Nginx

From KevinWiki

Jump to: navigation, search

NginX is a lightweight open source Web server .

Contents

Installation

$ sudo apt-get install nginx

Latest Stable

  • To get the latest stable version

Add the following repo info to /etc/apt/sources.list

deb http://nginx.org/packages/ubuntu/ precise nginx
deb-src http://nginx.org/packages/ubuntu/ precise nginx
  • Add Key
wget -q http://nginx.org/packages/keys/nginx_signing.key -O- | sudo apt-key add - 
  • Install

Get error like

----------------------------------------------------------------------
dpkg: error processing /var/cache/apt/archives/nginx_1.2.6-1~precise_amd64.deb (--unpack):
 trying to overwrite '/etc/logrotate.d/nginx', which is also in package nginx-common 1.1.19-1ubuntu0.1
dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)
Errors were encountered while processing:
 /var/cache/apt/archives/nginx_1.2.6-1~precise_amd64.deb
E: Sub-process /usr/bin/dpkg returned an error code (1)
$ sudo apt-get remove nginx-common 
$ sudo apt-get install nginx 
  • PROBLEM: NO extra modules.

Configuration

Remove Server Info

Version

Modify /etc/nginx/nginx.conf

  server_tokens off;

Server Info in Response Header

  • Remove server info in the response header

Install extra modules for changing header

$ sudo apt-get install nginx-extras 
  • Add the following line to the http block in the /etc/nginx/nginx.conf.
  more_set_headers 'Server: server';

Client Max Body Size

The default client_max_body_size is 1m (1MB) so if you upload any file the size of which is greater than 1MB, you get the HTTP error (code 413). To avoid this, modify /etc/nginx/nginx.conf and change the value of client_max_body_size. 0 means no limit.

http {

  client_max_body_size  0;

}

Client and Response Timeout

http {
    keepalive_timeout 180s;
    client_header_timeout  120s;
    client_body_timeout  120s;
    send_timeout  180s;
    proxy_read_timeout   300s;
}
  • keepalive_timeout: timeout for keep-alive connections with the client.
  • client_header_timeout: how long to wait for the client to send a request header (e.g.: GET / HTTP/1.1). If the client has not sent anything within this timeout period, nginx returns the HTTP status code 408 ("Request timed out")
  • client_body_timeout: the read timeout for the request body from client. If after this time the client send nothing, nginx returns error "Request time out" (408).
  • send_timeout: the response timeout to the client. If the client has not read any data for this amount of time, then nginx shuts down the connection.
  • proxy_read_timeout: timeout for the connection to the upstream server.

Virtual Host

Default

server {
  listen      80;
  listen      127.0.0.1:80;
  server_name localhost;
  root        /var/www;
  index       index.html index.htm;

  location / {
    index     index.html index.htm;
  }
}
  • For SSL
server {
  listen      443 ssl;
  listen      127.0.0.1:443;
  server_name	localhost;
  root				/var/www;
  index       index.php index.html index.htm;

  ssl on;
  ssl_certificate /etc/ssl/certs/server.crt;
  ssl_certificate_key /etc/ssl/private/server.key;

  location / {
    index     index.php index.html index.htm;
  }
}
  • Restart Nginx
$ sudo /etc/init.d/nginx restart

PHP

$ sudo apt-get install php5-fpm 

Change Port

  • To change the default port that php5-fpm is using, edit /etc/php5/fpm/pool.d/www.conf file.

e.g.) From:

listen = 127.0.0.1:9000

To:

listen = 127.0.0.1:9001

Then restart php5-fpm.

$ sudo /etc/init.d/php5-fpm restart 
  • Don't forget to use the new port in the site config file of Nginx.

e.g.)

    fastcgi_pass 127.0.0.1:9001;


General Configuration

server {
  listen      80;
  listen      127.0.0.1:80;
  server_name localhost;
  root        /var/www;
  index       index.php index.html index.htm;

  location / {
    index     index.php index.html index.htm;
  }

  location ~ \.php$ {
    try_files $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    include fastcgi_params;
  }
}
  • Restart php5-fpm
$ sudo /etc/init.d/php5-fpm 

Remove X-Powered-By

  • To remove the header value, X-Powered-By, which contains the information about PHP (e.g. version), edit php.ini file.
X-Powered-By:PHP/5.x.xx-1ubuntux.x 

Edit /etc/php5/fpm/php.ini. Change

expose_php = on

to

expose_php = off
  • Restart php5-fpm
$ sudo /etc/init.d/php5-fpm 

Does not work? Check /etc/php5/cli/php.ini as well.

