Nginx
From KevinWiki
(Difference between revisions)
(→PHP) |
|||
| (20 intermediate revisions not shown) | |||
| Line 1: | Line 1: | ||
| + | [[Category:Network]][[Category:Server]] | ||
[http://nginx.org NginX] is a lightweight open source Web server . | [http://nginx.org NginX] is a lightweight open source Web server . | ||
| Line 45: | Line 46: | ||
* Add the following line to the http block in the <code>/etc/nginx/nginx.conf</code>. | * Add the following line to the http block in the <code>/etc/nginx/nginx.conf</code>. | ||
more_set_headers 'Server: server'; | more_set_headers 'Server: server'; | ||
| + | |||
| + | == Client Max Body Size == | ||
| + | The default <code>client_max_body_size</code> is 1m (1MB) so if you upload any file the size of which is greater than 1MB, you get the HTTP error (code 413). | ||
| + | To avoid this, modify <code>/etc/nginx/nginx.conf</code> and change the value of <code>client_max_body_size</code>. 0 means no limit. | ||
| + | <pre> | ||
| + | http { | ||
| + | |||
| + | client_max_body_size 0; | ||
| + | |||
| + | } | ||
| + | </pre> | ||
| + | |||
| + | == Client and Response Timeout == | ||
| + | <pre> | ||
| + | http { | ||
| + | keepalive_timeout 180s; | ||
| + | client_header_timeout 120s; | ||
| + | client_body_timeout 120s; | ||
| + | send_timeout 180s; | ||
| + | proxy_read_timeout 300s; | ||
| + | } | ||
| + | </pre> | ||
| + | |||
| + | * keepalive_timeout: timeout for keep-alive connections with the client. | ||
| + | * client_header_timeout: how long to wait for the client to send a request header (e.g.: GET / HTTP/1.1). If the client has not sent anything within this timeout period, nginx returns the HTTP status code 408 ("Request timed out") | ||
| + | * client_body_timeout: the read timeout for the request body from client. If after this time the client send nothing, nginx returns error "Request time out" (408). | ||
| + | * send_timeout: the response timeout to the client. If the client has not read any data for this amount of time, then nginx shuts down the connection. | ||
| + | * proxy_read_timeout: timeout for the connection to the upstream server. | ||
== Virtual Host == | == Virtual Host == | ||
| Line 82: | Line 111: | ||
* Restart Nginx | * Restart Nginx | ||
| - | $ sudo /etc/init.d/nginx restart | + | $ sudo /etc/init.d/nginx restart |
= PHP = | = PHP = | ||
| - | $ sudo apt-get install php5-fpm | + | $ sudo apt-get install php5-fpm |
| + | == Change Port == | ||
| + | * To change the default port that php5-fpm is using, edit <code>/etc/php5/fpm/pool.d/www.conf</code> file. | ||
| + | e.g.) From: | ||
| + | <pre> | ||
| + | listen = 127.0.0.1:9000 | ||
| + | </pre> | ||
| + | To: | ||
| + | <pre> | ||
| + | listen = 127.0.0.1:9001 | ||
| + | </pre> | ||
| + | Then restart php5-fpm. | ||
| + | <pre> | ||
| + | $ sudo /etc/init.d/php5-fpm restart | ||
| + | </pre> | ||
| + | * Don't forget to use the new port in the site config file of Nginx. | ||
| + | e.g.) | ||
| + | <pre> | ||
| + | fastcgi_pass 127.0.0.1:9001; | ||
| + | </pre> | ||
| + | |||
| + | |||
| + | == General Configuration == | ||
<pre> | <pre> | ||
server { | server { | ||
| Line 112: | Line 163: | ||
$ sudo /etc/init.d/php5-fpm | $ sudo /etc/init.d/php5-fpm | ||
| + | == Remove <code>X-Powered-By</code> == | ||
| + | * To remove the header value, <code>X-Powered-By</code>, which contains the information about PHP (e.g. version), edit php.ini file. | ||
| + | X-Powered-By:PHP/5.x.xx-1ubuntux.x | ||
| + | |||
| + | Edit <code>/etc/php5/fpm/php.ini</code>. Change | ||
| + | expose_php = on | ||
| + | to | ||
| + | expose_php = off | ||
| + | |||
| + | * Restart php5-fpm | ||
| + | $ sudo /etc/init.d/php5-fpm | ||
| + | |||
| + | Does not work? Check /etc/php5/cli/php.ini as well. | ||
| + | |||
| + | == WordPress == | ||
| + | <pre> | ||
| + | server { | ||
| + | listen 443; | ||
| + | listen 127.0.0.1:443; | ||
| + | server_name blog.address; | ||
