Nginx
From KevinWiki
NginX is a lightweight open source Web server .
Contents |
Installation
$ sudo apt-get install nginx
Latest Stable
- To get the latest stable version
Add the following repo info to /etc/apt/sources.list
deb http://nginx.org/packages/ubuntu/ precise nginx deb-src http://nginx.org/packages/ubuntu/ precise nginx
- Add Key
wget -q http://nginx.org/packages/keys/nginx_signing.key -O- | sudo apt-key add -
- Install
Get error like
---------------------------------------------------------------------- dpkg: error processing /var/cache/apt/archives/nginx_1.2.6-1~precise_amd64.deb (--unpack): trying to overwrite '/etc/logrotate.d/nginx', which is also in package nginx-common 1.1.19-1ubuntu0.1 dpkg-deb: error: subprocess paste was killed by signal (Broken pipe) Errors were encountered while processing: /var/cache/apt/archives/nginx_1.2.6-1~precise_amd64.deb E: Sub-process /usr/bin/dpkg returned an error code (1)
$ sudo apt-get remove nginx-common
$ sudo apt-get install nginx
- PROBLEM: NO extra modules.
Configuration
Remove Server Info
Version
Modify /etc/nginx/nginx.conf
server_tokens off;
Server Info in Response Header
- Remove server info in the response header
Install extra modules for changing header
$ sudo apt-get install nginx-extras
- Add the following line to the http block in the
/etc/nginx/nginx.conf
.
more_set_headers 'Server: server';
Client Max Body Size
The default client_max_body_size
is 1m (1MB) so if you upload any file the size of which is greater than 1MB, you get the HTTP error (code 413).
To avoid this, modify /etc/nginx/nginx.conf
and change the value of client_max_body_size
. 0 means no limit.
http { client_max_body_size 0; }
Client and Response Timeout
http { keepalive_timeout 180s; client_header_timeout 120s; client_body_timeout 120s; send_timeout 180s; proxy_read_timeout 300s; }
- keepalive_timeout: timeout for keep-alive connections with the client.
- client_header_timeout: how long to wait for the client to send a request header (e.g.: GET / HTTP/1.1). If the client has not sent anything within this timeout period, nginx returns the HTTP status code 408 ("Request timed out")
- client_body_timeout: the read timeout for the request body from client. If after this time the client send nothing, nginx returns error "Request time out" (408).
- send_timeout: the response timeout to the client. If the client has not read any data for this amount of time, then nginx shuts down the connection.
- proxy_read_timeout: timeout for the connection to the upstream server.
Virtual Host
Default
server { listen 80; listen 127.0.0.1:80; server_name localhost; root /var/www; index index.html index.htm; location / { index index.html index.htm; } }
- For SSL
server { listen 443 ssl; listen 127.0.0.1:443; server_name localhost; root /var/www; index index.php index.html index.htm; ssl on; ssl_certificate /etc/ssl/certs/server.crt; ssl_certificate_key /etc/ssl/private/server.key; location / { index index.php index.html index.htm; } }
- Restart Nginx
$ sudo /etc/init.d/nginx restart
PHP
$ sudo apt-get install php5-fpm
Change Port
- To change the default port that php5-fpm is using, edit
/etc/php5/fpm/pool.d/www.conf
file.
e.g.) From:
listen = 127.0.0.1:9000
To:
listen = 127.0.0.1:9001
Then restart php5-fpm.
$ sudo /etc/init.d/php5-fpm restart
- Don't forget to use the new port in the site config file of Nginx.
e.g.)
fastcgi_pass 127.0.0.1:9001;
General Configuration
server { listen 80; listen 127.0.0.1:80; server_name localhost; root /var/www; index index.php index.html index.htm; location / { index index.php index.html index.htm; } location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; } }
- Restart php5-fpm
$ sudo /etc/init.d/php5-fpm
Remove X-Powered-By
- To remove the header value,
X-Powered-By
, which contains the information about PHP (e.g. version), edit php.ini file.
X-Powered-By:PHP/5.x.xx-1ubuntux.x
Edit /etc/php5/fpm/php.ini
. Change
expose_php = on
to
expose_php = off
- Restart php5-fpm
$ sudo /etc/init.d/php5-fpm
Does not work? Check /etc/php5/cli/php.ini as well.
