NginX

From Indie IT Wiki
Revision as of 12:55, 7 May 2021 by imported>Plittlefield (→‎Installation)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Introduction

NginX is a web server which can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache. The software was created by Igor Sysoev and first publicly released in 2004.

https://www.nginx.com/

Installation

NEW

sudo apt install curl gnupg2 ca-certificates lsb-release
echo "deb http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" | sudo tee /etc/apt/preferences.d/99nginx
curl -o /tmp/nginx_signing.key https://nginx.org/keys/nginx_signing.key
gpg --dry-run --quiet --import --import-options show-only /tmp/nginx_signing.key
sudo mv /tmp/nginx_signing.key /etc/apt/trusted.gpg.d/nginx_signing.asc
sudo apt update
sudo apt install nginx

https://nginx.org/en/linux_packages.html#Ubuntu

OLD

https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-open-source/

This will install the latest NginX server and also the OpenSSL and OpenSSL libraries.

sudo add-apt-repository ppa:ondrej/nginx
sudo apt-get -y update
sudo apt-get -y dist-upgrade
sudo apt-get -y install nginx-full openssl libssl1.1

HOWTOS

Security Hardening

Fix 502 Bad Gateway Error - check nginx is running as user 'www-data'

How To Create a Self-Signed SSL Certificate for Nginx

How To Set Up Nginx with HTTP/2 Support

How To Set Up Nginx Server Blocks Virtual Hosts

How To Secure Nginx with Let's Encrypt

Monitoring

https://amplify.nginx.com/

HTTP/2

https://www.nginx.com/blog/http2-module-nginx/

Documentation

https://nginx.org/en/docs/

Fixes

nginx: [emerg] duplicate listen options for [::]:443

Remove the ipv6only=on directive in your virtual host config files...

# listen [::]:443 ssl http2 ipv6only=on;
listen [::]:443 ssl http2;
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/www.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.domain.com/privkey.pem;