Differences
This shows you the differences between two versions of the page.
linux_wiki:nginx_http_server [2018/03/23 16:06] billdozor [Main Config: nginx.conf] |
linux_wiki:nginx_http_server [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Nginx HTTP Server ====== | ||
- | **General Information** | ||
- | |||
- | Installation and configuration of Nginx web server. | ||
- | |||
- | **Checklist** | ||
- | * Distro(s): Enterprise Linux 6/7 | ||
- | |||
- | ---- | ||
- | |||
- | ====== Installation ====== | ||
- | |||
- | Installation of Nginx can be completed via repo (Official Nginx, EPEL, or Software Collections) or compiling. | ||
- | |||
- | ===== Repo: Official Nginx ===== | ||
- | |||
- | [[http:// | ||
- | |||
- | Versions as of 04/13/2016: | ||
- | * Mainline: 1.9.14 | ||
- | * Stable: 1.8.1 | ||
- | * Legacy: 1.6.3 and below | ||
- | |||
- | - Add a nginx repo file | ||
- | * Stable Repo:< | ||
- | [nginx] | ||
- | name=nginx repo | ||
- | baseurl=http:// | ||
- | gpgcheck=0 | ||
- | enabled=1</ | ||
- | * Mainline Repo:< | ||
- | [nginx] | ||
- | name=nginx repo | ||
- | baseurl=http:// | ||
- | gpgcheck=0 | ||
- | enabled=1</ | ||
- | - Install< | ||
- | |||
- | ===== Repo: EPEL ===== | ||
- | |||
- | Versions as of 04/13/2016 | ||
- | * CentOS 7.2: Nginx 1.6.3 | ||
- | |||
- | Procedure | ||
- | * Install the [[linux_wiki: | ||
- | * Install Nginx< | ||
- | |||
- | ===== Repo: Software Collections ===== | ||
- | |||
- | Versions as of 04/13/2016: | ||
- | * nginx 1.4 (legacy) | ||
- | * nginx 1.6 (legacy) | ||
- | * nginx 1.8 (stable) | ||
- | |||
- | - Add the [[linux_wiki: | ||
- | - Install< | ||
- | - Enable the software collection< | ||
- | - Run signal commands (nginx -s signal) as normal from the Operation section below | ||
- | ===== Compile and Install ===== | ||
- | |||
- | Building from source is usually done for specific functionality and is more time consuming. | ||
- | |||
- | - Install pre-reqs< | ||
- | - [[http:// | ||
- | - Unarchive/ | ||
- | - Change into directory< | ||
- | - Configure nginx< | ||
- | - Available configuration options: http:// | ||
- | - Compile< | ||
- | - Install< | ||
- | |||
- | ---- | ||
- | |||
- | ====== Configuration ====== | ||
- | |||
- | * Main Config: / | ||
- | * Alt Main (Compiled): / | ||
- | * Alt Main (Software Collections): | ||
- | * Additional Config: / | ||
- | * Alt Additional Config (Compiled): No default | ||
- | * Alt Additional Config (Software Collections): | ||
- | |||
- | ---- | ||
- | |||
- | ===== Main Config: nginx.conf ==== | ||
- | |||
- | * Default repo installed file location: / | ||
- | |||
- | Main nginx.conf config file, in the http context | ||
- | <code bash># Context: HTTP - HTTP Server Directives | ||
- | http { | ||
- | ... | ||
- | ##-- Security --## | ||
- | # server_tokens off - Disable nginx version on error pages and response headers | ||
- | server_tokens off; | ||
- | |||
- | ## Headers - Add additional headers ## | ||
- | # X-Frame-Options SAMEORIGIN -> Page can only be displayed in a frame on same origin | ||
- | add_header X-Frame-Options SAMEORIGIN; | ||
- | |||
- | # X-Content-Type-Options nosniff -> Prevent MIME Type Attacks | ||
- | add_header X-Content-Type-Options nosniff; | ||
- | |||
- | # X-XSS-Protection "1; mode=block" | ||
- | # | ||
- | add_header X-XSS-Protection "1; mode=block" | ||
- | |||
- | # Content-Security-Policy -> Prevent XSS, clickjacking, | ||
- | add_header Content-Security-Policy " | ||
- | ##-- End of Security Settings --## | ||
- | ... | ||
- | }</ | ||
- | |||
- | ---- | ||
- | |||
- | ====== Operation ====== | ||
- | |||
- | Controlling the nginx web server. | ||
- | |||
- | Nginx can be controlled via the system' | ||
- | |||
- | * Main nginx executable: / | ||
- | * Alt main nginx executable (Compiled): / | ||
- | * Alt main nginx executable (Software Collections): | ||
- | |||
- | **Note**: If using the software collections method, that environment must be enabled before you attempt to operate the web server.< | ||
- | * This could be put in a user's .bashrc for easier use if needed. | ||
- | |||
- | ---- | ||
- | |||
- | ==== Enable on Boot ==== | ||
- | |||
- | * Autostart the nginx web server upon system startup | ||
- | <code bash> | ||
- | |||
- | ---- | ||
- | |||
- | ==== Start ==== | ||
- | |||
- | * Evaluate config files; if syntax is ok, start | ||
- | <code bash> | ||
- | or | ||
- | <code bash> | ||
- | |||
- | ---- | ||
- | |||
- | ==== Stop ==== | ||
- | |||
- | * Stop the nginx processes now | ||
- | * Kills current sessions | ||
- | <code bash> | ||
- | or | ||
- | <code bash> | ||
- | |||
- | ---- | ||
- | |||
- | ==== Reload Config ==== | ||
- | |||
- | * Equivalent to Apache httpd' | ||
- | * Check syntax | ||
- | * if ok, then spawn new workers with new config and signal old workers to shutdown after current requests are complete | ||
- | * if NOT ok, continue using old configuration | ||
- | <code bash> | ||
- | or | ||
- | <code bash> | ||
- | |||
- | ---- | ||
- | |||
- | ==== Restart ==== | ||
- | |||
- | * Kill worker processes immediately | ||
- | <code bash> | ||
- | or | ||
- | <code bash> | ||
- | |||
- | ---- | ||
- | |||
- | ==== Graceful Stop ==== | ||
- | |||
- | * Equivalent to Apache httpd' | ||
- | * Wait for worker processes to finish serving current requests, then stop. | ||
- | * Do not accept new requests | ||
- | <code bash> | ||
- | |||
- | ---- |