxy_set_header Upgrade $http_upgrade;
 +
          proxy_set_header Connection "upgrade";
 +
          proxy_set_header Host $http_host;
 +
 
 +
          proxy_set_header X-Real-IP $remote_addr;
 +
          proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
 +
          proxy_set_header X-Forward-Proto http;
 +
          proxy_set_header X-Nginx-Proxy true;
 +
 
 +
          proxy_redirect off;
 +
      }
 +
  }
    
==Start==
 
==Start==
    
  /etc/rc.d/init.d/nginx start
 
  /etc/rc.d/init.d/nginx start
 +
 +
/etc/rc.d/init.d/nginx stop
 +
 +
/etc/rc.d/init.d/nginx restart
Retrieved from "https://wiki.koozali.org/Special:MobileDiff/37750...37757"

Navigation menu