Virtual Host

Make a copy of /etc/nginx/sites-available/default and edit it. In particular, add a server_name attribute and remove default_server from everywhere. Create a symbolic link to the file in /etc/nginx/sites-enabled then reload configuration.

HTTPS

Edit /etc/nginx/sites-available/default. The configuration for HTTPS is already there but commented out. Uncomment the two lines that start with "listen" then add the locations for the SSL certificate and certificate key. For example: 

listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/ssl/certs/sun.cer;
ssl_certificate_key /etc/ssl/private/sun.key;

Note that if you use Let's Encrypt, Certbot will automatically update the Nginx configuration file for you.

Allow ~/public_html

Edit /etc/nginx/sites-available/default and add the following: 

location ~ ^/~(.+?)(/.*)?$ {
    alias /home/$1/public_html$2;
    index index.html index.htm;
    autoindex on;
}

Reverse Proxy

There are two common situations. First, if the service runs at http://<host>:<port>/<path> and needs to be proxied at http(s)://<host>/<path> (note that the two paths match), it can be done with the following configuration (using port 8080 as an example):

    location /path {
        proxy_pass http://localhost:8080/path;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

Second, if the service runs at http://<host>:<port> and needs to be proxied at http(s)://<host>/<path> (note that the proxy has a path but the service doesn't, which is common for Node.js server applications), it can be configured like the following (using port 3001 as an example):

    location /path {
        return 302 /path/;
    }
    location /path/ {
        proxy_pass http://localhost:3001/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

This redirect trick makes Nginx "consume" the extra path so the correct path is passed to the service.

There are two additional settings. First, for applications that use Id tokens (which can be quite large), add the following to the location block so Nginx allocates enough memory to hold request headers:

        proxy_buffer_size 16k;
        proxy_busy_buffers_size 16k;

Second, for application that allow file uploads, increase the allowed request body size, e.g.

        client_max_body_size 100M;

Note that this goes outside the location block.

PHP

First install FastCGI Process Manager and a few other packages commonly used in PHP development:

> sudo apt install php-fpm php-mysql php-pgsql

You need to pay attention to which PHP version is installed (e.g. php7.0 or php7.2) as this version number is used in various places later. Here we assume it's 7.2.

Edit /etc/php/7.2/fpm/php.ini and set cgi.fix_pathinfo to 0 as recommended here, then restart the PHP processor:

> sudo systemctl restart php7.2-fpm

Edit /ect/nginx/sites-available/default, uncomment the parts related to php-fpm and add index.php (read the comments in the file carefully). You'll need to change php7.0-fpm.sock to the actual PHP version number (e.g. php7.2-fpm.sock). Save and check the configuration and reload Nginx.

Common Commands

sudo nginx -t Check configuration files for syntax errors
sudo systemctl reload nginx Reload configuration


Last Updated: 11/11/2022 14:57 Views: 166