#Nginx Basics for Ubuntu
Please see http://wiki.nginx.org/Main for more information. See http://arstechnica.com/gadgets/2012/11/how-to-set-up-a-safe-and-secure-web-server/ for a tutorial on how to install Nginx.
##Installation To install, you can install the version which is in the standard Ubuntu repositories but it is normally quite old and will not have the latest security patches. The best way is to update the repositories first:
apt-get update
apt-get install python-software-properties
apt-get upgrade
add-apt-repository ppa:nginx/development
apt-get install nginx
To check that it is installed:
nginx -v
##Commands To start nginx (Linux)
sudo /etc/init.d/nginx start
To stop nginx (Linux)
sudo /etc/init.d/nginx stop
To reload nginx config (Linux)
sudo /etc/init.d/nginx reload
Location of sites (Linux)
/var/www/
To check to see if it is running
ps -ef | grep nginx
To edit the nginx Config File
sudo nano /etc/nginx/conf.d/default.conf
##Sample file with virtual sites
http://www.test.com
http://www.example.com
http://www.nodeapp.com
http://localhost
The hosts file can be edited at:
sudo nano /etc/hosts
server {
listen 80;
listen [::]:80;
root /var/www/test.com;
server_name www.test.com;
location / {
index index.htm index.html;
}
}
server {
listen 80;
listen [::]:80;
root /var/www/example.com;
server_name www.example.com;
location / {
index index.htm index.html;
}
}
#Passthrough to node server application
server {
listen 80;
listen [::]:80;
root /var/www/nodeapp.com;
server_name www.nodeapp.com;
location / {
#proxy_pass http://127.0.0.1:3001/api;
proxy_pass http://127.0.0.1:8443;
}
server {
listen 80 default_server;
listen [::]:80 ipv6only=on default_server;
root /var/www/html;
index index.html index.htm;
# Make site accessible by specifying the wildcard servername
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.html;
}
}
##Permissions Nginx normally runs under the www-data group. This group needs to have read access to the folder.
##IP Blacklist/Whitelist Nginx can be configured to allow access only from specific ip addresses or to block specific ip addresses. This can be useful when you just want the application to be used internally or by specific customers.
location
{
allow 192.168.1.7;
deny all;
}
##Worker Processes By default the nginx server has 1 worker process. For every code on your nginx server you can add a worker process (ie 2 cpu's 2 nginx processes)
worker_processes 2;
You can also increase the number of worker_connections from the default of 1024 if you have a higher spec server.
events {
worker_connections 2000;
}
##More Advanced Sample from nginx site
user www www;
worker_processes 2;
pid /var/run/nginx.pid;
# [ debug | info | notice | warn | error | crit ]
error_log /var/log/nginx.error_log info;
events {
worker_connections 2000;
# use [ kqueue | rtsig | epoll | /dev/poll | select | poll ] ;
use kqueue;
}
http {
include conf/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"';
log_format download '$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$http_range" "$sent_http_content_range"';
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
client_header_buffer_size 1k;
large_client_header_buffers 4 4k;
gzip on;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_types text/plain;
output_buffers 1 32k;
postpone_output 1460;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
send_lowat 12000;
keepalive_timeout 75 20;
# lingering_time 30;
# lingering_timeout 10;
# reset_timedout_connection on;
server {
listen one.example.com;
server_name one.example.com www.one.example.com;
access_log /var/log/nginx.access_log main;
location / {
proxy_pass http://127.0.0.1/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
client_body_temp_path /var/nginx/client_body_temp;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_send_lowat 12000;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /var/nginx/proxy_temp;
charset koi8-r;
}
error_page 404 /404.html;
location /404.html {
root /spool/www;
charset on;
source_charset koi8-r;
}
location /old_stuff/ {
rewrite ^/old_stuff/(.*)$ /new_stuff/$1 permanent;
}
location /download/ {
valid_referers none blocked server_names *.example.com;
if ($invalid_referer) {
#rewrite ^/ http://www.example.com/;
return 403;
}
# rewrite_log on;
# rewrite /download/*/mp3/*.any_ext to /download/*/mp3/*.mp3
rewrite ^/(download/.*)/mp3/(.*)\..*$ /$1/mp3/$2.mp3 break;
root /spool/www;
# autoindex on;
access_log /var/log/nginx-download.access_log download;
}
location ~* ^.+\.(jpg|jpeg|gif)$ {
root /spool/www;
access_log off;
expires 30d;
}
}
}