Difference between revisions of "NginX"

From Indie IT Wiki
Line 47: Line 47:
 
== Monitoring ==
 
== Monitoring ==
  
https://amplify.nginx.com/
+
[https://github.com/lebinh/ngxtop NGXtop]
 +
 
 +
[https://amplify.nginx.com/ Amplify]
  
 
== HTTP/2 ==
 
== HTTP/2 ==

Revision as of 15:18, 11 June 2021

Introduction

NginX is a web server which can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache. The software was created by Igor Sysoev and first publicly released in 2004.

https://www.nginx.com/

Installation

NEW

sudo apt install curl gnupg2 ca-certificates lsb-release
echo "deb http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" | sudo tee /etc/apt/preferences.d/99nginx
curl -s -o /tmp/nginx_signing.key https://nginx.org/keys/nginx_signing.key
sudo mv /tmp/nginx_signing.key /etc/apt/trusted.gpg.d/nginx_signing.asc
cat /etc/apt/trusted.gpg.d/nginx_signing.asc | sudo apt-key add -
sudo apt update
sudo apt install nginx

https://nginx.org/en/linux_packages.html#Ubuntu

OLD

https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-open-source/

This will install the latest NginX server and also the OpenSSL and OpenSSL libraries.

sudo add-apt-repository ppa:ondrej/nginx
sudo apt-get -y update
sudo apt-get -y dist-upgrade
sudo apt-get -y install nginx-full openssl libssl1.1

HOWTOS

Security Hardening

Fix 502 Bad Gateway Error - check nginx is running as user 'www-data'

How To Create a Self-Signed SSL Certificate for Nginx

How To Set Up Nginx with HTTP/2 Support

How To Set Up Nginx Server Blocks Virtual Hosts

How To Secure Nginx with Let's Encrypt

Monitoring

NGXtop

Amplify

HTTP/2

HTTP/2 is only available on secure connections so you have to set up an SSL Certificate and add the following lines to your server block:-

listen [::]:443 ssl http2;
listen 443 ssl http2;

https://www.nginx.com/blog/http2-module-nginx/

Redirect HTTP to HTTPS

# redirect to https
server {
    listen 80 default_server;
    server_name _;
    return 301 https://$host$request_uri;
}

Documentation

https://nginx.org/en/docs/

Fixes

nginx: [emerg] duplicate listen options for [::]:443

Remove the ipv6only=on directive in your virtual host config files...

# listen [::]:443 ssl http2 ipv6only=on;
listen [::]:443 ssl http2;
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/www.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.domain.com/privkey.pem;