Skip to content

Instantly share code, notes, and snippets.

@alifeee
Last active September 26, 2024 13:37
Show Gist options
  • Save alifeee/92defe5a02a2e1dd17cb517135e80ffe to your computer and use it in GitHub Desktop.
Save alifeee/92defe5a02a2e1dd17cb517135e80ffe to your computer and use it in GitHub Desktop.
nginx-setup

Nginx setup on Ubuntu

How to set up nginx on an ubuntu server

Steps

install

sudo apt install nginx

start on boot

sudo systemctl enable nginx

start

sudo systemctl start nginx

restart

sudo systemctl restart nginx

allow through firewall

ufw allow 80

edit config

nano /etc/nginx/nginx.conf
nginx -t # test layout
sudo systemctl restart nginx

scp config to save to this gist

scp server:/etc/nginx/nginx.conf .

Config examples

test

a very basic config just to test if a route is working

server {
        listen 80;
        listen [::]:80;
        location / {
                add_header Content-Type text/plain;
                return 200 "test works :)";
        }
}

subdomain redirect

This redirects webring.alifeee.co.uk to localhost:8080. Without this, you would have to access the endpoint with webring.alifeee.co.uk:8080, which looks ugly :(

server {
  listen 80;
  server_name webring.alifeee.co.uk;
  location / {
    proxy_pass http://localhost:8080;
  }
}

(default) static site

This serves static files from /var/www/server_homepage

server {
  listen 80 default_server;
  listen [::]:80 default_server;
  root /var/www/server_homepage;
  server_name _;
  location / {
    try_files $uri $uri/ =404;
  }
}

Folder alias

This redirects requests to https://server.alifeee.co.uk/factorio to /var/www/factorio instead of /var/www/server_homepage/factorio

  location /factorio {
    alias /var/www/factorio_map/;
    try_files $uri $uri/ =404;
  }

Authentication

This adds HTTP basic auth (the box with user/password) to a request. First, make a password file with

sudo htpasswd -c /etc/nginx/.htpasswd <user>
                location /calendar {
                        auth_basic "Neil's calendar";
                        auth_basic_user_file /etc/nginx/.htpasswd;
                }

HTTPS

I used let's encrypt: https://letsencrypt.org/getting-started/ with CertBot: https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal.

For the Proxy pass I used this guide: https://gist.github.com/gmolveau/5e5b0bd2773100d85d9302d0fa96632d

