Nginx: Difference between revisions
Jump to navigation
Jump to search
Line 1: | Line 1: | ||
sudo apt install nginx | sudo apt install nginx | ||
==Virtual Host== | |||
<source lang="bash"> | |||
cat << EOF | tee /etc/nginx/sites-enabled/academia.chorke.org >/dev/null | |||
server { | |||
server_name academia.chorke.org; | |||
gzip on; | |||
gzip_http_version 1.0; | |||
gzip_disable "msie6"; | |||
gzip_vary on; | |||
gzip_min_length 1100; | |||
gzip_buffers 64 8k; | |||
gzip_comp_level 3; | |||
gzip_proxied any; | |||
gzip_types text/css text/xml application/x-javascript application/atom+xml text/mathml text/plain text/vnd.sun.j2me.app-descriptor text/vnd.wap.wml text/x-component; | |||
root /var/chorke/academia.chorke.org/www; | |||
access_log /var/chorke/academia.chorke.org/logs/nginx.access.log; | |||
error_log /var/chorke/academia.chorke.org/logs/nginx.error.log info; | |||
error_page 500 502 503 504 /500.html; | |||
client_max_body_size 25M; | |||
keepalive_timeout 10; | |||
expires $expires; | |||
location ~ ^/.well-known(/.*|$) { | |||
alias /var/www/html/.well-known$1; | |||
gzip_static on; | |||
expires max; | |||
add_header Cache-Control public; | |||
} | |||
location ^~ /assets/ { | |||
root /var/chorke/academia.chorke.org/www/assets; | |||
gzip_static on; | |||
expires max; | |||
add_header Cache-Control public; | |||
} | |||
location /minio/ { | |||
proxy_set_header Host $http_host; | |||
proxy_set_header X-Forwarded-Proto $scheme; | |||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |||
proxy_buffering on; | |||
proxy_buffer_size 8k; | |||
proxy_buffers 2048 8k; | |||
proxy_redirect off; | |||
proxy_pass http://127.0.0.1:9801; | |||
} | |||
listen 443 ssl; | |||
ssl_certificate /etc/letsencrypt/live/academia.chorke.org/fullchain.pem; # managed by Certbot | |||
ssl_certificate_key /etc/letsencrypt/live/academia.chorke.org/privkey.pem; # managed by Certbot | |||
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot | |||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; | |||
} | |||
server { | |||
if ($host = academia.chorke.org) { | |||
return 301 https://$host$request_uri; | |||
} # managed by Certbot | |||
server_name academia.chorke.org; | |||
listen [::]:80; | |||
listen 80; | |||
return 404; # managed by Certbot | |||
} | |||
EOF | |||
ln -s /etc/nginx/sites-available/academia.chorke.org\ | |||
/etc/nginx/sites-enabled/academia.chorke.org | |||
</source> | |||
==Reverse Proxy== | ==Reverse Proxy== |
Revision as of 11:06, 4 April 2023
sudo apt install nginx
Virtual Host
cat << EOF | tee /etc/nginx/sites-enabled/academia.chorke.org >/dev/null
server {
server_name academia.chorke.org;
gzip on;
gzip_http_version 1.0;
gzip_disable "msie6";
gzip_vary on;
gzip_min_length 1100;
gzip_buffers 64 8k;
gzip_comp_level 3;
gzip_proxied any;
gzip_types text/css text/xml application/x-javascript application/atom+xml text/mathml text/plain text/vnd.sun.j2me.app-descriptor text/vnd.wap.wml text/x-component;
root /var/chorke/academia.chorke.org/www;
access_log /var/chorke/academia.chorke.org/logs/nginx.access.log;
error_log /var/chorke/academia.chorke.org/logs/nginx.error.log info;
error_page 500 502 503 504 /500.html;
client_max_body_size 25M;
keepalive_timeout 10;
expires $expires;
location ~ ^/.well-known(/.*|$) {
alias /var/www/html/.well-known$1;
gzip_static on;
expires max;
add_header Cache-Control public;
}
location ^~ /assets/ {
root /var/chorke/academia.chorke.org/www/assets;
gzip_static on;
expires max;
add_header Cache-Control public;
}
location /minio/ {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering on;
proxy_buffer_size 8k;
proxy_buffers 2048 8k;
proxy_redirect off;
proxy_pass http://127.0.0.1:9801;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/academia.chorke.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/academia.chorke.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($host = academia.chorke.org) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name academia.chorke.org;
listen [::]:80;
listen 80;
return 404; # managed by Certbot
}
EOF
ln -s /etc/nginx/sites-available/academia.chorke.org\
/etc/nginx/sites-enabled/academia.chorke.org
Reverse Proxy
location /minio/ {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_buffering on;
proxy_buffer_size 8k;
proxy_buffers 2048 8k;
proxy_redirect off;
proxy_pass http://127.0.0.1:9801;
}
Knowledge
ufw status
netstat -a
netstat -lpn
apt install ufw
apt install nmap
apt install telnet
apt list --installed
netstat -uap|grep nginx
|
sudo ufw status
sudo ufw app list
sudo ufw allow 'Nginx HTTP'
sudo ss -tulpn | grep LISTEN
sudo lsof -i -P -n | grep LISTEN
|
References
| ||