Nginx: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
(Created page with " sudo apt install haproxy ==References== {| | valign="top" | * [https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-22-04 Nginx » Install on Ubun...")
 
 
(17 intermediate revisions by the same user not shown)
Line 1: Line 1:
  sudo apt install haproxy
  sudo apt install nginx
 
==Virtual Host==
<source lang="bash">
cat << EOF | tee /etc/nginx/sites-available/academia.chorke.org >/dev/null
server {
    server_name  academia.chorke.org;
 
    gzip on;
    gzip_http_version 1.0;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_min_length 1100;
    gzip_buffers 64 8k;
    gzip_comp_level 3;
    gzip_proxied any;
    gzip_types text/css text/xml application/x-javascript application/atom+xml text/mathml text/plain text/vnd.sun.j2me.app-descriptor text/vnd.wap.wml text/x-component;
 
    root /var/chorke/academia.chorke.org/www;
    access_log /var/chorke/academia.chorke.org/logs/nginx.access.log;
    error_log /var/chorke/academia.chorke.org/logs/nginx.error.log info;
 
    error_page 500 502 503 504 /500.html;
    client_max_body_size 25M;
    keepalive_timeout 10;
    expires $expires;
 
    location ~ ^/.well-known(/.*|$) {
        alias /var/www/html/.well-known$1;
        gzip_static on;
        expires max;
        add_header Cache-Control public;
    }
 
    location ^~ /assets/ {
        root /var/chorke/academia.chorke.org/www/assets;
        gzip_static on;
        expires max;
        add_header Cache-Control public;
    }
 
    location /minio/ {
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_buffering on;
        proxy_buffer_size 8k;
        proxy_buffers 2048 8k;
        proxy_redirect off;
        proxy_pass http://127.0.0.1:9801;
    }
 
    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/academia.chorke.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/academia.chorke.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
 
server {
  if ($host = academia.chorke.org) {
    return 301 https://$host$request_uri;
  } # managed by Certbot
 
 
  server_name academia.chorke.org;
 
  listen [::]:80;
  listen 80;
  return 404; # managed by Certbot
}
EOF
 
ln -s /etc/nginx/sites-available/academia.chorke.org\
      /etc/nginx/sites-enabled/academia.chorke.org
</source>
 
==Reverse Proxy==
===Reverse Proxy » MinIO===
----
<source lang="bash">
MINIO_OPTS="--address :9800 --console-address :9801"
MINIO_VOLUMES="/home/minio/.minio/data"
MINIO_ROOT_USER=admin
MINIO_ROOT_PASSWORD=academia
MINIO_CONFIG_ENV_FILE=/etc/default/minio
MINIO_BROWSER_REDIRECT_URL="http://academia.chorke.org/minio/"
</source>
 
<source lang="text">
location /minio/ {
  proxy_set_header Host $http_host;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_buffering on;
  proxy_buffer_size 8k;
  proxy_buffers 2048 8k;
  proxy_redirect off;
  proxy_pass http://127.0.0.1:9801/;
}
</source>
 
===Reverse Proxy » ROR===
----
<source lang="text">
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
 
location / {
  proxy_pass http://127.0.0.1:3001;
}
 
location /api {
  proxy_pass http://127.0.0.1:3002;
}
</source>
 
==Knowledge==
{|
| valign="top" |
<source lang="bash">
ufw status
netstat -a
netstat -lpn
apt install ufw
apt install nmap
</source>
 
| valign="top" |
<source lang="bash">
sudo ss -tulwn | grep LISTEN
sudo ss -tulpn | grep LISTEN
sudo ss -tulpn | grep LISTEN | grep sshd
sudo ss -tulpn | grep LISTEN | grep minio
sudo ss -tulpn | grep LISTEN | grep resolve
</source>
 
| valign="top" |
<source lang="bash">
sudo ufw status
sudo ufw app list
sudo ufw allow 'Nginx HTTP'
sudo ss -tulpn    | grep LISTEN
sudo lsof -i -P -n | grep LISTEN
</source>
 
|-
|colspan='3'|
----
|-
|valign='top'|
apt install telnet
apt list --installed
netstat -uap|grep nginx
 
