Nginx
This page describes installation and configuration of Nginx.
Installation
Debian Squeeze is shipped with Nginx version 0.7.67. If a newer version is required use backports or add repository from nginx.org.
$ apt-get install nginx
Configuration
Hide server version
To hide nginx version in server's response header add to http section in /etc/nginx/nginx.conf:
server_tokens off;
Site configuration for serving static resources
Create a file /etc/nginx/sites-available/www-example-com and link it to /etc/nginx/sites-enabled:
server {
server_name www.example.com;
server_name_in_redirect off;
access_log /var/log/nginx/www-example-com.access.log;
root /srv/www/www-example-com;
index index.html;
error_page 404 /404.html;
try_files $uri $uri.html $uri/index.html =404;
location /file/page/ {
rewrite ^/file/page/(.*) /media/$1 permanent;
}
}
server {
server_name example.com;
rewrite ^ http://www.example.com$uri redirect;
}
try_filesis used to enable clean URLs:/blog/pageis resolved to/blog/page.html/blogis resolved to/blog/index.html
- URI starting with /file/page/ are redirected to /media/
- The naked URL is redirected to the
wwwsubdomain.
Create docroot and dummy pages:
$ mkdir -p /srv/www/www-example-com
$ echo "It works." > /srv/www/www-example-com/index.html
$ echo "404 Not Found" > /srv/www/www-example-com/404.html
Catch-all site configuration
Catch-all for other domains and subdomains that point to the server's IP just get a "Nothing here" message.
server {
listen 80 default;
server_name _;
server_name_in_redirect off;
root /srv/www/catchall;
index index.html;
error_page 404 /index.html;
}
Reverse proxy
To forward requests to another server do:
server {
listen 80;
server_name www.example.com;
access_log /var/log/nginx/www-example-com.access.log;
location / {
proxy_pass http://myapp:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
If the other server is also a Nginx it is possible to add the following configuration to get the real IP in the access logs.
server {
..
set_real_ip_from 10.10.10.254;
real_ip_header X-Real-IP;
..
}
Reverse proxy for Apache
To use the real remote IP in Apache the rpaf module is required:
$ apt-get install libapache2-mod-rpaf
$ a2enmod rpaf
Eventually the IP addresses of the reverse proxy must be configured in /etc/apache2/mods-enabled/rpaf.conf:
RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1 12.34.56.78
SSL
server {
listen 443;
server_name ssl.example.com;
server_name_in_redirect off;
ssl on;
ssl_certificate /etc/ssl/certs/ssl-example-com.pem;
ssl_certificate_key /etc/ssl/private/ssl-example-com.pem;
access_log /var/log/nginx/ssl-example-com.access.log;
error_log /var/log/nginx/ssl-example-com.error.log;
root /srv/www/ssl-example-com;
index index.html;
error_page 404 /index.html;
}
To redirect non-ssl request:
server {
listen 80;
server_name ssl.example.com;
rewrite ^ https://$server_name$request_uri?;
}
Sources: