Install and configure Nginx

nginx (engine x) — it is a web server and reverse proxy server, as well as a mail proxy server.

Install on Ubuntu with the command:

sudo apt-get install nginx

You can completely remove it as follows:

sudo apt purge nginx nginx-common nginx-core

Standard directory for www files – /usr/share/nginx/www or /var/www/html.

After installation, edit the configuration file /etc/nginx/nginx.conf according to your needs.

Below I will describe some of the parameters of the standard configuration file.
The user on whose behalf nginx is running:

user www-data;

The number of workflows. The optimal value depends on many factors, the number of processor cores, hard drives, load. auto – set automatically. I set equal to the number of cores of a single processor:

worker_processes 4;

The file in which the main process number (PID) will be stored:

pid /var/run/nginx.pid;

Number of connections per process:

worker_connections 1768;

If disabled, the workflow will accept only one new connection at a time; otherwise, all:

multi_accept on;

Enable or disable sendfile:

sendfile on;

When enabled, allows you to send the response header and the beginning of the file in one package, transfer the file in full packages:

tcp_nopush on;

Using the TCP_NODELAY parameter. Used when the connection goes into the keep-alive state:

tcp_nodelay on;

The time in seconds during which the keep-alive connection with the client will not be closed by the server:

keepalive_timeout 65;

Maximum size of hash tables of types:

types_hash_max_size 2048;

Whether to display the version of nginx in error messages and in the “Server” field of the response header, I recommend not to show:

server_tokens off;

Basket size in server name hash tables (32|64|128):

server_names_hash_bucket_size 64;

Specifying the port in redirects issued by nginx:

server_name_in_redirect off;

Connect to the mime.types configuration file:

include /etc/nginx/mime.types;

The default MIME type of responses is:

default_type application/octet-stream;

Path, format and log settings:

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

Enables or disables gzip compression of the response:

gzip on;

Disables gzip response compression for requests with “User-Agent” header fields similar to:

gzip_disable "msie6";

Set up gzip response compression for proxied requests:
“off” – is prohibited,
“expired” – compress if there is an “Expires” field in the response header with a value that prohibits caching,
“no-cache” – compress if there is a “Cache-Control” field in the response header with the parameter “no-cache”,
“no-store” – compress if there is a “Cache-Control” field in the response header with the “no-store” parameter,
“private” – compress, if in the response header there is a “Cache-Control” field with the parameter “private”,
“no_last_modified” – compress if there is no “Last-Modified” field in the response header,
“no_etag” – compress if there is no “ETag” field in the response header,
“auth” – compress if there is an “Authorization” field in the request header,
“any” – compress all proxied requests.

gzip_proxied any;

Compression ratio (from 1 to 9):

gzip_comp_level 6;

The number and size of buffers into which the response will shrink:

gzip_buffers 16 8k;

Minimum HTTP version of the request for response compression:

gzip_http_version 1.1;

Compressing the gzip response for specified MIME types in addition to “text/html”. “text/html” is always compressed:

gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

Load all configuration files from specified directories:

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;

Create a file in the /etc/nginx/sites-available/directory with the name of our domain.
I will give an example of the contents of the file as proxy apache2:

server {
listen 80;
server_name example.com www.example.com;
access_log /var/log/nginx.access_log;
location ~* \.(jpg|jpeg|gif|png|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|tar|wav|bmp|rtf|swf|ico|flv|txt|xml|docx|xlsx)$ {
root /var/www/example.com/;
index index.html index.php;
access_log off;
expires 30d;
}
location ~ /\.ht {
deny all;
}
location / {
proxy_pass http://127.0.0.1:81/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-for $remote_addr;
proxy_set_header Host $host;
proxy_connect_timeout 60;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_redirect off;
proxy_set_header Connection close;
proxy_pass_header Content-Type;
proxy_pass_header Content-Disposition;
proxy_pass_header Content-Length;
}
}

Activate the domain (that is, the link to the directory with configs that nginx loads):

sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/

Restart apache2 and nginx:

sudo /etc/init.d/apache2 restart
sudo /etc/init.d/nginx restart

Make sure that the web servers are running:

sudo netstat -tulpn | grep nginx
sudo netstat -tulpn | grep apache2

To show ip users in logs, and not 127.0.0.1, install:

sudo apt-get install libapache2-mod-rpaf

and add to the end of the apache config:

RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1
RPAFheader X-Forwarded-For

An example of disabling/enabling nginx autostart when the operating system starts (Ubuntu):

systemctl is-enabled nginx
systemctl disable nginx
systemctl enable nginx

If you have made symbolic links or placed other sites in subdirectories and images are not displayed on them, then you need to add configurations for these directories, I will give an example for phpmyadmin, zabbix:

location /dir/phpmyadmin {
    alias /var/www/ixnfo.com/dir/phpmyadmin;
    index index.php;
    include templates/allow_deny.tmpl;
    location ~  ^/dir/phpmyadmin/(.+\.php)(/.*)$ {
        fastcgi_param HTTP_PROXY "";
        fastcgi_pass   localhost:9999;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME $document_root$2;#$fastcgi_script_name;
        include fastcgi_params;
    }
}

location /dir/zabbix {
    alias /var/www/ixnfo.com/dir/zabbix;
    index index.php;
    include templates/allow_deny.tmpl;
    location ~  ^/dir/zabbix/(.+\.php)(/.*)$ {
        fastcgi_param HTTP_PROXY "";
        fastcgi_pass   localhost:9999;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME $document_root$2;#$fastcgi_script_name;
        include fastcgi_params;
                fastcgi_param   QUERY_STRING    $query_string;
                fastcgi_param   REQUEST_METHOD  $request_method;
                fastcgi_param   CONTENT_TYPE    $content_type;
                fastcgi_param   CONTENT_LENGTH  $content_length;

                fastcgi_intercept_errors        on;
                fastcgi_ignore_client_abort     off;
                fastcgi_connect_timeout         60;
                fastcgi_send_timeout            180;
                fastcgi_read_timeout            300;
                fastcgi_buffer_size             128k;
                fastcgi_buffers                 4 256k;
                fastcgi_busy_buffers_size       256k;
                fastcgi_temp_file_write_size    256k;
    }
}

See also my articles:
Setting up nginx logs
Installing WordPress and Nginx
How to configure IP access in nginx

Leave a comment

Leave a Reply