nginx (engine x) — it is a web server and reverse proxy server, as well as a mail proxy server.
Install on Ubuntu with the command:
sudo apt-get install nginx
You can completely remove it as follows:
sudo apt purge nginx nginx-common nginx-core
Standard directory for www files – /usr/share/nginx/www or /var/www/html.
After installation, edit the configuration file /etc/nginx/nginx.conf according to your needs.
Below I will describe some of the parameters of the standard configuration file.
The user on whose behalf nginx is running:
user www-data;
The number of workflows. The optimal value depends on many factors, the number of processor cores, hard drives, load. auto – set automatically. I set equal to the number of cores of a single processor:
worker_processes 4;
The file in which the main process number (PID) will be stored:
pid /var/run/nginx.pid;
Number of connections per process:
worker_connections 1768;
If disabled, the workflow will accept only one new connection at a time; otherwise, all:
multi_accept on;
Enable or disable sendfile:
sendfile on;
When enabled, allows you to send the response header and the beginning of the file in one package, transfer the file in full packages:
tcp_nopush on;
Using the TCP_NODELAY parameter. Used when the connection goes into the keep-alive state:
tcp_nodelay on;
The time in seconds during which the keep-alive connection with the client will not be closed by the server:
keepalive_timeout 65;
Maximum size of hash tables of types:
types_hash_max_size 2048;
Whether to display the version of nginx in error messages and in the “Server” field of the response header, I recommend not to show:
server_tokens off;
Basket size in server name hash tables (32|64|128):
server_names_hash_bucket_size 64;
Specifying the port in redirects issued by nginx:
server_name_in_redirect off;
Connect to the mime.types configuration file:
include /etc/nginx/mime.types;
The default MIME type of responses is:
default_type application/octet-stream;
Path, format and log settings:
access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log;
Enables or disables gzip compression of the response:
gzip on;
Disables gzip response compression for requests with “User-Agent” header fields similar to:
gzip_disable "msie6";
Set up gzip response compression for proxied requests:
“off” – is prohibited,
“expired” – compress if there is an “Expires” field in the response header with a value that prohibits caching,
“no-cache” – compress if there is a “Cache-Control” field in the response header with the parameter “no-cache”,
“no-store” – compress if there is a “Cache-Control” field in the response header with the “no-store” parameter,
“private” – compress, if in the response header there is a “Cache-Control” field with the parameter “private”,
“no_last_modified” – compress if there is no “Last-Modified” field in the response header,
“no_etag” – compress if there is no “ETag” field in the response header,
“auth” – compress if there is an “Authorization” field in the request header,
“any” – compress all proxied requests.
gzip_proxied any;
Compression ratio (from 1 to 9):
gzip_comp_level 6;
The number and size of buffers into which the response will shrink:
gzip_buffers 16 8k;
Minimum HTTP version of the request for response compression:
gzip_http_version 1.1;
Compressing the gzip response for specified MIME types in addition to “text/html”. “text/html” is always compressed:
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
Load all configuration files from specified directories:
include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*;
Create a file in the /etc/nginx/sites-available/directory with the name of our domain.
I will give an example of the contents of the file as proxy apache2:
server {
listen 80;
server_name example.com www.example.com;
access_log /var/log/nginx.access_log;
location ~* \.(jpg|jpeg|gif|png|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|tar|wav|bmp|rtf|swf|ico|flv|txt|xml|docx|xlsx)$ {
root /var/www/example.com/;
index index.html index.php;
access_log off;
expires 30d;
}
location ~ /\.ht {
deny all;
}
location / {
proxy_pass http://127.0.0.1:81/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $remote_addr;
proxy_set_header Host $host;
proxy_connect_timeout 60;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_redirect off;
proxy_set_header Connection close;
proxy_pass_header Content-Type;
proxy_pass_header Content-Disposition;
proxy_pass_header Content-Length;
}
}
Activate the domain (that is, the link to the directory with configs that nginx loads):
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
Restart apache2 and nginx:
sudo /etc/init.d/apache2 restart sudo /etc/init.d/nginx restart
To show ip users in logs, and not 127.0.0.1, install:
sudo apt-get install libapache2-mod-rpaf
and add to the end of the apache config:
RPAFenable On RPAFsethostname On RPAFproxy_ips 127.0.0.1 RPAFheader X-Forwarded-For
See also my articles:
Setting up nginx logs
How to configure IP access in nginx