Services/Nginx: Difference between revisions
Jump to navigation
Jump to search
| (19 intermediate revisions by the same user not shown) | |||
| Line 22: | Line 22: | ||
=== Install === | |||
<source lang="bash"> | <source lang="bash"> | ||
| Line 39: | Line 39: | ||
</source> | </source> | ||
=== Setup virtual host proxy === | |||
<source lang=" | <source lang="text"> | ||
server { | |||
server_name my-vhost.xxx.com; | |||
root /home/myaccount/vhost/my-vhost | |||
access_log /var/log/nginx/my-vhost.access.log; | |||
error_log /var/log/nginx/my-vhost.error.log; | |||
location / { | |||
proxy_pass http://192.168.25.90:12345; | |||
proxy_read_timeout 60; | |||
proxy_connect_timeout 10; | |||
} | |||
} | |||
</source> | |||
<source lang="bash"> | |||
cd /etc/nginx/sites-enabled | |||
sudo ln -s /etc/nginx/sites-available/my-vhost my-vhost | |||
sudo nginx -t | |||
sudo systemctl reload nginx | |||
sudo systemctl status nginx | |||
# check permission of static file | |||
sudo -u www-data ls -l /home/myaccount/vhost/my-vhost | |||
</source> | |||
=== Add self-signed certificate === | |||
<source lang="bash"> | |||
cd ~ | |||
openssl req -new > cert.csr | |||
openssl rsa -in privkey.pem -out key.pem | |||
openssl x509 -in cert.csr -out cert.pem -req -signkey key.pem -days 1001 | |||
cat key.pem >> cert.pem | |||
cp cert.pem /etc/nginx/sites-available | |||
</source> | |||
<source lang="text"> | |||
server { | server { | ||
server_name my-vhost.xxx.com; | server_name my-vhost.xxx.com; | ||
root /home/myaccount/vhost/my-vhost | |||
access_log /var/log/nginx/my-vhost.access.log; | access_log /var/log/nginx/my-vhost.access.log; | ||
error_log /var/log/nginx/my-vhost.error.log; | error_log /var/log/nginx/my-vhost.error.log; | ||
ssl_certificate /etc/nginx/sites-available/cert.pem; | |||
ssl_certificate_key /etc/nginx/sites-available/cert.pem; | |||
location / { | location / { | ||
| Line 53: | Line 93: | ||
} | } | ||
} | } | ||
</source> | |||
=== Certbot 2.x (Let's Encrypt) === | |||
* [https://certbot.eff.org/ Certbot official site] | |||
<source lang="bash"> | |||
sudo snap install --classic certbot | |||
# sudo ln -s /snap/bin/certbot /usr/bin/certbot | |||
</source> | </source> | ||
| Line 89: | Line 138: | ||
</source> | </source> | ||
= | = Certbot trouble shooting = | ||
<source lang="bash"> | |||
sudo certbot renew -d wiki.tacosync.com --dry-run | |||
</source> | </source> | ||
=== Firewall Issue === | |||
* Certbot need http access, so firewall should allow both http & https access. | |||
Latest revision as of 06:28, 21 June 2024
Quick References
| TODO | Command |
|---|---|
| List directory |
autoindex on;
|
| Catch all server |
server_name _;
|
| Prevent 413 Too Large ... |
client_max_body_size 128m;
|
Install nginx on Ubuntu 24
Install
# Install
sudo apt install nginx
# Check service status
sudo systemctl status nginx
# Check tcp port
ss -lnt4 | grep ':80'
# Edit config
cd /etc/nginx/sites-available
sudo vim my-vhost
Setup virtual host proxy
server {
server_name my-vhost.xxx.com;
root /home/myaccount/vhost/my-vhost
access_log /var/log/nginx/my-vhost.access.log;
error_log /var/log/nginx/my-vhost.error.log;
location / {
proxy_pass http://192.168.25.90:12345;
proxy_read_timeout 60;
proxy_connect_timeout 10;
}
}
cd /etc/nginx/sites-enabled
sudo ln -s /etc/nginx/sites-available/my-vhost my-vhost
sudo nginx -t
sudo systemctl reload nginx
sudo systemctl status nginx
# check permission of static file
sudo -u www-data ls -l /home/myaccount/vhost/my-vhost
Add self-signed certificate
cd ~
openssl req -new > cert.csr
openssl rsa -in privkey.pem -out key.pem
openssl x509 -in cert.csr -out cert.pem -req -signkey key.pem -days 1001
cat key.pem >> cert.pem
cp cert.pem /etc/nginx/sites-available
server {
server_name my-vhost.xxx.com;
root /home/myaccount/vhost/my-vhost
access_log /var/log/nginx/my-vhost.access.log;
error_log /var/log/nginx/my-vhost.error.log;
ssl_certificate /etc/nginx/sites-available/cert.pem;
ssl_certificate_key /etc/nginx/sites-available/cert.pem;
location / {
proxy_pass http://192.168.25.90:12345;
proxy_read_timeout 60;
proxy_connect_timeout 10;
}
}
Certbot 2.x (Let's Encrypt)
sudo snap install --classic certbot
# sudo ln -s /snap/bin/certbot /usr/bin/certbot
Install nginx on macOS 10.13+
Default nginx package in Homebrew is missing many modules.
Tap 3rd party package is useful for development.
brew tap denji/nginx
brew install nginx-full \
--with-echo-module \
--with-autols-module \
--with-geoip2-module \
--with-http2 \
--with-upload-module \
--with-upload-progress-module
Running nginx as nobody is inconvenient for development. Running as login account is better.
/usr/local/etc/nginx/nginx.conf:2
# user group
user myaccount admin;
When using nobody, response would be 403 forbidden and hard to debug.
Like this: (/usr/local/var/log/nginx/error.log)
2019/02/18 15:42:47 [crit] 25478#0: *78 stat() "/Users/myaccount/Documents/0x01.Source/myvhost/public" failed (13: Permission denied)
Certbot trouble shooting
sudo certbot renew -d wiki.tacosync.com --dry-run
Firewall Issue
- Certbot need http access, so firewall should allow both http & https access.