WordPress
server { listen 443; listen 127.0.0.1:443; server_name blog.address; root /var/www/blog-path; index index.php index.html index.htm; set_real_ip_from 127.0.0.1; real_ip_header X-Real-IP; ssl on; ssl_certificate /etc/ssl/certs/server.crt; ssl_certificate_key /etc/ssl/private/server.key; location / { try_files $uri $uri/ /index.php?$args; } location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SERVER_NAME $host; } } server { listen 80; listen 127.0.0.1:80; server_name blog.address; root /var/www/blog-path; index index.php index.html index.htm; set_real_ip_from 127.0.0.1; real_ip_header X-Real-IP; location / { try_files $uri $uri/ /index.php?$args; } location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SERVER_NAME $host; } }
MediaWiki
server { listen 443 ssl; listen 127.0.0.1:443; server_name web-address; root /var/www; index index.php index.html index.htm; ssl on; ssl_certificate /etc/ssl/certs/server.crt; ssl_certificate_key /etc/ssl/private/server.key; location / { index index.php index.html index.htm; } # ... location /wiki { auth_basic "your private account"; auth_basic_user_file /var/www/.htpasswd; # location to nowhere so it will cause 404 then will redirect_to_wiki. root /var/www/w-not-exists; index index.php; error_page 404 = @redirect_to_wiki; } location ~ ^/wiki$ { rewrite "^/wiki" /wiki/; } location @redirect_to_wiki { rewrite "^/wiki/([^?]*)(?:\?(.*))?" /w/index.php?title=$1&$args last; } location @mediawiki { rewrite ^/([^?]*)(?:\?(.*))? /w/index.php5?title=$1&$2 last; } location ~ ^/wiki/(.*)?\.php5?$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php5; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SERVER_NAME $host; } location ~ ^/wiki/(.*)?\.php?$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SERVER_NAME $host; } location ~ ^/w/(.*)?\.php5?$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php5; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SERVER_NAME $host; } location ~ ^/w/(.*)?\.php?$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SERVER_NAME $host; } location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SERVER_NAME $host; } } server { listen 80; listen 127.0.0.1:80; server_name web-address; root /var/www; index index.php index.php5 index.html index.htm; # error_page 401 /401.html; location / { index index.php index.php5 index.html index.htm; } location /wiki { auth_basic "your private account"; auth_basic_user_file /var/www/.htpasswd; # location to nowhere so it will cause 404 then will redirect_to_wiki. root /var/www/w-not-exists; index index.php; error_page 404 = @redirect_to_wiki; } location ~ ^/wiki$ { rewrite "^/wiki" /wiki/; } location @redirect_to_wiki { rewrite "^/wiki/([^?]*)(?:\?(.*))?" /w/index.php?title=$1&$args last; } location @mediawiki { rewrite ^/([^?]*)(?:\?(.*))? /w/index.php5?title=$1&$2 last; } location ~ ^/wiki/(.*)?\.php5?$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php5; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SERVER_NAME $host; } location ~ ^/wiki/(.*)?\.php?$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SERVER_NAME $host; } location ~ ^/w/(.*)?\.php5?$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php5; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SERVER_NAME $host; } location ~ ^/w/(.*)?\.php?$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SERVER_NAME $host; } location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SERVER_NAME $host; } }
Use with Tomcat
server { listen 80; listen 127.0.0.1:80; server_name localhost; root /var/www; location /manager { proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; } }
- Add a new file to
/etc/nginx/sites-available/
server { listen 80; listen 127.0.0.1:80; server_name demo.localhost; root /path/to/tomcat/webapps; location / { proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; } location ~ ^/$ { rewrite / /default-app; } }
Trac
nginx.conf
http { # ... upstream trachosts { server 127.0.0.1:3050; } }
Site File
server { listen 443; listen 127.0.0.1:443; server_name trac.localhost; ssl on; ssl_certificate /etc/ssl/certs/server.crt; ssl_certificate_key /etc/ssl/private/server.key; location / { proxy_pass http://trachosts; # include /etc/nginx/proxy.conf; } location ~ /[^/]+/login { proxy_pass http://trachosts; auth_basic "Restricted"; auth_basic_user_file /path/to/.htpasswd/.htpasswd; proxy_pass_header Authorization; } } server { listen 80; listen 127.0.0.1:80; server_name trac.localhost; location / { proxy_pass http://trachosts; # include /etc/nginx/proxy.conf; # proxy_redirect on; # proxy_set_header Host $host; } location ~ /[^/]+/login { ## proxy_pass http://localhost:8000; # proxy_pass http://trachosts; ## auth_digest "developer"; ## auth_digest_user_file /path/to/.htdigest/.htdigest; ## proxy_pass_header Authorization; # auth_basic "Restricted"; # auth_basic_user_file /path/to/.htpasswd/.htpasswd; # proxy_pass_header Authorization; rewrite ^/([^/]+)/login https://trac.localhost/$1/login break; } }
