linux_wiki:nginx_http_server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
linux_wiki:nginx_http_server [2018/04/09 00:29]
billdozor [Main Config: nginx.conf] 		linux_wiki:nginx_http_server [2018/04/09 00:39]
billdozor [Example: Reverse Proxy]
Line 166: Line 166:
   include /etc/nginx/conf.d/enabled/*.conf;   include /etc/nginx/conf.d/enabled/*.conf;
 }</code> }</code>
 +
 +----
 +
 +===== Default Config: default.conf ====
  
   * Create the available/enabled directories<code bash>mkdir /etc/nginx/conf.d/{available,enabled}</code>   * Create the available/enabled directories<code bash>mkdir /etc/nginx/conf.d/{available,enabled}</code>
Line 217: Line 221:
   * Create symlink in enabled directory to default config<code bash>ln -s /etc/nginx/conf.d/available/default.conf /etc/nginx/conf.d/enabled/default.conf</code>   * Create symlink in enabled directory to default config<code bash>ln -s /etc/nginx/conf.d/available/default.conf /etc/nginx/conf.d/enabled/default.conf</code>
   * Deploy your SSL certificates.   * Deploy your SSL certificates.
 +
 +----
 +
 +===== Site Specific Config ====
 +
 +Once the base config is in place, site specific config can be added.
 +  * Copy the default config to a new file<code bash>cp /etc/nginx/conf.d/available/default.conf /etc/nginx/conf.d/available/mysite.org.conf</code>
 +  * Edit the new file<code bash>/etc/nginx/conf.d/available/mysite.org.conf</code>
 +    * Replace server_name directives with system's fully qualified hostname. Example:<code bash>server_name  mywebserver.org;</code>
 +    * Remove "default_server" from the listen directives<code bash>listen 80;
 +listen 443 ssl;</code>
 +    * Make any other additional site specific config changes.
 +
 +  * Create symlink to enable the new site<code bash>ln -s /etc/nginx/conf.d/available/mysite.org.conf /etc/nginx/conf.d/enabled/mysite.org.conf</code>
 +  * Disable the default.conf catch all config if you don't want it to function on a non-match to your site specific config<code bash>unlink /etc/nginx/conf.d/enabled/default.conf</code>
 +  * Restart nginx for changes to take affect
 +    * CentOS 6<code bash>/etc/init.d/nginx restart</code>
 +    * CentOS 7<code bash>systemctl restart nginx</code>
 +
 +----
 +
 +===== Example: Reverse Proxy =====
 +
 +Nginx can function as a reverse proxy. This is particularly useful for:
 +  * Accepting connections on secure standard ports and forwarding them to non-secure/standard ports for applications
 +  * Sitting in front of an application server (that might be listening on localhost)
 +  * Load balancing
 +
 +===== Forward to Non Standard Port =====
 +
 +This example accepts connections on standard port 443/tcp and forwards the request to a Java application listening on localhost, port 8080/tcp.
 +<code bash>
 +server {
 +....
 +# Location: Reverse Proxy to Java App
 +    location /myapp/ {
 +      # Forward /myapp/ requests to correct port
 +      proxy_pass http://127.0.0.1:8080/myapp/;
 +
 +      # Additional headers to pass
 +      proxy_set_header        Host            $host;
 +      proxy_set_header        X-Real-IP       $remote_addr;
 +      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
 +    }
 +}
 +</code>
  
 ---- ----
Line 284: Line 334:
   # HSTS (HTTPS Strict Transport Security)   # HSTS (HTTPS Strict Transport Security)
   # 63072000 seconds = 2 years   # 63072000 seconds = 2 years
-  add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";+  add_header Strict-Transport-Security "max-age=63072000; includeSubdomains" always;
 .... ....
 }</code> }</code>
  • linux_wiki/nginx_http_server.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)