|valign='top'|
 
|valign='top'|
 
|}


==References==
==References==
{|
{|
| valign="top" |
| valign="top" |
* [https://serverfault.com/questions/618669/ Proxy to sites that expect to be at root URL]
* [[Virtual Host And Certbot in Raspbian 10]]
* [[Virtual Host And Certbot in RHEL7]]
* [[Virtual Host And Certbot in RHEL6]]
* [[Virtual Host And Certbot in WSL2]]
* [https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-22-04 Nginx » Install on Ubuntu 22.04]
* [https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-22-04 Nginx » Install on Ubuntu 22.04]
* [https://library.humio.com/falcon-logscale/installation-cluster-nginx-proxy.html Nginx » <code>X-Forwarded-Prefix</code>]
* [[Localtunnel]]
* [[PostgreSQL]]
* [[HAProxy]]
* [[MinIO]]


| valign="top" |
| valign="top" |

Latest revision as of 09:57, 25 January 2024

sudo apt install nginx

Virtual Host

cat << EOF | tee /etc/nginx/sites-available/academia.chorke.org >/dev/null
server {
    server_name  academia.chorke.org;

    gzip on;
    gzip_http_version 1.0;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_min_length 1100;
    gzip_buffers 64 8k;
    gzip_comp_level 3;
    gzip_proxied any;
    gzip_types text/css text/xml application/x-javascript application/atom+xml text/mathml text/plain text/vnd.sun.j2me.app-descriptor text/vnd.wap.wml text/x-component;

    root /var/chorke/academia.chorke.org/www;
    access_log /var/chorke/academia.chorke.org/logs/nginx.access.log;
    error_log /var/chorke/academia.chorke.org/logs/nginx.error.log info;

    error_page 500 502 503 504 /500.html;
    client_max_body_size 25M;
    keepalive_timeout 10;
    expires $expires;

    location ~ ^/.well-known(/.*|$) {
        alias /var/www/html/.well-known$1;
        gzip_static on;
        expires max;
        add_header Cache-Control public;
    }

    location ^~ /assets/ {
        root /var/chorke/academia.chorke.org/www/assets;
        gzip_static on;
        expires max;
        add_header Cache-Control public;
    }

    location /minio/ {
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_buffering on;
        proxy_buffer_size 8k;
        proxy_buffers 2048 8k;
        proxy_redirect off;
        proxy_pass http://127.0.0.1:9801;
    }

    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/academia.chorke.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/academia.chorke.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

server {
  if ($host = academia.chorke.org) {
    return 301 https://$host$request_uri;
  } # managed by Certbot


  server_name academia.chorke.org;

  listen [::]:80;
  listen 80;
  return 404; # managed by Certbot
}
EOF

ln -s /etc/nginx/sites-available/academia.chorke.org\
      /etc/nginx/sites-enabled/academia.chorke.org

Reverse Proxy

Reverse Proxy » MinIO


MINIO_OPTS="--address :9800 --console-address :9801"
MINIO_VOLUMES="/home/minio/.minio/data"
MINIO_ROOT_USER=admin
MINIO_ROOT_PASSWORD=academia
MINIO_CONFIG_ENV_FILE=/etc/default/minio
MINIO_BROWSER_REDIRECT_URL="http://academia.chorke.org/minio/"
location /minio/ {
   proxy_set_header Host $http_host;
   proxy_set_header X-Forwarded-Proto $scheme;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_buffering on;
   proxy_buffer_size 8k;
   proxy_buffers 2048 8k;
   proxy_redirect off;
   proxy_pass http://127.0.0.1:9801/;
}

Reverse Proxy » ROR


proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;

location / {
  proxy_pass http://127.0.0.1:3001;
}

location /api {
  proxy_pass http://127.0.0.1:3002;
}

Knowledge

ufw status
netstat -a
netstat -lpn
apt install ufw
apt install nmap
sudo ss -tulwn | grep LISTEN
sudo ss -tulpn | grep LISTEN
sudo ss -tulpn | grep LISTEN | grep sshd
sudo ss -tulpn | grep LISTEN | grep minio
sudo ss -tulpn | grep LISTEN | grep resolve
sudo ufw status
sudo ufw app list
sudo ufw allow 'Nginx HTTP'
sudo ss -tulpn     | grep LISTEN
sudo lsof -i -P -n | grep LISTEN

apt install telnet
apt list --installed
netstat -uap|grep nginx

References