sudo apt-get remove certbot
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --nginx
> Certificate is saved at: /etc/letsencrypt/live/webring.alifeee.co.uk/fullchain.pem
> Key is saved at: /etc/letsencrypt/live/webring.alifeee.co.uk/privkey.pem
This certificate expires on 2024-02-20.
sudo certbot renew --dry-run
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
server {
server_name webring.alifeee.co.uk;
# HTTP to HTTPS
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
# HTTPS configuration
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/webring.alifeee.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/webring.alifeee.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_pass http://localhost:8080;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 900;
}
}
server {
server_name steamcollage.alifeee.co.uk;
location / {
add_header Content-Type text/plain;
return 200 "see https://github.com/alifeee/steam_collage_api";
}
location /steamcollage/ {
proxy_pass http://localhost:5000;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 900;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/steamcollage.alifeee.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/steamcollage.alifeee.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name webdiffer.alifeee.co.uk;
location / {
proxy_pass http://localhost:5616;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 900;
auth_basic "website differ";
auth_basic_user_file /etc/nginx/.htpasswd;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/webdiffer.alifeee.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/webdiffer.alifeee.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name influxdb.alifeee.co.uk;
location / {
proxy_pass http://localhost:8086;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 900;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/influxdb.alifeee.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/influxdb.alifeee.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name summon2scale.alifeee.co.uk;
location / {
proxy_pass http://localhost:9043;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 900;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/summon2scale.alifeee.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/summon2scale.alifeee.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name ringram.alifeee.co.uk;
location / {
root /var/www/ringram/website/_site;
try_files $uri $uri/ =404;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/ringram.alifeee.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ringram.alifeee.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name pad.alifeee.co.uk;
location / {
proxy_pass http://localhost:9001;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 900;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/pad.alifeee.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/pad.alifeee.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name cal.alifeee.co.uk;
location / {
root /var/www/simple-calendar/_site;
try_files $uri $uri/ =404;
add_header Cache-Control no-cache;
if_modified_since off;
add_header Last-Modified "";
}
location = /edit {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/simple-calendar/edit;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
auth_basic "calendar edit";
auth_basic_user_file /etc/nginx/.htpasswd;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/cal.alifeee.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/cal.alifeee.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name wad.alifeee.co.uk;
client_max_body_size 100M;
location / {
proxy_pass http://localhost:6875;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 900;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/wad.alifeee.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/wad.alifeee.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name syncthing.alifeee.co.uk;
location / {
proxy_pass http://localhost:8384/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/syncthing.alifeee.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/syncthing.alifeee.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name server.alifeee.co.uk;
listen 80 default_server;
listen [::]:80 default_server;
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/server.alifeee.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/server.alifeee.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
root /var/www/server_homepage;
try_files $uri $uri/ =404;
}
location ~ /static.*/$ {
root /var/www/;
autoindex on;
auth_basic "static index";
auth_basic_user_file /etc/nginx/.htpasswd;
}
location /static {
alias /var/www/static/;
try_files $uri $uri/ =404;
}
location /do/ {
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/cgi/$fastcgi_script_name;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
location /bench/ {
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/cgi/$fastcgi_script_name;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
location /github/ {
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/cgi/$fastcgi_script_name;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
location /occupation-data/ {
fastcgi_index index.cgi;
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/cgi/$fastcgi_script_name;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
location /liputenpo/ {
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/cgi/$fastcgi_script_name;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
location /polycule {
alias /var/www/polycule/_site/;
try_files $uri $uri/ =404;
auth_basic "polycule";
auth_basic_user_file /var/www/polycule/.htpasswd;
}
location /polycule/edit {
fastcgi_intercept_errors on;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/polycule/edit.cgi;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
auth_basic "polycule";
auth_basic_user_file /var/www/polycule/.htpasswd;
}
location /factorio {
alias /var/www/factorio_map/;
try_files $uri $uri/ =404;
}
location /bothies {
alias /var/www/bothies/;
try_files $uri $uri/ =404;
}
location /flowers {
alias /var/www/flowers/;
try_files $uri $uri/ =404;
}
location = /flowers {
return 301 "/flowers/";
}
location = /flowers/ {
fastcgi_index index.cgi;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/$fastcgi_script_name;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
location ~ ^/flowers.*\.cgi$ {
client_max_body_size 10M;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME /var/www/$fastcgi_script_name;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
auth_basic "flowers";
auth_basic_user_file /var/www/flowers/.htpasswd;
}
location /calendar {
alias /var/www/calendar/;
try_files $uri $uri/ =404;
# index index.html;
auth_basic "Neil's calendar";
auth_basic_user_file /etc/nginx/.htpasswd;
# location ~ /calendar/.*\.php$ {
# return 200 'this is a php file';
# add_header Content-Type text/plain;
# include snippets/fastcgi-php.conf;
# fastcgi_split_path_info ^(.+\.php)(.*)$;
# fastcgi_pass unix:/var/run/php8.1-fpm-calendar-site.sock;
# fastcgi_pass unix:/var/run/php8.1-fpm.sock;
# fastcgi_index index.php;
# include fastcgi.conf;
# }
# location /calendar {
# try_files $uri $uri/ =404;
# }
# include snippets/fastcgi-php.conf;
# fastcgi_pass unix:/run/php/php8.1-fpm.sock;
}
}
server {
if ($host = webring.alifeee.co.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name webring.alifeee.co.uk;
listen 80;
listen [::]:80;
return 404; # managed by Certbot
}
server {
if ($host = steamcollage.alifeee.co.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name steamcollage.alifeee.co.uk;
listen 80;
return 404; # managed by Certbot
}
server {
if ($host = webdiffer.alifeee.co.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name webdiffer.alifeee.co.uk;
listen 80;
listen [::]:80;
return 404; # managed by Certbot
}
server {
if ($host = influxdb.alifeee.co.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name influxdb.alifeee.co.uk;
listen 80;
return 404; # managed by Certbot
}
server {
if ($host = ringram.alifeee.co.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name ringram.alifeee.co.uk
listen 80;
listen 80;
return 404; # managed by Certbot
}
server {
if ($host = pad.alifeee.co.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name pad.alifeee.co.uk;
return 404; # managed by Certbot
}
server {
if ($host = summon2scale.alifeee.co.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name summon2scale.alifeee.co.uk;
listen 80;
return 404; # managed by Certbot
}
server {
if ($host = cal.alifeee.co.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name cal.alifeee.co.uk;
listen 80;
listen [::]:80;
return 404; # managed by Certbot
}
server {
if ($host = wad.alifeee.co.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name wad.alifeee.co.uk;
listen 80;
listen [::]:80;
return 404; # managed by Certbot
}
server {
if ($host = syncthing.alifeee.co.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name syncthing.alifeee.co.uk;
listen 80;
listen [::]:80;
return 404; # managed by Certbot
}}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}

how to set up a virtual host that will pass to another service (e.g., a Docker container running on the local PC)

put this in /etc/hosts

127.0.0.1	localsite.test

put this in /etc/nginx/sites-available/localsite.test

server {
	listen 80;
	listen [::]:80;
	server_name localsite.test;
	location / {
#		add_header Content-Type text/plain;
#		return 200 "test works :)";
		proxy_pass http://localhost:8080;
		proxy_redirect off;
		proxy_set_header Host $http_host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		# for wordpress forwarding
		proxy_buffering off;
		proxy_buffer_size 16k;
		proxy_busy_buffers_size 24k;
		proxy_buffers 64 4k;
	}

}

link to sites-enabled

sudo ln -s /etc/nginx/sites-available/localsite.test /etc/nginx/sites-enabled/localsite.test

test

curl localsite.test
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment