nordineb/readme.MD

## readme.MD

      
    Raw
  

              readme.MD
            
          
    Nginx configuration on centos

Installation

sudo yum install epel-release
sudo yum update
sudo yum install nginx
nginx -v
sudo systemctl enable nginx 
sudo systemctl start nginx

To use proxy_pass
DON'T forget -p to persist the value after rebooting
sudo setsebool -P httpd_can_network_connect on
curl -I 127.0.0.1

More logging

log_format  main_ext  '$remote_addr - $remote_user [$time_local] "$request" '
	              '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" '
                      '"$host" sn="$server_name" '
                      'rt=$request_time '
                      'ua="$upstream_addr" us="$upstream_status" '
                      'ut="$upstream_response_time" ul="$upstream_response_length" '
                      'cs=$upstream_cache_status' ;

access_log  /var/log/nginx/access.log  main_ext;

Set log level to warn.
error_log  /var/log/nginx/nginx_error.log  warn;

HTTPS

Let's encrypt

sudo yum install certbot
certbot certonly --standalone --preferred-challenges tls-alpn-01 -d nginx.codetecture.com

Manually

openssl req -nodes -new -x509 -keyout nginx.codetecture.com.key -out nginx.codetecture.com.crt -days 365 -subj "/C=NO/ST=Oslo/L=Oslo/O=Codetecture/OU=IT/CN=nginx.codetecture.com"
sudo cp nginx.codetecture.com.key /etc/ssl/certs/
sudo cp nginx.codetecture.com.crt /etc/ssl/certs/

config

server {
	listen       443 ssl http2 default_server;
	listen       [::]:443 ssl http2 default_server;
	server_name  _;
	root         /usr/share/nginx/html;
	ssl_certificate "/etc/ssl/certs/nginx.codetecture.com.crt";
	ssl_certificate_key "/etc/ssl/certs/nginx.codetecture.com.key";
	ssl_session_cache shared:SSL:1m;
	ssl_session_timeout  10m;
	ssl_ciphers HIGH:!aNULL:!MD5;
	ssl_prefer_server_ciphers on;  
	}

Metric collection

Add ngx_http_stub_status_module
sudo vi /etc/nginx/nginx.conf
server {
	listen 127.0.0.1:80;
	server_name 127.0.0.1;
	location /nginx_status {
		stub_status on;
		allow 127.0.0.1;
		deny all;
	}
}

Check the configuration
nginx -t

Reload
sudo service nginx reload

Make sure /nginx_status is up
curl http://127.0.0.1/nginx_status

Create an account on amplify.nginx.com and grab the API_KEY
curl -L -O https://github.com/nginxinc/nginx-amplify-agent/raw/master/packages/install.sh
API_KEY='XxXxXxXxXxXxXxXxXxXxXxXxXxXx' sh ./install.sh
sudo service amplify-agent start

check https://amplify.nginx.com
Documentation

https://github.com/nginxinc/nginx-amplify-doc/blob/master/amplify-guide.md#configuring-nginx-for-metric-collection