Difference between revisions of "NginX"
Plittlefield (talk | contribs) |
Plittlefield (talk | contribs) |
||
(15 intermediate revisions by the same user not shown) | |||
Line 9: | Line 9: | ||
'''NEW''' | '''NEW''' | ||
− | sudo apt install curl gnupg2 ca-certificates lsb-release | + | #!/bin/bash |
− | echo "deb <nowiki>http://nginx.org/packages/ubuntu</nowiki> `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list | + | sudo apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring -y && \ |
− | echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" | sudo tee /etc/apt/preferences.d/99nginx | + | curl <nowiki>https://nginx.org/keys/nginx_signing.key</nowiki> | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null && \ |
− | curl -s -o /tmp/nginx_signing.key <nowiki>https://nginx.org/keys/nginx_signing.key</nowiki> | + | echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] <nowiki>http://nginx.org/packages/ubuntu</nowiki> `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list && \ |
− | sudo | + | echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" | sudo tee /etc/apt/preferences.d/99nginx && \ |
− | + | curl -s -o /tmp/nginx_signing.key <nowiki>https://nginx.org/keys/nginx_signing.key</nowiki> && \ | |
− | + | sudo apt update -y && \ | |
− | + | sudo apt install nginx -y && \ | |
− | + | nginx -t && \ | |
− | + | nginx -V && \ | |
+ | exit; | ||
+ | |||
+ | Then, edit the SystemD file to add a sleep command ... | ||
+ | |||
+ | <code>/lib/systemd/system/nginx.service</code> | ||
+ | |||
+ | [Unit] | ||
+ | Description=nginx - high performance web server | ||
+ | Documentation=<nowiki>https://nginx.org/en/docs/</nowiki> | ||
+ | After=network-online.target remote-fs.target nss-lookup.target | ||
+ | Wants=network-online.target | ||
+ | |||
+ | [Service] | ||
+ | Type=forking | ||
+ | PIDFile=/var/run/nginx.pid | ||
+ | ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf | ||
+ | '''ExecStartPost=/bin/sleep 0.5''' | ||
+ | ExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /var/run/nginx.pid)" | ||
+ | ExecStop=/bin/sh -c "/bin/kill -s TERM $(/bin/cat /var/run/nginx.pid)" | ||
+ | |||
+ | [Install] | ||
+ | WantedBy=multi-user.target | ||
https://nginx.org/en/linux_packages.html#Ubuntu | https://nginx.org/en/linux_packages.html#Ubuntu | ||
+ | |||
'''OLD''' | '''OLD''' | ||
Line 66: | Line 89: | ||
log_not_found off; | log_not_found off; | ||
expires 360d; | expires 360d; | ||
+ | add_header Access-Control-Allow-Origin *; | ||
+ | add_header Pragma public; | ||
+ | add_header Cache-Control "public, must-validate"; | ||
} | } | ||
− | To test, first get the etag number and then | + | To test, first get the Entity Tag (etag) number and then use that ... |
− | curl -I https://www.domain.co.uk/index.html | + | curl -I <nowiki>https://www.domain.co.uk/index.html</nowiki> |
HTTP/2 200 | HTTP/2 200 | ||
server: nginx/1.22.1 | server: nginx/1.22.1 | ||
Line 80: | Line 106: | ||
accept-ranges: bytes | accept-ranges: bytes | ||
− | curl -I -H 'If-None-Match: "636e4856-b"' https://www.domain.co.uk/index.html | + | curl -I -H 'If-None-Match: "636e4856-b"' <nowiki>https://www.domain.co.uk/index.html</nowiki> |
'''HTTP/2 304 Not Modified''' | '''HTTP/2 304 Not Modified''' | ||
server: nginx/1.22.1 | server: nginx/1.22.1 | ||
Line 86: | Line 112: | ||
last-modified: Fri, 11 Nov 2022 13:04:22 GMT | last-modified: Fri, 11 Nov 2022 13:04:22 GMT | ||
etag: "636e4856-b" | etag: "636e4856-b" | ||
+ | |||
+ | This means, it is working :) | ||
[https://www.nginx.com/blog/rate-limiting-nginx/ Rate Limiting] | [https://www.nginx.com/blog/rate-limiting-nginx/ Rate Limiting] | ||
Line 108: | Line 136: | ||
[https://amplify.nginx.com/ Amplify] | [https://amplify.nginx.com/ Amplify] | ||
+ | |||
+ | == HTTP/3 == | ||
+ | |||
+ | HTTP/3 is only available on secure connections so you have to set up an SSL Certificate and add the following lines to your server block:- | ||
+ | |||
+ | listen [::]:443 ssl; | ||
+ | listen 443 ssl; | ||
+ | http3 on; | ||
== HTTP/2 == | == HTTP/2 == | ||
Line 113: | Line 149: | ||
HTTP/2 is only available on secure connections so you have to set up an SSL Certificate and add the following lines to your server block:- | HTTP/2 is only available on secure connections so you have to set up an SSL Certificate and add the following lines to your server block:- | ||
− | listen [::]:443 ssl | + | listen [::]:443 ssl; |
− | listen 443 ssl | + | listen 443 ssl; |
− | + | http2 on; | |
− | |||
== Redirect HTTP to HTTPS == | == Redirect HTTP to HTTPS == |
Latest revision as of 16:30, 21 July 2024
Introduction
NginX is a web server which can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache. The software was created by Igor Sysoev and first publicly released in 2004.
Installation
NEW
#!/bin/bash sudo apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring -y && \ curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null && \ echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list && \ echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" | sudo tee /etc/apt/preferences.d/99nginx && \ curl -s -o /tmp/nginx_signing.key https://nginx.org/keys/nginx_signing.key && \ sudo apt update -y && \ sudo apt install nginx -y && \ nginx -t && \ nginx -V && \ exit;
Then, edit the SystemD file to add a sleep command ...
/lib/systemd/system/nginx.service
[Unit] Description=nginx - high performance web server Documentation=https://nginx.org/en/docs/ After=network-online.target remote-fs.target nss-lookup.target Wants=network-online.target [Service] Type=forking PIDFile=/var/run/nginx.pid ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.conf ExecStartPost=/bin/sleep 0.5 ExecReload=/bin/sh -c "/bin/kill -s HUP $(/bin/cat /var/run/nginx.pid)" ExecStop=/bin/sh -c "/bin/kill -s TERM $(/bin/cat /var/run/nginx.pid)" [Install] WantedBy=multi-user.target
https://nginx.org/en/linux_packages.html#Ubuntu
OLD
https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-open-source/
This will install the latest NginX server and also the OpenSSL and OpenSSL libraries.
sudo add-apt-repository ppa:ondrej/nginx sudo apt-get -y update sudo apt-get -y dist-upgrade sudo apt-get -y install nginx-full openssl libssl1.1
HOWTOS
Performance
GZip Compression
To set ...
/etc/nginx/conf.d/web_site.conf
# Gzip compression gzip on; gzip_vary on; gzip_min_length 1000; gzip_comp_level 5; gzip_types application/json text/css application/x-javascript application/javascript image/svg+xml; gzip_proxied any;
To test...
curl -H "Accept-Encoding: gzip" -I https://www.domain.co.uk/
Browser File Caching
To set ...
/etc/nginx/conf.d/web_site.conf
# Caching location ~* \.(jpg|jpeg|gif|png|webp|svg|woff|woff2|ttf|css|js|ico|xml)$ { access_log off; log_not_found off; expires 360d; add_header Access-Control-Allow-Origin *; add_header Pragma public; add_header Cache-Control "public, must-validate"; }
To test, first get the Entity Tag (etag) number and then use that ...
curl -I https://www.domain.co.uk/index.html HTTP/2 200 server: nginx/1.22.1 date: Sun, 13 Nov 2022 12:56:15 GMT content-type: text/html content-length: 11 last-modified: Fri, 11 Nov 2022 13:04:22 GMT etag: "636e4856-b" accept-ranges: bytes
curl -I -H 'If-None-Match: "636e4856-b"' https://www.domain.co.uk/index.html HTTP/2 304 Not Modified server: nginx/1.22.1 date: Sun, 13 Nov 2022 12:59:23 GMT last-modified: Fri, 11 Nov 2022 13:04:22 GMT etag: "636e4856-b"
This means, it is working :)
Fix 502 Bad Gateway Error - check nginx is running as user 'www-data'
How To Create a Self-Signed SSL Certificate for Nginx
How To Set Up Nginx with HTTP/2 Support
How To Set Up Nginx Server Blocks Virtual Hosts
How To Secure Nginx with Let's Encrypt
Set Up Nginx FastCGI Cache to Reduce WordPress Server Response Time
Monitoring
HTTP/3
HTTP/3 is only available on secure connections so you have to set up an SSL Certificate and add the following lines to your server block:-
listen [::]:443 ssl; listen 443 ssl; http3 on;
HTTP/2
HTTP/2 is only available on secure connections so you have to set up an SSL Certificate and add the following lines to your server block:-
listen [::]:443 ssl; listen 443 ssl; http2 on;
Redirect HTTP to HTTPS
# redirect to https server { listen 80 default_server; server_name _; return 301 https://$host$request_uri; }
Documentation
Directory Index Time
By default, nginx outputs the directory index in UTC time. If you want it to display the time in your local timezone, you should set the autoindex_localtime directive to on...
autoindex_localtime on
https://stackoverflow.com/questions/53670557/nginx-shows-wrong-time-timezone
Fixes
Request Entity Too Large
/etc/nginx/nginx.conf
or /etc/nginx/conf.d/my_site.conf
server { ... # Fix file upload size client_max_body_size 10M; ... }
/etc/php/x.x/php-fpm/php.ini
;This sets the maximum amount of memory in bytes that a script is allowed to allocate memory_limit = 32M ;The maximum size of an uploaded file. upload_max_filesize = 10M ;Sets max size of post data allowed. This setting also affects file upload. To upload large files, this value must be larger than upload_max_filesize post_max_size = 12M
https://www.cyberciti.biz/faq/linux-unix-bsd-nginx-413-request-entity-too-large/
nginx: [emerg] duplicate listen options for [::]:443
Remove the ipv6only=on directive in your virtual host config files...
# listen [::]:443 ssl http2 ipv6only=on; listen [::]:443 ssl http2; listen 443 ssl http2; ssl_certificate /etc/letsencrypt/live/www.domain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.domain.com/privkey.pem;