| + | root /var/www/blog-path; | ||
| + | index index.php index.html index.htm; | ||
| + | |||
| + | set_real_ip_from 127.0.0.1; | ||
| + | real_ip_header X-Real-IP; | ||
| + | |||
| + | ssl on; | ||
| + | ssl_certificate /etc/ssl/certs/server.crt; | ||
| + | ssl_certificate_key /etc/ssl/private/server.key; | ||
| + | |||
| + | location / { | ||
| + | try_files $uri $uri/ /index.php?$args; | ||
| + | } | ||
| + | |||
| + | location ~ \.php$ { | ||
| + | try_files $uri =404; | ||
| + | fastcgi_split_path_info ^(.+\.php)(/.+)$; | ||
| + | fastcgi_pass 127.0.0.1:9000; | ||
| + | fastcgi_index index.php; | ||
| + | include fastcgi_params; | ||
| + | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| + | fastcgi_param SERVER_NAME $host; | ||
| + | } | ||
| + | } | ||
| + | |||
| + | server { | ||
| + | listen 80; | ||
| + | listen 127.0.0.1:80; | ||
| + | server_name blog.address; | ||
| + | root /var/www/blog-path; | ||
| + | index index.php index.html index.htm; | ||
| + | |||
| + | set_real_ip_from 127.0.0.1; | ||
| + | real_ip_header X-Real-IP; | ||
| + | |||
| + | location / { | ||
| + | try_files $uri $uri/ /index.php?$args; | ||
| + | } | ||
| + | |||
| + | location ~ \.php$ { | ||
| + | try_files $uri =404; | ||
| + | fastcgi_split_path_info ^(.+\.php)(/.+)$; | ||
| + | fastcgi_pass 127.0.0.1:9000; | ||
| + | fastcgi_index index.php; | ||
| + | include fastcgi_params; | ||
| + | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| + | fastcgi_param SERVER_NAME $host; | ||
| + | } | ||
| + | } | ||
| + | </pre> | ||
| + | |||
| + | == MediaWiki == | ||
| + | <pre> | ||
| + | server { | ||
| + | listen 443 ssl; | ||
| + | listen 127.0.0.1:443; | ||
| + | server_name web-address; | ||
| + | root /var/www; | ||
| + | index index.php index.html index.htm; | ||
| + | |||
| + | ssl on; | ||
| + | ssl_certificate /etc/ssl/certs/server.crt; | ||
| + | ssl_certificate_key /etc/ssl/private/server.key; | ||
| + | |||
| + | location / { | ||
| + | index index.php index.html index.htm; | ||
| + | } | ||
| + | |||
| + | # ... | ||
| + | |||
| + | location /wiki { | ||
| + | |||
| + | auth_basic "your private account"; | ||
| + | auth_basic_user_file /var/www/.htpasswd; | ||
| + | |||
| + | # location to nowhere so it will cause 404 then will redirect_to_wiki. | ||
| + | root /var/www/w-not-exists; | ||
| + | |||
| + | index index.php; | ||
| + | error_page 404 = @redirect_to_wiki; | ||
| + | } | ||
| + | |||
| + | location ~ ^/wiki$ { | ||
| + | rewrite "^/wiki" /wiki/; | ||
| + | } | ||
| + | |||
| + | location @redirect_to_wiki { | ||
| + | rewrite "^/wiki/([^?]*)(?:\?(.*))?" /w/index.php?title=$1&$args last; | ||
| + | } | ||
| + | |||
| + | location @mediawiki { | ||
| + | rewrite ^/([^?]*)(?:\?(.*))? /w/index.php5?title=$1&$2 last; | ||
| + | } | ||
| + | |||
| + | location ~ ^/wiki/(.*)?\.php5?$ { | ||
| + | |||
| + | fastcgi_pass 127.0.0.1:9000; | ||
| + | fastcgi_index index.php5; | ||
| + | include fastcgi_params; | ||
| + | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| + | fastcgi_param SERVER_NAME $host; | ||
| + | } | ||
| + | |||
| + | location ~ ^/wiki/(.*)?\.php?$ { | ||
| + | |||
| + | fastcgi_pass 127.0.0.1:9000; | ||
| + | fastcgi_index index.php; | ||
| + | include fastcgi_params; | ||
| + | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| + | fastcgi_param SERVER_NAME $host; | ||
| + | } | ||
| + | |||
| + | location ~ ^/w/(.*)?\.php5?$ { | ||
| + | |||
| + | fastcgi_pass 127.0.0.1:9000; | ||
| + | fastcgi_index index.php5; | ||
| + | include fastcgi_params; | ||
| + | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| + | fastcgi_param SERVER_NAME $host; | ||
| + | } | ||
| + | |||
| + | location ~ ^/w/(.*)?\.php?$ { | ||
| + | |||
| + | fastcgi_pass 127.0.0.1:9000; | ||
| + | fastcgi_index index.php; | ||
| + | include fastcgi_params; | ||
| + | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| + | fastcgi_param SERVER_NAME $host; | ||
