nginx.md

nginx.md

Nginx

Global Context

// nginx.conf
http {
    upstream {
    }
    server {
        location {
        }
    }
}

Curl multiple times from the terminal

for i in {1..10}; do curl localhost/images/ > /dev/null; done

Basic Authentication

htpasswd -c /etc/nginx/passwords admin // create a new password for user `admin`
htpasswd /etc/nginx/passwords user1 // set new password for user `user1`
htpasswd -D /etc/nginx/passwords user2 // delete user `user2` user and pass

Troubleshooting

sudo lsof -P -n -i :80 -i :443 | grep LISTEN
sudo netstat -plan | grep nginx
tail -f /var/log/nginx/*.log
systemctl status nginx mysqld php7.2-fpm | grep -E "Loaded|Active"

Install MariaDB

apt install mariadb-server mariadb-client

systemctl status mysqld.service
mysql --version

mysql_secure_installation

mysql -u root -p

CREATE DATABASE IF NOT EXISTS appointments;
CREATE USER IF NOT EXISTS 'admin';
grant all on appointments.* to 'admin'@'localhost' identified by 'password';

mysql -u admin -p

show databases;
use appointments;
show tables;

SSL

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx.key -out /etc/ssl/certs/nginx.crt

Here is the sites-available/wisdompetmed.local.conf content:

upstream app_server_7001 {
    server 127.0.0.1:7001;
}

upstream roundrobin {
    server 127.0.0.1:7001;
    server 127.0.0.1:7002;
    server 127.0.0.1:7003;
}

upstream leastconn {
    least_conn;
    server 127.0.0.1:7001;
    server 127.0.0.1:7002;
    server 127.0.0.1:7003;
}

upstream iphash {
    ip_hash;
    server 127.0.0.1:7001;
    server 127.0.0.1:7002;
    server 127.0.0.1:7003;
}

upstream weighted {
    server 127.0.0.1:7001 weight=2;
    server 127.0.0.1:7002;
    server 127.0.0.1:7003;
}

server {
    listen 80 default_server;
    return 301 https://$server_addr$request_uri;
}

server {
    listen 443 ssl default_server;
    ssl_certificate /etc/ssl/certs/nginx.crt;
    ssl_certificate_key /etc/ssl/private/nginx.key;

    server_name wisdompetmed.local www.wisdompetmed.local;

    index index.html index.htm index.php;

    root /var/www/wisdompetmed.local/;

    access_log /var/log/nginx/wisdompetmed.local.access.log;
    error_log /var/log/nginx/wisdompetmed.local.error.log;

    location /proxy {
        # trailing slash is the key
        proxy_pass http://app_server_7001/;
    }

    location /roundrobin {
        proxy_pass http://roundrobin/;
    }

    location /leastconn {
        proxy_pass http://leastconn/;
    }

    location /iphash {
        proxy_pass http://iphash/;
    }

    location /weighted {
        proxy_pass http://weighted/;
    }

    location / {
        try_files $uri $uri/ =404;
    }

    location /images {
        autoindex on;
        access_log /var/log/nginx/wisdompetmed.local.images.access.log;
        error_log /var/log/nginx/wisdompetmed.local.images.error.log;
    }

    error_page 403 /403.html;
    location = /403.html {
        internal;
    }

    error_page 404 /404.html;
    location = /404.html {
        internal;
    }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        internal;
    }

    location = /500 {
        fastcgi_pass unix:/this/will/fail;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        fastcgi_intercept_errors on;
    }

    location /appointments/ {
        auth_basic "Authentication is required...";
        auth_basic_user_file /etc/nginx/passwords;

        location ~ \.php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
            fastcgi_intercept_errors on;
        }

        allow 192.168.56.0/24;
        allow 10.0.0.0/8;
        deny all;
    }

    location /deny {
        deny all;
    }
}

Nginx location match tester
https://nginx.viraptor.info/