Install and configure Nginx

nginx (engine x) — it is a web server and reverse proxy server, as well as a mail proxy server.

Install on Ubuntu with the command:

sudo apt-get install nginx

You can completely remove it as follows:

sudo apt purge nginx nginx-common nginx-core

Standard directory for www files – /usr/share/nginx/www or /var/www/html.

After installation, edit the configuration file /etc/nginx/nginx.conf according to your needs.

Below I will describe some of the parameters of the standard configuration file.
The user on whose behalf nginx is running:

user www-data;

The number of workflows. The optimal value depends on many factors, the number of processor cores, hard drives, load. auto – set automatically. I set equal to the number of cores of a single processor:

worker_processes 4;

The file in which the main process number (PID) will be stored:

pid /var/run/nginx.pid;

Number of connections per process:

worker_connections 1768;

If disabled, the workflow will accept only one new connection at a time; otherwise, all:

multi_accept on;

Enable or disable sendfile:

sendfile on;

When enabled, allows you to send the response header and the beginning of the file in one package, transfer the file in full packages:

tcp_nopush on;

Using the TCP_NODELAY parameter. Used when the connection goes into the keep-alive state:

tcp_nodelay on;

The time in seconds during which the keep-alive connection with the client will not be closed by the server:

keepalive_timeout 65;

Maximum size of hash tables of types:

types_hash_max_size 2048;

Whether to display the version of nginx in error messages and in the “Server” field of the response header, I recommend not to show:

server_tokens off;

Basket size in server name hash tables (32|64|128):

server_names_hash_bucket_size 64;

Specifying the port in redirects issued by nginx:

server_name_in_redirect off;

Connect to the mime.types configuration file:

include /etc/nginx/mime.types;

The default MIME type of responses is:

default_type application/octet-stream;

Path, format and log settings:

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

Enables or disables gzip compression of the response:

gzip on;

Disables gzip response compression for requests with “User-Agent” header fields similar to:

gzip_disable "msie6";

Set up gzip response compression for proxied requests:
“off” – is prohibited,
“expired” – compress if there is an “Expires” field in the response header with a value that prohibits caching,
“no-cache” – compress if there is a “Cache-Control” field in the response header with the parameter “no-cache”,
“no-store” – compress if there is a “Cache-Control” field in the response header with the “no-store” parameter,
“private” – compress, if in the response header there is a “Cache-Control” field with the parameter “private”,
“no_last_modified” – compress if there is no “Last-Modified” field in the response header,
“no_etag” – compress if there is no “ETag” field in the response header,
“auth” – compress if there is an “Authorization” field in the request header,
“any” – compress all proxied requests.

gzip_proxied any;

Compression ratio (from 1 to 9):

gzip_comp_level 6;

The number and size of buffers into which the response will shrink:

gzip_buffers 16 8k;

Minimum HTTP version of the request for response compression:

gzip_http_version 1.1;

Compressing the gzip response for specified MIME types in addition to “text/html”. “text/html” is always compressed:

gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

Load all configuration files from specified directories:

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;

Create a file in the /etc/nginx/sites-available/directory with the name of our domain.
I will give an example of the contents of the file as proxy apache2:

server {
listen 80;
server_name example.com www.example.com;
access_log /var/log/nginx.access_log;
location ~* \.(jpg|jpeg|gif|png|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|tar|wav|bmp|rtf|swf|ico|flv|txt|xml|docx|xlsx)$ {
root /var/www/example.com/;
index index.html index.php;
access_log off;
expires 30d;
}
location ~ /\.ht {
deny all;
}
location / {
proxy_pass http://127.0.0.1:81/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $remote_addr;
proxy_set_header Host $host;
proxy_connect_timeout 60;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_redirect off;
proxy_set_header Connection close;
proxy_pass_header Content-Type;
proxy_pass_header Content-Disposition;
proxy_pass_header Content-Length;
}
}

Activate the domain (that is, the link to the directory with configs that nginx loads):

sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/

Restart apache2 and nginx:

sudo /etc/init.d/apache2 restart
sudo /etc/init.d/nginx restart

To show ip users in logs, and not 127.0.0.1, install:

sudo apt-get install libapache2-mod-rpaf

and add to the end of the apache config:

RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1
RPAFheader X-Forwarded-For

See also my articles:
Setting up nginx logs
How to configure IP access in nginx

Did my article help you? How about buying me a cup of coffee as an encouragement? Buy me a coffe.

Leave a comment

Leave a Reply