Nginx: Difference between revisions
Jump to navigation
Jump to search
| (10 intermediate revisions by the same user not shown) | |||
| Line 77: | Line 77: | ||
==Reverse Proxy== | ==Reverse Proxy== | ||
===Reverse Proxy » MinIO=== | |||
---- | |||
<source lang="bash"> | |||
MINIO_OPTS="--address :9800 --console-address :9801" | |||
MINIO_VOLUMES="/home/minio/.minio/data" | |||
MINIO_ROOT_USER=admin | |||
MINIO_ROOT_PASSWORD=academia | |||
MINIO_CONFIG_ENV_FILE=/etc/default/minio | |||
MINIO_BROWSER_REDIRECT_URL="http://academia.chorke.org/minio/" | |||
</source> | |||
<source lang="text"> | <source lang="text"> | ||
location /minio/ { | location /minio/ { | ||
| Line 86: | Line 97: | ||
proxy_buffers 2048 8k; | proxy_buffers 2048 8k; | ||
proxy_redirect off; | proxy_redirect off; | ||
proxy_pass http://127.0.0.1:9801; | proxy_pass http://127.0.0.1:9801/; | ||
} | |||
</source> | |||
===Reverse Proxy » ROR=== | |||
---- | |||
<source lang="text"> | |||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |||
proxy_set_header X-Forwarded-Proto $scheme; | |||
proxy_set_header Host $http_host; | |||
proxy_redirect off; | |||
location / { | |||
proxy_pass http://127.0.0.1:3001; | |||
} | |||
location /api { | |||
proxy_pass http://127.0.0.1:3002; | |||
} | } | ||
</source> | </source> | ||
| Line 99: | Line 127: | ||
apt install ufw | apt install ufw | ||
apt install nmap | apt install nmap | ||
</source> | |||
| valign="top" | | |||
<source lang="bash"> | |||
sudo ss -tulwn | grep LISTEN | |||
sudo ss -tulpn | grep LISTEN | |||
sudo ss -tulpn | grep LISTEN | grep sshd | |||
sudo ss -tulpn | grep LISTEN | grep minio | |||
sudo ss -tulpn | grep LISTEN | grep resolve | |||
</source> | </source> | ||
| Line 113: | Line 147: | ||
</source> | </source> | ||
| valign= | |- | ||
|colspan='3'| | |||
---- | |||
|- | |||
|valign='top'| | |||
apt install telnet | |||
apt list --installed | |||
netstat -uap|grep nginx | |||
|valign='top'| | |||
|valign='top'| | |||
|} | |} | ||
| Line 120: | Line 165: | ||
{| | {| | ||
| valign="top" | | | valign="top" | | ||
* [https://serverfault.com/questions/618669/ Proxy to sites that expect to be at root URL] | |||
* [[Virtual Host And Certbot in Raspbian 10]] | |||
* [[Virtual Host And Certbot in RHEL7]] | |||
* [[Virtual Host And Certbot in RHEL6]] | |||
* [[Virtual Host And Certbot in WSL2]] | |||
* [https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-22-04 Nginx » Install on Ubuntu 22.04] | * [https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-22-04 Nginx » Install on Ubuntu 22.04] | ||
* [https://library.humio.com/falcon-logscale/installation-cluster-nginx-proxy.html Nginx » <code>X-Forwarded-Prefix</code>] | |||
* [[Localtunnel]] | |||
* [[PostgreSQL]] | * [[PostgreSQL]] | ||
* [[HAProxy]] | * [[HAProxy]] | ||
Latest revision as of 09:57, 25 January 2024
sudo apt install nginx
Virtual Host
cat << EOF | tee /etc/nginx/sites-available/academia.chorke.org >/dev/null
server {
server_name academia.chorke.org;
gzip on;
gzip_http_version 1.0;
gzip_disable "msie6";
gzip_vary on;
gzip_min_length 1100;
gzip_buffers 64 8k;
gzip_comp_level 3;
gzip_proxied any;
gzip_types text/css text/xml application/x-javascript application/atom+xml text/mathml text/plain text/vnd.sun.j2me.app-descriptor text/vnd.wap.wml text/x-component;
root /var/chorke/academia.chorke.org/www;
access_log /var/chorke/academia.chorke.org/logs/nginx.access.log;
error_log /var/chorke/academia.chorke.org/logs/nginx.error.log info;
error_page 500 502 503 504 /500.html;
client_max_body_size 25M;
keepalive_timeout 10;
expires $expires;
location ~ ^/.well-known(/.*|$) {
alias /var/www/html/.well-known$1;
gzip_static on;
expires max;
add_header Cache-Control public;
}
location ^~ /assets/ {
root /var/chorke/academia.chorke.org/www/assets;
gzip_static on;
expires max;
add_header Cache-Control public;
}
location /minio/ {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering on;
proxy_buffer_size 8k;
proxy_buffers 2048 8k;
proxy_redirect off;
proxy_pass http://127.0.0.1:9801;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/academia.chorke.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/academia.chorke.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($host = academia.chorke.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name academia.chorke.org;
listen [::]:80;
listen 80;
return 404; # managed by Certbot
}
EOF
ln -s /etc/nginx/sites-available/academia.chorke.org\
/etc/nginx/sites-enabled/academia.chorke.org
Reverse Proxy
Reverse Proxy » MinIO
MINIO_OPTS="--address :9800 --console-address :9801"
MINIO_VOLUMES="/home/minio/.minio/data"
MINIO_ROOT_USER=admin
MINIO_ROOT_PASSWORD=academia
MINIO_CONFIG_ENV_FILE=/etc/default/minio
MINIO_BROWSER_REDIRECT_URL="http://academia.chorke.org/minio/"
location /minio/ {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering on;
proxy_buffer_size 8k;
proxy_buffers 2048 8k;
proxy_redirect off;
proxy_pass http://127.0.0.1:9801/;
}
Reverse Proxy » ROR
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
location / {
proxy_pass http://127.0.0.1:3001;
}
location /api {
proxy_pass http://127.0.0.1:3002;
}
Knowledge
ufw status
netstat -a
netstat -lpn
apt install ufw
apt install nmap
|
sudo ss -tulwn | grep LISTEN
sudo ss -tulpn | grep LISTEN
sudo ss -tulpn | grep LISTEN | grep sshd
sudo ss -tulpn | grep LISTEN | grep minio
sudo ss -tulpn | grep LISTEN | grep resolve
|
sudo ufw status
sudo ufw app list
sudo ufw allow 'Nginx HTTP'
sudo ss -tulpn | grep LISTEN
sudo lsof -i -P -n | grep LISTEN
|
|
| ||
apt install telnet apt list --installed netstat -uap|grep nginx |
||
References
|
| ||