WordPress

server {
  listen      443;
  listen      127.0.0.1:443;
  server_name blog.address;
  root        /var/www/blog-path;
  index       index.php index.html index.htm;

  set_real_ip_from   127.0.0.1;
  real_ip_header     X-Real-IP;

  ssl on;
  ssl_certificate /etc/ssl/certs/server.crt;
  ssl_certificate_key /etc/ssl/private/server.key;

  location / {
    try_files $uri $uri/ /index.php?$args;
  }

  location ~ \.php$ {
    try_files $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SERVER_NAME $host;
  }
}

server {
  listen      80;
  listen      127.0.0.1:80;
  server_name blog.address;
  root        /var/www/blog-path;
  index       index.php index.html index.htm;

  set_real_ip_from   127.0.0.1;
  real_ip_header     X-Real-IP;

  location / {
    try_files $uri $uri/ /index.php?$args;
  }

  location ~ \.php$ {
    try_files $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SERVER_NAME $host;
  }
}

MediaWiki

server {
  listen      443 ssl;
  listen      127.0.0.1:443;
  server_name web-address;
  root        /var/www;
  index       index.php index.html index.htm;

  ssl on;
  ssl_certificate /etc/ssl/certs/server.crt;
  ssl_certificate_key /etc/ssl/private/server.key;

  location / {
    index     index.php index.html index.htm;
  }

# ...

  location /wiki {

    auth_basic "your private account";
    auth_basic_user_file /var/www/.htpasswd;

    # location to nowhere so it will cause 404 then will redirect_to_wiki.
    root  /var/www/w-not-exists;

    index index.php;
    error_page 404 = @redirect_to_wiki;
  }

  location ~ ^/wiki$ {
    rewrite "^/wiki" /wiki/;
  }

  location @redirect_to_wiki {
    rewrite "^/wiki/([^?]*)(?:\?(.*))?" /w/index.php?title=$1&$args last;
  }

  location @mediawiki {
    rewrite ^/([^?]*)(?:\?(.*))? /w/index.php5?title=$1&$2 last;
  }

  location ~ ^/wiki/(.*)?\.php5?$ {

    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php5;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SERVER_NAME $host;
  }

  location ~ ^/wiki/(.*)?\.php?$ {

    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SERVER_NAME $host;
  }

  location ~ ^/w/(.*)?\.php5?$ {

    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php5;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SERVER_NAME $host;
  }

  location ~ ^/w/(.*)?\.php?$ {

    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SERVER_NAME $host;
  }

  location ~ \.php$ {
    try_files $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SERVER_NAME $host;
  }

}

server {
  listen      80;
  listen      127.0.0.1:80;
  server_name web-address;
  root        /var/www;
  index       index.php index.php5 index.html index.htm;

#  error_page  401  /401.html;

  location / {
    index     index.php index.php5 index.html index.htm;
  }


  location /wiki {
    auth_basic "your private account";
    auth_basic_user_file /var/www/.htpasswd;

    # location to nowhere so it will cause 404 then will redirect_to_wiki.
    root  /var/www/w-not-exists;

    index index.php;

    error_page 404 = @redirect_to_wiki;
  }

  location ~ ^/wiki$ {
    rewrite "^/wiki" /wiki/;
  }

  location @redirect_to_wiki {
    rewrite "^/wiki/([^?]*)(?:\?(.*))?" /w/index.php?title=$1&$args last;
  }

  location @mediawiki {
    rewrite ^/([^?]*)(?:\?(.*))? /w/index.php5?title=$1&$2 last;
  }

  location ~ ^/wiki/(.*)?\.php5?$ {

    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php5;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SERVER_NAME $host;

  }

  location ~ ^/wiki/(.*)?\.php?$ {

    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SERVER_NAME $host;

  }

  location ~ ^/w/(.*)?\.php5?$ {

    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php5;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SERVER_NAME $host;