| + | } | ||
| + | |||
| + | location ~ \.php$ { | ||
| + | try_files $uri =404; | ||
| + | fastcgi_split_path_info ^(.+\.php)(/.+)$; | ||
| + | fastcgi_pass 127.0.0.1:9000; | ||
| + | fastcgi_index index.php; | ||
| + | include fastcgi_params; | ||
| + | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| + | fastcgi_param SERVER_NAME $host; | ||
| + | } | ||
| + | |||
| + | } | ||
| + | |||
| + | server { | ||
| + | listen 80; | ||
| + | listen 127.0.0.1:80; | ||
| + | server_name web-address; | ||
| + | root /var/www; | ||
| + | index index.php index.php5 index.html index.htm; | ||
| + | |||
| + | # error_page 401 /401.html; | ||
| + | |||
| + | location / { | ||
| + | index index.php index.php5 index.html index.htm; | ||
| + | } | ||
| + | |||
| + | |||
| + | location /wiki { | ||
| + | auth_basic "your private account"; | ||
| + | auth_basic_user_file /var/www/.htpasswd; | ||
| + | |||
| + | # location to nowhere so it will cause 404 then will redirect_to_wiki. | ||
| + | root /var/www/w-not-exists; | ||
| + | |||
| + | index index.php; | ||
| + | |||
| + | error_page 404 = @redirect_to_wiki; | ||
| + | } | ||
| + | |||
| + | location ~ ^/wiki$ { | ||
| + | rewrite "^/wiki" /wiki/; | ||
| + | } | ||
| + | |||
| + | location @redirect_to_wiki { | ||
| + | rewrite "^/wiki/([^?]*)(?:\?(.*))?" /w/index.php?title=$1&$args last; | ||
| + | } | ||
| + | |||
| + | location @mediawiki { | ||
| + | rewrite ^/([^?]*)(?:\?(.*))? /w/index.php5?title=$1&$2 last; | ||
| + | } | ||
| + | |||
| + | location ~ ^/wiki/(.*)?\.php5?$ { | ||
| + | |||
| + | fastcgi_pass 127.0.0.1:9000; | ||
| + | fastcgi_index index.php5; | ||
| + | include fastcgi_params; | ||
| + | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| + | fastcgi_param SERVER_NAME $host; | ||
| + | |||
| + | } | ||
| + | |||
| + | location ~ ^/wiki/(.*)?\.php?$ { | ||
| + | |||
| + | fastcgi_pass 127.0.0.1:9000; | ||
| + | fastcgi_index index.php; | ||
| + | include fastcgi_params; | ||
| + | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| + | fastcgi_param SERVER_NAME $host; | ||
| + | |||
| + | } | ||
| + | |||
| + | location ~ ^/w/(.*)?\.php5?$ { | ||
| + | |||
| + | fastcgi_pass 127.0.0.1:9000; | ||
| + | fastcgi_index index.php5; | ||
| + | include fastcgi_params; | ||
| + | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| + | fastcgi_param SERVER_NAME $host; | ||
| + | |||
| + | } | ||
| + | |||
| + | location ~ ^/w/(.*)?\.php?$ { | ||
| + | |||
| + | fastcgi_pass 127.0.0.1:9000; | ||
| + | fastcgi_index index.php; | ||
| + | include fastcgi_params; | ||
| + | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| + | fastcgi_param SERVER_NAME $host; | ||
| + | |||
| + | } | ||
| + | |||
| + | location ~ \.php$ { | ||
| + | try_files $uri =404; | ||
| + | fastcgi_split_path_info ^(.+\.php)(/.+)$; | ||
| + | fastcgi_pass 127.0.0.1:9000; | ||
| + | fastcgi_index index.php; | ||
| + | include fastcgi_params; | ||
| + | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| + | fastcgi_param SERVER_NAME $host; | ||
| + | } | ||
| + | |||
| + | } | ||
| + | |||
| + | </pre> | ||
= Use with Tomcat = | = Use with Tomcat = | ||
| Line 146: | Line 450: | ||
} | } | ||
| - | location ^/$ { | + | location ~ ^/$ { |
| - | + | rewrite / /default-app; | |
| - | + | ||
| - | + | ||
| - | + | ||
} | } | ||
} | } | ||
</pre> | </pre> | ||
| - | |||
= Trac = | = Trac = | ||
| Line 222: | Line 522: | ||
</pre> | </pre> | ||
| + | == Run Trac Server == | ||
| + | * Without authentication | ||
| + | sudo su www-data -c "tracd -d -p 3050 --pidfile=/opt/dev/nginx/run/tracd.3050 --protocol=http -e /opt/dev/trac" | ||
| + | |||
| + | * With authentication | ||
| + | sudo su www-data -c "tracd -d -p 3050 --pidfile=/opt/dev/nginx/run/tracd.3050 --protocol=http -e /opt/dev/trac --basic-auth=\"*,/path/to/.htpasswd/.htpasswd,Restricted\"" | ||
| + | |||
| + | == Run Script == | ||
| + | * Create directories | ||
