reset password

Nginx Configuration

1. Virtual Host

Make a copy of /etc/nginx/sites-available/default and edit it. In particular, add a server_name attribute and remove default_server from everywhere. Create a symbolic link to the file in /etc/nginx/sites-enabled then reload configuration.

2. HTTPS

Edit /etc/nginx/sites-available/default. The configuration for HTTPS is already there but commented out. Uncomment the two lines that start with "listen" then add the locations for the SSL certificate and certificate key. For example:

    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;

    ssl_certificate /etc/ssl/certs/sun.cer;
    ssl_certificate_key /etc/ssl/private/sun.key;

3. Allow ~/public_html

Edit /etc/nginx/sites-available/default and add the following:

    location ~ ^/~(.+?)(/.*)?$ {
    alias /home/$1/public_html$2;
    index index.html index.htm;
    autoindex on;
    }

4. PHP

First install FastCGI Process Manager and a few other packages commonly used in PHP development:

> sudo apt install php-fpm php-mysql composer

You need to pay attention to which PHP version is installed (e.g. php7.0 or php7.2) as this version number is used in various places later. Here we assume it's 7.2.

Edit /etc/php/7.2/fpm/php.ini and set cgi.fix_pathinfo to 0 as recommended here, then restart the PHP processor:

> sudo systemctl restart php7.2-fpm

Edit /ect/nginx/sites-available/default, uncomment the parts related to php-fpm and add index.php (read the comments in the file carefully). You'll need to change php7.0-fpm.sock to the actual PHP version number (e.g. php7.2-fpm.sock). Save and check the configuration and reload Nginx.

4. Reverse Proxy

There are two common situations. First, if the service runs at http://<host>:<port>/<path> and needs to be proxied at http(s)://<host>/<path> (note that the two paths match), it can be done with the following configuration (using port 8080 as an example):

    location /path {
        proxy_pass http://localhost:8080/path;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

Second, if the service runs at http://<host>:<port> and needs to be proxied at http(s)://<host>/<path> (note that the proxy has a path but the service doesn't, which is common for Node.js server applications), it can be configured like the following (using port 3001 as an example):

    location /path {
        return 302 /path/;
    }
    location /path/ {
        proxy_pass http://localhost:3001/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

This redirect trick makes Nginx "consume" the extra path so the correct path is passed to the service.

5. Misc.

6. Common Commands

sudo nginx -t Check configuration files for syntax errors
sudo systemctl reload nginx Reload configuration

 
This page has been viewed 2734 times.