  }

  location ~ ^/w/(.*)?\.php?$ {

    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SERVER_NAME $host;

  }

  location ~ \.php$ {
    try_files $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SERVER_NAME $host;
  }

}

Use with Tomcat

server {
  listen      80;
  listen      127.0.0.1:80;
  server_name localhost;
  root        /var/www;

  location /manager {
    proxy_pass              http://localhost:8080;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        Host $http_host;
  }
}
  • Add a new file to /etc/nginx/sites-available/
server {
  listen          80;
  listen          127.0.0.1:80;
  server_name     demo.localhost;
  root            /path/to/tomcat/webapps;
  
  location / {
    proxy_pass              http://localhost:8080;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        Host $http_host;
  }

  location ~ ^/$ {
    rewrite  / /default-app;
  }
}

Trac

nginx.conf

http {

# ...

  upstream trachosts {
    server  127.0.0.1:3050;
  }

}

Site File

server {
  listen      443;
  listen      127.0.0.1:443;
  server_name trac.localhost;

  ssl on;
  ssl_certificate /etc/ssl/certs/server.crt;
  ssl_certificate_key /etc/ssl/private/server.key;

  location / {
    proxy_pass      http://trachosts;
#   include         /etc/nginx/proxy.conf;
  }

  location ~ /[^/]+/login {
    proxy_pass      http://trachosts;
    auth_basic "Restricted";
    auth_basic_user_file /path/to/.htpasswd/.htpasswd;
    proxy_pass_header Authorization;
  }
}

server {
  listen      80;
  listen      127.0.0.1:80;
  server_name trac.localhost;

  location / {
    proxy_pass      http://trachosts;
#   include         /etc/nginx/proxy.conf;
#    proxy_redirect on;
#    proxy_set_header Host $host;
  }

  location ~ /[^/]+/login {
##    proxy_pass http://localhost:8000;
#    proxy_pass      http://trachosts;
##    auth_digest "developer";
##    auth_digest_user_file /path/to/.htdigest/.htdigest;
##    proxy_pass_header Authorization;
#    auth_basic "Restricted";
#    auth_basic_user_file /path/to/.htpasswd/.htpasswd;
#    proxy_pass_header Authorization;

    rewrite  ^/([^/]+)/login  https://trac.localhost/$1/login  break;
  }
}

Run Trac Server

  • Without authentication
sudo su www-data -c "tracd -d -p 3050 --pidfile=/opt/dev/nginx/run/tracd.3050 --protocol=http -e /opt/dev/trac" 
  • With authentication
sudo su www-data -c "tracd -d -p 3050 --pidfile=/opt/dev/nginx/run/tracd.3050 --protocol=http -e /opt/dev/trac --basic-auth=\"*,/path/to/.htpasswd/.htpasswd,Restricted\""

Run Script

  • Create directories
$ cd /opt/dev 
$ mkdir nginx 
$ mkdir nginx/run 
  • /opt/dev/nginx/trac-run.sh
#!/bin/sh

#INSTANCES="3050 3051 3052 3053 3054 3055 3056"
INSTANCES="3050"
USER="www-data"
VERSION="1.0"
#ENV="/opt/dev/trac"
DEV_DIR="/opt/dev"
PIDFILE="${DEV_DIR}/nginx/run/tracd"
### Extra Args here, for instance --basic-auth
#ARGS="--basic-auth=*,${DEV_DIR}/.htpasswd/.htpasswd,Restricted"
ARGS="-e ${DEV_DIR}/trac"
PYTHON_EGG_CACHE="/tmp"


start(){
  export PYTHON_EGG_CACHE
  for I in $INSTANCES; do
      /bin/su ${USER} -c "/usr/local/bin/tracd -d -p ${I} --pidfile=${PIDFILE}.${I} --protocol=http ${ARGS} ${ENV}"
  done
}

stop(){
  if ls ${DEV_DIR}/nginx/run/tracd.* > /dev/null 2>&1; then
    for x in `ls ${PIDFILE}.*`; do
      echo "Killing process - PID: `cat ${x}`"
      kill `cat ${x}`
    done
  else
    echo "No PID exists"
  fi
}

$1

$ chmod a+x trac-run.sh 
$ cd /etc/init.d 
$ ln -s /opt/dev/nginx/trac-run.sh trac-run
  • Make the script run at bootup
$ sudo update-rc.d trac-run defaults 

update-rc.d: warning: /etc/init.d/trac-run missing LSB information
update-rc.d: see <http://wiki.debian.org/LSBInitScripts>
 Adding system startup for /etc/init.d/trac-run ...
   /etc/rc0.d/K20trac-run -> ../init.d/trac-run
   /etc/rc1.d/K20trac-run -> ../init.d/trac-run
   /etc/rc6.d/K20trac-run -> ../init.d/trac-run
   /etc/rc2.d/S20trac-run -> ../init.d/trac-run
   /etc/rc3.d/S20trac-run -> ../init.d/trac-run
   /etc/rc4.d/S20trac-run -> ../init.d/trac-run
   /etc/rc5.d/S20trac-run -> ../init.d/trac-run

Example

server {
  listen      443 ssl;
  listen      127.0.0.1:443;
  server_name web-address;
  root        /var/www;
  index       index.php index.html index.htm;

  ssl on;
  ssl_certificate /etc/ssl/certs/server.crt;
  ssl_certificate_key /etc/ssl/private/server.key;

  location / {
    index     index.php index.html index.htm;
  }

  location /manager {
    proxy_pass              http://localhost:8080;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        Host $http_host;
  }

  location /host-manager {
    proxy_pass              http://localhost:8080;
    proxy_set_header        X-Real-IP $remote_addr;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        Host $http_host;
  }


  location /wiki {

    auth_basic "your private account";
    auth_basic_user_file /var/www/.htpasswd;

    # location to nowhere so it will cause 404 then will redirect_to_wiki.
    root  /var/www/w-not-exists;

    index index.php;
    error_page 404 = @redirect_to_wiki;
  }

  location ~ ^/wiki$ {
    rewrite "^/wiki" /wiki/;
  }

  location @redirect_to_wiki {
    rewrite "^/wiki/([^?]*)(?:\?(.*))?" /w/index.php?title=$1&$args last;
  }

  location @mediawiki {
    rewrite ^/([^?]*)(?:\?(.*))? /w/index.php5?title=$1&$2 last;
  }

  location ~ ^/wiki/(.*)?\.php5?$ {

    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php5;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SERVER_NAME $host;
  }

  location ~ ^/wiki/(.*)?\.php?$ {

    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SERVER_NAME $host;
  }

  location ~ ^/w/(.*)?\.php5?$ {

    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php5;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SERVER_NAME $host;
  }

  location ~ ^/w/(.*)?\.php?$ {

    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SERVER_NAME $host;
  }

  location ~ \.php$ {
    try_files $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SERVER_NAME $host;
  }

}

server {
  listen      80;
  listen      127.0.0.1:80;
  server_name web-address;
  root        /var/www;
  index       index.php index.php5 index.html index.htm;

#  error_page  401  /401.html;

  location / {
    index     index.php index.php5 index.html index.htm;
  }


  location /wiki {
    auth_basic "your private account";
    auth_basic_user_file /var/www/.htpasswd;

    # location to nowhere so it will cause 404 then will redirect_to_wiki.
    root  /var/www/w-not-exists;

    index index.php;

    error_page 404 = @redirect_to_wiki;
  }

  location ~ ^/wiki$ {
    rewrite "^/wiki" /wiki/;
  }

  location @redirect_to_wiki {
    rewrite "^/wiki/([^?]*)(?:\?(.*))?" /w/index.php?title=$1&$args last;
  }

  location @mediawiki {
    rewrite ^/([^?]*)(?:\?(.*))? /w/index.php5?title=$1&$2 last;
  }

  location ~ ^/wiki/(.*)?\.php5?$ {

    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php5;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SERVER_NAME $host;

  }

  location ~ ^/wiki/(.*)?\.php?$ {

    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SERVER_NAME $host;

  }

  location ~ ^/w/(.*)?\.php5?$ {

    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php5;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SERVER_NAME $host;

  }

  location ~ ^/w/(.*)?\.php?$ {

    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SERVER_NAME $host;

  }

  location ~ \.php$ {
    try_files $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param SERVER_NAME $host;
  }

}

Personal tools