| + | $ cd /opt/dev | ||
| + | $ mkdir nginx | ||
| + | $ mkdir nginx/run | ||
| + | * /opt/dev/nginx/trac-run.sh | ||
| + | <pre> | ||
| + | #!/bin/sh | ||
| + | |||
| + | #INSTANCES="3050 3051 3052 3053 3054 3055 3056" | ||
| + | INSTANCES="3050" | ||
| + | USER="www-data" | ||
| + | VERSION="1.0" | ||
| + | #ENV="/opt/dev/trac" | ||
| + | DEV_DIR="/opt/dev" | ||
| + | PIDFILE="${DEV_DIR}/nginx/run/tracd" | ||
| + | ### Extra Args here, for instance --basic-auth | ||
| + | #ARGS="--basic-auth=*,${DEV_DIR}/.htpasswd/.htpasswd,Restricted" | ||
| + | ARGS="-e ${DEV_DIR}/trac" | ||
| + | PYTHON_EGG_CACHE="/tmp" | ||
| + | |||
| + | |||
| + | start(){ | ||
| + | export PYTHON_EGG_CACHE | ||
| + | for I in $INSTANCES; do | ||
| + | /bin/su ${USER} -c "/usr/local/bin/tracd -d -p ${I} --pidfile=${PIDFILE}.${I} --protocol=http ${ARGS} ${ENV}" | ||
| + | done | ||
| + | } | ||
| + | |||
| + | stop(){ | ||
| + | if ls ${DEV_DIR}/nginx/run/tracd.* > /dev/null 2>&1; then | ||
| + | for x in `ls ${PIDFILE}.*`; do | ||
| + | echo "Killing process - PID: `cat ${x}`" | ||
| + | kill `cat ${x}` | ||
| + | done | ||
| + | else | ||
| + | echo "No PID exists" | ||
| + | fi | ||
| + | } | ||
| + | |||
| + | $1 | ||
| + | |||
| + | </pre> | ||
| + | $ chmod a+x trac-run.sh | ||
| + | $ cd /etc/init.d | ||
| + | $ ln -s /opt/dev/nginx/trac-run.sh trac-run | ||
| + | *Make the script run at bootup | ||
| + | <pre> | ||
| + | $ sudo update-rc.d trac-run defaults | ||
| + | |||
| + | update-rc.d: warning: /etc/init.d/trac-run missing LSB information | ||
| + | update-rc.d: see <http://wiki.debian.org/LSBInitScripts> | ||
| + | Adding system startup for /etc/init.d/trac-run ... | ||
| + | /etc/rc0.d/K20trac-run -> ../init.d/trac-run | ||
| + | /etc/rc1.d/K20trac-run -> ../init.d/trac-run | ||
| + | /etc/rc6.d/K20trac-run -> ../init.d/trac-run | ||
| + | /etc/rc2.d/S20trac-run -> ../init.d/trac-run | ||
| + | /etc/rc3.d/S20trac-run -> ../init.d/trac-run | ||
| + | /etc/rc4.d/S20trac-run -> ../init.d/trac-run | ||
| + | /etc/rc5.d/S20trac-run -> ../init.d/trac-run | ||
| + | </pre> | ||
= Example = | = Example = | ||
| Line 228: | Line 596: | ||
listen 443 ssl; | listen 443 ssl; | ||
listen 127.0.0.1:443; | listen 127.0.0.1:443; | ||
| - | server_name | + | server_name web-address; |
root /var/www; | root /var/www; | ||
index index.php index.html index.htm; | index index.php index.html index.htm; | ||
| Line 245: | Line 613: | ||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
proxy_set_header Host $http_host; | proxy_set_header Host $http_host; | ||
| + | } | ||
| + | |||
| + | location /host-manager { | ||
| + | proxy_pass http://localhost:8080; | ||
| + | proxy_set_header X-Real-IP $remote_addr; | ||
| + | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| + | proxy_set_header Host $http_host; | ||
| + | } | ||
| + | |||
| + | |||
| + | location /wiki { | ||
| + | |||
| + | auth_basic "your private account"; | ||
| + | auth_basic_user_file /var/www/.htpasswd; | ||
| + | |||
| + | # location to nowhere so it will cause 404 then will redirect_to_wiki. | ||
| + | root /var/www/w-not-exists; | ||
| + | |||
| + | index index.php; | ||
| + | error_page 404 = @redirect_to_wiki; | ||
| + | } | ||
| + | |||
| + | location ~ ^/wiki$ { | ||
| + | rewrite "^/wiki" /wiki/; | ||
| + | } | ||
| + | |||
| + | location @redirect_to_wiki { | ||
| + | rewrite "^/wiki/([^?]*)(?:\?(.*))?" /w/index.php?title=$1&$args last; | ||
| + | } | ||
| + | |||
| + | location @mediawiki { | ||
| + | rewrite ^/([^?]*)(?:\?(.*))? /w/index.php5?title=$1&$2 last; | ||
| + | } | ||
| + | |||
| + | location ~ ^/wiki/(.*)?\.php5?$ { | ||
| + | |||
| + | fastcgi_pass 127.0.0.1:9000; | ||
| + | fastcgi_index index.php5; | ||
| + | include fastcgi_params; | ||
| + | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| + | fastcgi_param SERVER_NAME $host; | ||
| + | } | ||
| + | |||
| + | location ~ ^/wiki/(.*)?\.php?$ { | ||
| + | |||
| + | fastcgi_pass 127.0.0.1:9000; | ||
| + | fastcgi_index index.php; | ||
| + | include fastcgi_params; | ||
| + | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| + | fastcgi_param SERVER_NAME $host; | ||
| + | } | ||
| + | |||
| + | location ~ ^/w/(.*)?\.php5?$ { | ||
| + | |||
| + | fastcgi_pass 127.0.0.1:9000; | ||
| + | fastcgi_index index.php5; | ||
| + | include fastcgi_params; | ||
| + | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| + | fastcgi_param SERVER_NAME $host; | ||
| + | } | ||
| + | |||
| + | location ~ ^/w/(.*)?\.php?$ { | ||
| + | |||
| + | fastcgi_pass 127.0.0.1:9000; | ||
| + | fastcgi_index index.php; | ||
| + | include fastcgi_params; | ||
| + | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| + | fastcgi_param SERVER_NAME $host; | ||
} | } | ||
| Line 253: | Line 689: | ||
fastcgi_index index.php; | fastcgi_index index.php; | ||
include fastcgi_params; | include fastcgi_params; | ||
| + | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| + | fastcgi_param SERVER_NAME $host; | ||
} | } | ||
| + | |||
} | } | ||
| Line 259: | Line 698: | ||
listen 80; | listen 80; | ||
listen 127.0.0.1:80; | listen 127.0.0.1:80; | ||
| - | server_name | + | server_name web-address; |
root /var/www; | root /var/www; | ||
| - | index index.php index.html index.htm; | + | index index.php index.php5 index.html index.htm; |
| + | |||
| + | # error_page 401 /401.html; | ||
location / { | location / { | ||
| - | index index.php index.html index.htm; | + | index index.php index.php5 index.html index.htm; |
} | } | ||
| - | location / | + | |
| - | + | location /wiki { | |
| - | + | auth_basic "your private account"; | |
| - | + | auth_basic_user_file /var/www/.htpasswd; | |
| - | + | ||
| + | # location to nowhere so it will cause 404 then will redirect_to_wiki. | ||
| + | root /var/www/w-not-exists; | ||
| + | |||
| + | index index.php; | ||
| + | |||
| + | error_page 404 = @redirect_to_wiki; | ||
| + | } | ||
| + | |||
| + | location ~ ^/wiki$ { | ||
| + | rewrite "^/wiki" /wiki/; | ||
| + | } | ||
| + | |||
| + | location @redirect_to_wiki { | ||
| + | rewrite "^/wiki/([^?]*)(?:\?(.*))?" /w/index.php?title=$1&$args last; | ||
| + | } | ||
| + | |||
| + | location @mediawiki { | ||
| + | rewrite ^/([^?]*)(?:\?(.*))? /w/index.php5?title=$1&$2 last; | ||
| + | } | ||
| + | |||
| + | location ~ ^/wiki/(.*)?\.php5?$ { | ||
| + | |||
| + | fastcgi_pass 127.0.0.1:9000; | ||
| + | fastcgi_index index.php5; | ||
| + | include fastcgi_params; | ||
| + | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| + | fastcgi_param SERVER_NAME $host; | ||
| + | |||
| + | } | ||
| + | |||
| + | location ~ ^/wiki/(.*)?\.php?$ { | ||
| + | |||
| + | fastcgi_pass 127.0.0.1:9000; | ||
| + | fastcgi_index index.php; | ||
| + | include fastcgi_params; | ||
| + | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| + | fastcgi_param SERVER_NAME $host; | ||
| + | |||
| + | } | ||
| + | |||
| + | location ~ ^/w/(.*)?\.php5?$ { | ||
| + | |||
| + | fastcgi_pass 127.0.0.1:9000; | ||
| + | fastcgi_index index.php5; | ||
| + | include fastcgi_params; | ||
| + | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| + | fastcgi_param SERVER_NAME $host; | ||
| + | |||
| + | } | ||
| + | |||
| + | location ~ ^/w/(.*)?\.php?$ { | ||
| + | |||
| + | fastcgi_pass 127.0.0.1:9000; | ||
| + | fastcgi_index index.php; | ||
| + | include fastcgi_params; | ||
| + | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| + | fastcgi_param SERVER_NAME $host; | ||
| + | |||
} | } | ||
| Line 280: | Line 779: | ||
fastcgi_index index.php; | fastcgi_index index.php; | ||
include fastcgi_params; | include fastcgi_params; | ||
| + | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | ||
| + | fastcgi_param SERVER_NAME $host; | ||
} | } | ||
| + | |||
} | } | ||
| + | |||
</pre> | </pre> | ||
Latest revision as of 16:16, 26 April 2013
NginX is a lightweight open source Web server .
Contents |
Installation
$ sudo apt-get install nginx
Latest Stable
- To get the latest stable version
Add the following repo info to /etc/apt/sources.list
deb http://nginx.org/packages/ubuntu/ precise nginx deb-src http://nginx.org/packages/ubuntu/ precise nginx
- Add Key
wget -q http://nginx.org/packages/keys/nginx_signing.key -O- | sudo apt-key add -
- Install
Get error like
---------------------------------------------------------------------- dpkg: error processing /var/cache/apt/archives/nginx_1.2.6-1~precise_amd64.deb (--unpack): trying to overwrite '/etc/logrotate.d/nginx', which is also in package nginx-common 1.1.19-1ubuntu0.1 dpkg-deb: error: subprocess paste was killed by signal (Broken pipe) Errors were encountered while processing: /var/cache/apt/archives/nginx_1.2.6-1~precise_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1)
$ sudo apt-get remove nginx-common
$ sudo apt-get install nginx
- PROBLEM: NO extra modules.
Configuration
Remove Server Info
Version
Modify /etc/nginx/nginx.conf
server_tokens off;
Server Info in Response Header
- Remove server info in the response header
Install extra modules for changing header
$ sudo apt-get install nginx-extras
- Add the following line to the http block in the
/etc/nginx/nginx.conf.
more_set_headers 'Server: server';
Client Max Body Size
The default client_max_body_size is 1m (1MB) so if you upload any file the size of which is greater than 1MB, you get the HTTP error (code 413).
To avoid this, modify /etc/nginx/nginx.conf and change the value of client_max_body_size. 0 means no limit.
http {
client_max_body_size 0;
}
Client and Response Timeout
http {
keepalive_timeout 180s;
client_header_timeout 120s;
client_body_timeout 120s;
send_timeout 180s;
proxy_read_timeout 300s;
}
- keepalive_timeout: timeout for keep-alive connections with the client.
- client_header_timeout: how long to wait for the client to send a request header (e.g.: GET / HTTP/1.1). If the client has not sent anything within this timeout period, nginx returns the HTTP status code 408 ("Request timed out")
- client_body_timeout: the read timeout for the request body from client. If after this time the client send nothing, nginx returns error "Request time out" (408).
- send_timeout: the response timeout to the client. If the client has not read any data for this amount of time, then nginx shuts down the connection.
- proxy_read_timeout: timeout for the connection to the upstream server.
Virtual Host
Default
server {
listen 80;
listen 127.0.0.1:80;
server_name localhost;
root /var/www;
index index.html index.htm;
location / {
index index.html index.htm;
}
}
- For SSL
server {
listen 443 ssl;
listen 127.0.0.1:443;
server_name localhost;
root /var/www;
index index.php index.html index.htm;
ssl on;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
location / {
index index.php index.html index.htm;
}
}
- Restart Nginx
$ sudo /etc/init.d/nginx restart
PHP
$ sudo apt-get install php5-fpm
Change Port
- To change the default port that php5-fpm is using, edit
/etc/php5/fpm/pool.d/www.conffile.
e.g.) From:
listen = 127.0.0.1:9000
To:
listen = 127.0.0.1:9001
Then restart php5-fpm.
$ sudo /etc/init.d/php5-fpm restart
- Don't forget to use the new port in the site config file of Nginx.
e.g.)
fastcgi_pass 127.0.0.1:9001;
General Configuration
server {
listen 80;
listen 127.0.0.1:80;
server_name localhost;
root /var/www;
index index.php index.html index.htm;
location / {
index index.php index.html index.htm;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
}
}
- Restart php5-fpm
$ sudo /etc/init.d/php5-fpm
Remove X-Powered-By
- To remove the header value,
X-Powered-By, which contains the information about PHP (e.g. version), edit php.ini file.
X-Powered-By:PHP/5.x.xx-1ubuntux.x
Edit /etc/php5/fpm/php.ini. Change
expose_php = on
to
expose_php = off
- Restart php5-fpm
$ sudo /etc/init.d/php5-fpm
Does not work? Check /etc/php5/cli/php.ini as well.
