server | nginx

nginx

Install nginx

sudo apt-get install nginx nginx-extras nginx-doc

sudo nginx -t

sudo service nginx reload

sudo service nginx restart

Var olan moduller ve compile parametreleri icin bkz:

nginx -V

2>&1 nginx -V | tr ' ' '\n'

Fine tuning nginx:

digitalocean   nginx   axivo  

Make /var/www writeable for a user

(If required) Add new user:

sudo adduser username

(If required) Add sudo rights to username:

sudo gpasswd -a username sudo

Add user to www-data group and change /var/www permissions:

sudo adduser username www-data

sudo chown -R www-data:www-data /var/www

sudo chmod -R g+rwX /var/www

Then reboot the system.

We can check our core's limitations by issuing a ulimit -n command:

ulimit -n

Put something smaller than the reported number below:

sudo nano /etc/nginx/nginx.conf

worker_processes auto;

worker_connections 768;

sudo service nginx restart

You can determine the number of worker_processes with the following command:

nproc

Reference: pixelbeat

nginx Configuration for a website example.com

sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backup

sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/example.com

sudo nano /etc/nginx/sites-available/example.com

Edit this page to something like:

server {
        listen 80;
        listen [::]:80;

        server_name example.com;
        root /var/www/example.com;

        index index.html;

        location / {
                try_files $uri $uri/ =404;
        }
}

Put all files related to example.com under /var/www/example.com. For example, if all your files are in a folder example.com in your home folder, do:

sudo cp -vr ~/example.com /var/www

Link from sites-available to sites-enabled:

sudo ln -sv /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled

Restart nginx:

sudo service nginx restart

Password protect a site: Basic HTTP Authentication With Nginx.

You need a htpasswd generator for this. The following uses openssl but you can use anyone, even those available online.

printf "john:$(openssl passwd -crypt s3cr3t)n"

Alternative: The following uses one from trac.edgewall.org:

cd /usr/local/bin

sudo wget http://trac.edgewall.org/export/10791/trunk/contrib/htpasswd.py

sudo chmod 755 /usr/local/bin/htpasswd.py

Suppose you want to protect a site in /var/www/example.xyz. If you are generating for the first time use the first command below and to add users use the second one.

sudo htpasswd.py -c -b /var/www/example.xyz/.htpasswd username password

sudo htpasswd.py -b /var/www/example.xyz/.htpasswd username password

To verify:

cat /var/www/example.xyz/.htpasswd

Now edit the config file for this site:

sudo nano /etc/nginx/sites-available/example.xyz

Change the part of the site you want to protect as follows:

location /test {
                auth_basic "Authorized monkeys only.";
                auth_basic_user_file /var/www/example.xyz/.htpasswd;
                ...
                }

Restart nginx

sudo service nginx restart

References:

howtoforge   nginx.org  

Make nginx log files non-root readable:

sudo chmod 755 /var/log/nginx

sudo chmod 644 /var/log/nginx/*.log

sudo chmod 644 /var/log/nginx/*.gz

Now edit:

sudo nano /etc/logrotate.d/nginx

and change the line

create 0644 www-data adm

Make sure that there are no speccial lines in:

dpkg-statoverride --list

Cache control:

location ~* \.(svg|ttf|woff|woff2|eot|pdf|xlsx|png)$ {
    expires 30d;
    add_header Cache-Control "public";
    log_not_found off;
    access_log off;    
}

location ~* \.(jpg|css)$ {
    expires 1d;
    add_header Cache-Control "private";
    log_not_found off;
    access_log off;        
}

References:

serverfault    kbeezie    mdn