Run Trac Server
- Without authentication
sudo su www-data -c "tracd -d -p 3050 --pidfile=/opt/dev/nginx/run/tracd.3050 --protocol=http -e /opt/dev/trac"
- With authentication
sudo su www-data -c "tracd -d -p 3050 --pidfile=/opt/dev/nginx/run/tracd.3050 --protocol=http -e /opt/dev/trac --basic-auth=\"*,/path/to/.htpasswd/.htpasswd,Restricted\""
Run Script
- Create directories
$ cd /opt/dev $ mkdir nginx $ mkdir nginx/run
- /opt/dev/nginx/trac-run.sh
#!/bin/sh #INSTANCES="3050 3051 3052 3053 3054 3055 3056" INSTANCES="3050" USER="www-data" VERSION="1.0" #ENV="/opt/dev/trac" DEV_DIR="/opt/dev" PIDFILE="${DEV_DIR}/nginx/run/tracd" ### Extra Args here, for instance --basic-auth #ARGS="--basic-auth=*,${DEV_DIR}/.htpasswd/.htpasswd,Restricted" ARGS="-e ${DEV_DIR}/trac" PYTHON_EGG_CACHE="/tmp" start(){ export PYTHON_EGG_CACHE for I in $INSTANCES; do /bin/su ${USER} -c "/usr/local/bin/tracd -d -p ${I} --pidfile=${PIDFILE}.${I} --protocol=http ${ARGS} ${ENV}" done } stop(){ if ls ${DEV_DIR}/nginx/run/tracd.* > /dev/null 2>&1; then for x in `ls ${PIDFILE}.*`; do echo "Killing process - PID: `cat ${x}`" kill `cat ${x}` done else echo "No PID exists" fi } $1
$ chmod a+x trac-run.sh $ cd /etc/init.d $ ln -s /opt/dev/nginx/trac-run.sh trac-run
- Make the script run at bootup
$ sudo update-rc.d trac-run defaults update-rc.d: warning: /etc/init.d/trac-run missing LSB information update-rc.d: see <http://wiki.debian.org/LSBInitScripts> Adding system startup for /etc/init.d/trac-run ... /etc/rc0.d/K20trac-run -> ../init.d/trac-run /etc/rc1.d/K20trac-run -> ../init.d/trac-run /etc/rc6.d/K20trac-run -> ../init.d/trac-run /etc/rc2.d/S20trac-run -> ../init.d/trac-run /etc/rc3.d/S20trac-run -> ../init.d/trac-run /etc/rc4.d/S20trac-run -> ../init.d/trac-run /etc/rc5.d/S20trac-run -> ../init.d/trac-run
Example
server { listen 443 ssl; listen 127.0.0.1:443; server_name web-address; root /var/www; index index.php index.html index.htm; ssl on; ssl_certificate /etc/ssl/certs/server.crt; ssl_certificate_key /etc/ssl/private/server.key; location / { index index.php index.html index.htm; } location /manager { proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; } location /host-manager { proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; } location /wiki { auth_basic "your private account"; auth_basic_user_file /var/www/.htpasswd; # location to nowhere so it will cause 404 then will redirect_to_wiki. root /var/www/w-not-exists; index index.php; error_page 404 = @redirect_to_wiki; } location ~ ^/wiki$ { rewrite "^/wiki" /wiki/; } location @redirect_to_wiki { rewrite "^/wiki/([^?]*)(?:\?(.*))?" /w/index.php?title=$1&$args last; } location @mediawiki { rewrite ^/([^?]*)(?:\?(.*))? /w/index.php5?title=$1&$2 last; } location ~ ^/wiki/(.*)?\.php5?$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php5; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SERVER_NAME $host; } location ~ ^/wiki/(.*)?\.php?$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SERVER_NAME $host; } location ~ ^/w/(.*)?\.php5?$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php5; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SERVER_NAME $host; } location ~ ^/w/(.*)?\.php?$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SERVER_NAME $host; } location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SERVER_NAME $host; } } server { listen 80; listen 127.0.0.1:80; server_name web-address; root /var/www; index index.php index.php5 index.html index.htm; # error_page 401 /401.html; location / { index index.php index.php5 index.html index.htm; } location /wiki { auth_basic "your private account"; auth_basic_user_file /var/www/.htpasswd; # location to nowhere so it will cause 404 then will redirect_to_wiki. root /var/www/w-not-exists; index index.php; error_page 404 = @redirect_to_wiki; } location ~ ^/wiki$ { rewrite "^/wiki" /wiki/; } location @redirect_to_wiki { rewrite "^/wiki/([^?]*)(?:\?(.*))?" /w/index.php?title=$1&$args last; } location @mediawiki { rewrite ^/([^?]*)(?:\?(.*))? /w/index.php5?title=$1&$2 last; } location ~ ^/wiki/(.*)?\.php5?$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php5; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SERVER_NAME $host; } location ~ ^/wiki/(.*)?\.php?$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SERVER_NAME $host; } location ~ ^/w/(.*)?\.php5?$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php5; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SERVER_NAME $host; } location ~ ^/w/(.*)?\.php?$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SERVER_NAME $host; } location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SERVER_NAME $host; } }