WordPress
server {
listen 443;
listen 127.0.0.1:443;
server_name blog.address;
root /var/www/blog-path;
index index.php index.html index.htm;
set_real_ip_from 127.0.0.1;
real_ip_header X-Real-IP;
ssl on;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $host;
}
}
server {
listen 80;
listen 127.0.0.1:80;
server_name blog.address;
root /var/www/blog-path;
index index.php index.html index.htm;
set_real_ip_from 127.0.0.1;
real_ip_header X-Real-IP;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $host;
}
}
MediaWiki
server {
listen 443 ssl;
listen 127.0.0.1:443;
server_name web-address;
root /var/www;
index index.php index.html index.htm;
ssl on;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
location / {
index index.php index.html index.htm;
}
# ...
location /wiki {
auth_basic "your private account";
auth_basic_user_file /var/www/.htpasswd;
# location to nowhere so it will cause 404 then will redirect_to_wiki.
root /var/www/w-not-exists;
index index.php;
error_page 404 = @redirect_to_wiki;
}
location ~ ^/wiki$ {
rewrite "^/wiki" /wiki/;
}
location @redirect_to_wiki {
rewrite "^/wiki/([^?]*)(?:\?(.*))?" /w/index.php?title=$1&$args last;
}
location @mediawiki {
rewrite ^/([^?]*)(?:\?(.*))? /w/index.php5?title=$1&$2 last;
}
location ~ ^/wiki/(.*)?\.php5?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php5;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $host;
}
location ~ ^/wiki/(.*)?\.php?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $host;
}
location ~ ^/w/(.*)?\.php5?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php5;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $host;
}
location ~ ^/w/(.*)?\.php?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $host;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $host;
}
}
server {
listen 80;
listen 127.0.0.1:80;
server_name web-address;
root /var/www;
index index.php index.php5 index.html index.htm;
# error_page 401 /401.html;
location / {
index index.php index.php5 index.html index.htm;
}
location /wiki {
auth_basic "your private account";
auth_basic_user_file /var/www/.htpasswd;
# location to nowhere so it will cause 404 then will redirect_to_wiki.
root /var/www/w-not-exists;
index index.php;
error_page 404 = @redirect_to_wiki;
}
location ~ ^/wiki$ {
rewrite "^/wiki" /wiki/;
}
location @redirect_to_wiki {
rewrite "^/wiki/([^?]*)(?:\?(.*))?" /w/index.php?title=$1&$args last;
}
location @mediawiki {
rewrite ^/([^?]*)(?:\?(.*))? /w/index.php5?title=$1&$2 last;
}
location ~ ^/wiki/(.*)?\.php5?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php5;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $host;
}
location ~ ^/wiki/(.*)?\.php?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $host;
}
location ~ ^/w/(.*)?\.php5?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php5;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $host;
}
location ~ ^/w/(.*)?\.php?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $host;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $host;
}
}
Use with Tomcat
server {
listen 80;
listen 127.0.0.1:80;
server_name localhost;
root /var/www;
location /manager {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
}
- Add a new file to
/etc/nginx/sites-available/
server {
listen 80;
listen 127.0.0.1:80;
server_name demo.localhost;
root /path/to/tomcat/webapps;
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
location ~ ^/$ {
rewrite / /default-app;
}
}
Trac
nginx.conf
http {
# ...
upstream trachosts {
server 127.0.0.1:3050;
}
}
Site File
server {
listen 443;
listen 127.0.0.1:443;
server_name trac.localhost;
ssl on;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
location / {
proxy_pass http://trachosts;
# include /etc/nginx/proxy.conf;
}
location ~ /[^/]+/login {
proxy_pass http://trachosts;
auth_basic "Restricted";
auth_basic_user_file /path/to/.htpasswd/.htpasswd;
proxy_pass_header Authorization;
}
}
server {
listen 80;
listen 127.0.0.1:80;
server_name trac.localhost;
location / {
proxy_pass http://trachosts;
# include /etc/nginx/proxy.conf;
# proxy_redirect on;
# proxy_set_header Host $host;
}
location ~ /[^/]+/login {
## proxy_pass http://localhost:8000;
# proxy_pass http://trachosts;
## auth_digest "developer";
## auth_digest_user_file /path/to/.htdigest/.htdigest;
## proxy_pass_header Authorization;
# auth_basic "Restricted";
# auth_basic_user_file /path/to/.htpasswd/.htpasswd;
# proxy_pass_header Authorization;
rewrite ^/([^/]+)/login https://trac.localhost/$1/login break;
}
}
Run Trac Server
- Without authentication
sudo su www-data -c "tracd -d -p 3050 --pidfile=/opt/dev/nginx/run/tracd.3050 --protocol=http -e /opt/dev/trac"
- With authentication
sudo su www-data -c "tracd -d -p 3050 --pidfile=/opt/dev/nginx/run/tracd.3050 --protocol=http -e /opt/dev/trac --basic-auth=\"*,/path/to/.htpasswd/.htpasswd,Restricted\""
Run Script
- Create directories
$ cd /opt/dev $ mkdir nginx $ mkdir nginx/run
- /opt/dev/nginx/trac-run.sh
#!/bin/sh
#INSTANCES="3050 3051 3052 3053 3054 3055 3056"
INSTANCES="3050"
USER="www-data"
VERSION="1.0"
#ENV="/opt/dev/trac"
DEV_DIR="/opt/dev"
PIDFILE="${DEV_DIR}/nginx/run/tracd"
### Extra Args here, for instance --basic-auth
#ARGS="--basic-auth=*,${DEV_DIR}/.htpasswd/.htpasswd,Restricted"
ARGS="-e ${DEV_DIR}/trac"
PYTHON_EGG_CACHE="/tmp"
start(){
export PYTHON_EGG_CACHE
for I in $INSTANCES; do
/bin/su ${USER} -c "/usr/local/bin/tracd -d -p ${I} --pidfile=${PIDFILE}.${I} --protocol=http ${ARGS} ${ENV}"
done
}
stop(){
if ls ${DEV_DIR}/nginx/run/tracd.* > /dev/null 2>&1; then
for x in `ls ${PIDFILE}.*`; do
echo "Killing process - PID: `cat ${x}`"
kill `cat ${x}`
done
else
echo "No PID exists"
fi
}
$1
$ chmod a+x trac-run.sh $ cd /etc/init.d $ ln -s /opt/dev/nginx/trac-run.sh trac-run
- Make the script run at bootup
$ sudo update-rc.d trac-run defaults update-rc.d: warning: /etc/init.d/trac-run missing LSB information update-rc.d: see <http://wiki.debian.org/LSBInitScripts> Adding system startup for /etc/init.d/trac-run ... /etc/rc0.d/K20trac-run -> ../init.d/trac-run /etc/rc1.d/K20trac-run -> ../init.d/trac-run /etc/rc6.d/K20trac-run -> ../init.d/trac-run /etc/rc2.d/S20trac-run -> ../init.d/trac-run /etc/rc3.d/S20trac-run -> ../init.d/trac-run /etc/rc4.d/S20trac-run -> ../init.d/trac-run /etc/rc5.d/S20trac-run -> ../init.d/trac-run
Example
server {
listen 443 ssl;
listen 127.0.0.1:443;
server_name web-address;
root /var/www;
index index.php index.html index.htm;
ssl on;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
location / {
index index.php index.html index.htm;
}
location /manager {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
location /host-manager {
proxy_pass http://localhost:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
}
location /wiki {
auth_basic "your private account";
auth_basic_user_file /var/www/.htpasswd;
# location to nowhere so it will cause 404 then will redirect_to_wiki.
root /var/www/w-not-exists;
index index.php;
error_page 404 = @redirect_to_wiki;
}
location ~ ^/wiki$ {
rewrite "^/wiki" /wiki/;
}
location @redirect_to_wiki {
rewrite "^/wiki/([^?]*)(?:\?(.*))?" /w/index.php?title=$1&$args last;
}
location @mediawiki {
rewrite ^/([^?]*)(?:\?(.*))? /w/index.php5?title=$1&$2 last;
}
location ~ ^/wiki/(.*)?\.php5?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php5;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $host;
}
location ~ ^/wiki/(.*)?\.php?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $host;
}
location ~ ^/w/(.*)?\.php5?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php5;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $host;
}
location ~ ^/w/(.*)?\.php?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $host;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $host;
}
}
server {
listen 80;
listen 127.0.0.1:80;
server_name web-address;
root /var/www;
index index.php index.php5 index.html index.htm;
# error_page 401 /401.html;
location / {
index index.php index.php5 index.html index.htm;
}
location /wiki {
auth_basic "your private account";
auth_basic_user_file /var/www/.htpasswd;
# location to nowhere so it will cause 404 then will redirect_to_wiki.
root /var/www/w-not-exists;
index index.php;
error_page 404 = @redirect_to_wiki;
}
location ~ ^/wiki$ {
rewrite "^/wiki" /wiki/;
}
location @redirect_to_wiki {
rewrite "^/wiki/([^?]*)(?:\?(.*))?" /w/index.php?title=$1&$args last;
}
location @mediawiki {
rewrite ^/([^?]*)(?:\?(.*))? /w/index.php5?title=$1&$2 last;
}
location ~ ^/wiki/(.*)?\.php5?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php5;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $host;
}
location ~ ^/wiki/(.*)?\.php?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $host;
}
location ~ ^/w/(.*)?\.php5?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php5;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $host;
}
location ~ ^/w/(.*)?\.php?$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $host;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SERVER_NAME $host;
}
}
