Services/Nginx: Difference between revisions

From Fundamental Ramen
Jump to navigation Jump to search
 
(39 intermediate revisions by the same user not shown)
Line 6: Line 6:
<source lang="nginx">
<source lang="nginx">
autoindex on;
autoindex on;
</source>
|-
| Catch all server ||
<source lang="nginx">
server_name _;
</source>
|-
| Prevent 413 Too Large ... ||
<source lang="nginx">
client_max_body_size 128m;
</source>
</source>
|}
|}
== Install nginx on Ubuntu 24 ==
=== Install ===
<source lang="bash">
# Install
sudo apt install nginx
# Check service status
sudo systemctl status nginx
# Check tcp port
ss -lnt4 | grep ':80'
# Edit config
cd /etc/nginx/sites-available
sudo vim my-vhost
</source>
=== Setup virtual host proxy ===
<source lang="text">
server {
  server_name my-vhost.xxx.com;
  root        /home/myaccount/vhost/my-vhost
  access_log  /var/log/nginx/my-vhost.access.log;
  error_log  /var/log/nginx/my-vhost.error.log;
  location / {
    proxy_pass http://192.168.25.90:12345;
    proxy_read_timeout 60;
    proxy_connect_timeout 10;
  }
}
</source>
<source lang="bash">
cd /etc/nginx/sites-enabled
sudo ln -s /etc/nginx/sites-available/my-vhost my-vhost
sudo nginx -t
sudo systemctl reload nginx
sudo systemctl status nginx
# check permission of static file
sudo -u www-data ls -l /home/myaccount/vhost/my-vhost
</source>
=== Add self-signed certificate ===
<source lang="bash">
cd ~
openssl req -new > cert.csr
openssl rsa -in privkey.pem -out key.pem
openssl x509 -in cert.csr -out cert.pem -req -signkey key.pem -days 1001
cat key.pem >> cert.pem
cp cert.pem /etc/nginx/sites-available
</source>
<source lang="text">
server {
  server_name my-vhost.xxx.com;
  root        /home/myaccount/vhost/my-vhost
  access_log  /var/log/nginx/my-vhost.access.log;
  error_log  /var/log/nginx/my-vhost.error.log;
  ssl_certificate    /etc/nginx/sites-available/cert.pem;
  ssl_certificate_key /etc/nginx/sites-available/cert.pem;
  location / {
    proxy_pass http://192.168.25.90:12345;
    proxy_read_timeout 60;
    proxy_connect_timeout 10;
  }
}
</source>
=== Certbot 2.x (Let's Encrypt) ===
* [https://certbot.eff.org/ Certbot official site]
<source lang="bash">
sudo snap install --classic certbot
# sudo ln -s /snap/bin/certbot /usr/bin/certbot
</source>


== Install nginx on macOS 10.13+ ==
== Install nginx on macOS 10.13+ ==
Line 26: Line 121:
</source>
</source>


Run nginx as nobody is inconvenient for development.
Running nginx as nobody is inconvenient for development.
Running as login account is better.


Run as login account is better.
'''/usr/local/etc/nginx/nginx.conf:2'''
<source lang="bash">
#    user      group
user  myaccount admin;
</source>
 
When using nobody, response would be 403 forbidden and hard to debug.
 
Like this: ('''/usr/local/var/log/nginx/error.log''')
 
<source lang="text">
2019/02/18 15:42:47 [crit] 25478#0: *78 stat() "/Users/myaccount/Documents/0x01.Source/myvhost/public" failed (13: Permission denied)
</source>


= Certbot trouble shooting =


'''nginx.conf:2'''
<source lang="bash">
<source lang="bash">
user  myaccount admin;
sudo certbot renew -d wiki.tacosync.com --dry-run
</source>
</source>


= Priority of location =
=== Firewall Issue ===
<source lang="nginx">


</source>
* Certbot need http access, so firewall should allow both http & https access.

Latest revision as of 06:28, 21 June 2024

Quick References

TODO Command
List directory 
autoindex on;
Catch all server 
server_name _;
Prevent 413 Too Large ... 
client_max_body_size 128m;

Install nginx on Ubuntu 24

Install

# Install
sudo apt install nginx

# Check service status
sudo systemctl status nginx

# Check tcp port
ss -lnt4 | grep ':80'

# Edit config
cd /etc/nginx/sites-available
sudo vim my-vhost

Setup virtual host proxy

server {
  server_name my-vhost.xxx.com;
  root        /home/myaccount/vhost/my-vhost
  access_log  /var/log/nginx/my-vhost.access.log;
  error_log   /var/log/nginx/my-vhost.error.log;

  location / {
    proxy_pass http://192.168.25.90:12345;
    proxy_read_timeout 60;
    proxy_connect_timeout 10;
  }
}

cd /etc/nginx/sites-enabled
sudo ln -s /etc/nginx/sites-available/my-vhost my-vhost
sudo nginx -t
sudo systemctl reload nginx
sudo systemctl status nginx

# check permission of static file
sudo -u www-data ls -l /home/myaccount/vhost/my-vhost

Add self-signed certificate

cd ~
openssl req -new > cert.csr
openssl rsa -in privkey.pem -out key.pem
openssl x509 -in cert.csr -out cert.pem -req -signkey key.pem -days 1001
cat key.pem >> cert.pem
cp cert.pem /etc/nginx/sites-available

server {
  server_name my-vhost.xxx.com;
  root        /home/myaccount/vhost/my-vhost
  access_log  /var/log/nginx/my-vhost.access.log;
  error_log   /var/log/nginx/my-vhost.error.log;
  ssl_certificate     /etc/nginx/sites-available/cert.pem;
  ssl_certificate_key /etc/nginx/sites-available/cert.pem;

  location / {
    proxy_pass http://192.168.25.90:12345;
    proxy_read_timeout 60;
    proxy_connect_timeout 10;
  }
}

Certbot 2.x (Let's Encrypt)

sudo snap install --classic certbot
# sudo ln -s /snap/bin/certbot /usr/bin/certbot

Install nginx on macOS 10.13+

Default nginx package in Homebrew is missing many modules.

Tap 3rd party package is useful for development. 

brew tap denji/nginx

brew install nginx-full \
  --with-echo-module \
  --with-autols-module \
  --with-geoip2-module \
  --with-http2 \
  --with-upload-module \
  --with-upload-progress-module

Running nginx as nobody is inconvenient for development. Running as login account is better.

/usr/local/etc/nginx/nginx.conf:2 

#     user      group
user  myaccount admin;

When using nobody, response would be 403 forbidden and hard to debug.

Like this: (/usr/local/var/log/nginx/error.log) 

2019/02/18 15:42:47 [crit] 25478#0: *78 stat() "/Users/myaccount/Documents/0x01.Source/myvhost/public" failed (13: Permission denied)

Certbot trouble shooting

sudo certbot renew -d wiki.tacosync.com --dry-run

Firewall Issue

  • Certbot need http access, so firewall should allow both http & https access.
Retrieved from "https://wiki.fundamental-ramen.com/index.php?title=Services/Nginx&oldid=1968"