Category: Nginx – Page 2

Nginx Location Directive

Posted on September 29, 2019 by ServerOk

Nginx Location Directive is used to route request to correct files. Match Exact match is used to match an exact URL.

server {
    listen 80 default_server;
    root /var/www/html;
    index index.html;
    server_name _;

    location /ok/ {
        root /home/;
    }
}

server {

listen 80 default_server;

root /var/www/html;

index index.html;

server_name _;

location /ok/ {

root /home/;

}

When location is used with no modifiers, then beginning of the URL is matched. In this case, any url http://domain/ok/FILE_NAME will be served from /home/ok/FILE_NAME Exact Match (=) Exact match is used to […]

Nginx Password Protect a website

Posted on August 3, 2019 by ServerOk

To password protect a web site, you need to install htpasswd utility. On Ubuntu/Debian, you can install it with command

apt install apache2-utils -y

1	apt install apache2-utils -y

Now create a password file with command

htpasswd -c /etc/nginx/.htpasswd  USER_NAME_HERE

1	htpasswd -c /etc/nginx/.htpasswd USER_NAME_HERE

It will ask for password. Edit configuration file for your web site and add following in the server entry for the web site.

auth_basic "Members Only";
auth_basic_user_file /etc/nginx/.htpasswd;

1 2	auth_basic "Members Only"; auth_basic_user_file /etc/nginx/.htpasswd;

Restart Nginx. […]

Configure Nginx to listen on single IP Address

Posted on July 30, 2019 by ServerOk

By default Nginx listens on all IP address on a server. To make nginx listen on specific IP address, edit nginx configuration file

vi /etc/nginx/nginx.conf

1	vi /etc/nginx/nginx.conf

And VirtualHost/server files for each domain located in folders

/etc/nginx/conf.d => on CentOS/RHEL
/etc/nginx/sites-available => on Debian/Ubuntu

1 2	/etc/nginx/conf.d => on CentOS/RHEL /etc/nginx/sites-available => on Debian/Ubuntu

Find

listen 80

listen 80

Replace with

listen IP_ADDR_HERE:80

1	listen IP_ADDR_HERE:80

IP_ADDR_HERE = your server IP address on which you need nginx listen on. See Nginx […]

Nginx Config for Laravel Application in sub folder

Posted on May 21, 2019 (May 21, 2019) by ServerOk

To run Laravel Application on sub folder of a web site, use following configuration. If you run Laravel application as main site, see Nginx Config for Laravel Application

# subFolderApp1

location /subFolderApp1 {  
    alias /home/yorudomain.com/html/subFolderApp1/public;  
    try_files $uri $uri/ @nested1;
    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_param SCRIPT_FILENAME $request_filename;
        fastcgi_pass unix:/run/php/php7.2-fpm-torrentp.sock;
    }
}  

location @nested1 {
    rewrite /subFolderApp1/(.*)$ /subFolderApp1/index.php?/$1 last;
}

# end subFolderApp1

# subFolderApp1

location /subFolderApp1 {

alias /home/yorudomain.com/html/subFolderApp1/public;

try_files $uri $uri/ @nested1;

location ~ \.php$ {

include snippets/fastcgi-php.conf;

fastcgi_param SCRIPT_FILENAME $request_filename;

fastcgi_pass unix:/run/php/php7.2-fpm-torrentp.sock;

}

location @nested1 {

rewrite /subFolderApp1/(.*)$ /subFolderApp1/index.php?/$1 last;

}

# end subFolderApp1

Here you place Laravel application in a subdirectory “subFolderApp1”. Example

server {
    server_name serverok.in www.serverok.in;
    root /home/serverok.in/html/;
    index index.php index.html index.htm;
    client_max_body_size 1000M;
    proxy_read_timeout 600s;
    fastcgi_read_timeout 600s;
    fastcgi_send_timeout 600s;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }


    # service

    location /service {  
        alias /home/serverok.in/html/service/public;  
        try_files $uri $uri/ @nested1;
        location ~ \.php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_param SCRIPT_FILENAME $request_filename;
            fastcgi_pass unix:/run/php/php7.2-fpm-torrentp.sock;
        }
    }  

    location @nested1 {
        rewrite /service/(.*)$ /service/index.php?/$1 last;
    }

    # end service

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_intercept_errors on;
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;
        fastcgi_pass unix:/run/php/php7.2-fpm-torrentp.sock;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/serverok.in/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/serverok.in/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = www.serverok.in) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = serverok.in) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    server_name serverok.in www.serverok.in;
    return 404; # managed by Certbot
}

server {

server_name serverok.in www.serverok.in;

root /home/serverok.in/html/;

index index.php index.html index.htm;

client_max_body_size 1000M;

proxy_read_timeout 600s;

fastcgi_read_timeout 600s;

fastcgi_send_timeout 600s;

location / {

try_files $uri $uri/ /index.php?$query_string;

}

# service

location /service {

alias /home/serverok.in/html/service/public;

try_files $uri $uri/ @nested1;

location ~ \.php$ {

include snippets/fastcgi-php.conf;

fastcgi_param SCRIPT_FILENAME $request_filename;

fastcgi_pass unix:/run/php/php7.2-fpm-torrentp.sock;

}

location @nested1 {

rewrite /service/(.*)$ /service/index.php?/$1 last;

}

# end service

location ~ \.php$ {

include snippets/fastcgi-php.conf;

fastcgi_intercept_errors on;

fastcgi_buffers 16 16k;

fastcgi_buffer_size 32k;

fastcgi_pass unix:/run/php/php7.2-fpm-torrentp.sock;

}

listen 443 ssl; # managed by Certbot

ssl_certificate /etc/letsencrypt/live/serverok.in/fullchain.pem; # managed by Certbot

ssl_certificate_key /etc/letsencrypt/live/serverok.in/privkey.pem; # managed by Certbot

include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {

if ($host = www.serverok.in) {

return 301 https://$host$request_uri;

} # managed by Certbot

if ($host = serverok.in) {

return 301 https://$host$request_uri;

} # managed by Certbot

listen 80;

server_name serverok.in www.serverok.in;

return 404; # managed by Certbot

}

[…]

Nginx Config for Laravel Application

Posted on April 27, 2019 (May 21, 2019) by ServerOk

Here is Nginx configuration for a laravel application

server {
    listen 80;
    server_name www.domain.com;
    access_log  /var/log/nginx/domain.com.log;
    root /home/domain.com/html/public;
    index index.html index.php;
    access_log /var/log/nginx/domain.com.log;
    error_log /var/log/nginx/domain.com-error.log;
    client_max_body_size 1000M;
    proxy_read_timeout 600s;
    fastcgi_read_timeout 600s;
    fastcgi_send_timeout 600s;

    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }

    location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
       try_files $uri =404;
       access_log off;
       expires max;
    }

    location = /robots.txt      { access_log off; log_not_found off; }
    location = /favicon.ico    { access_log off; log_not_found off; }  

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_intercept_errors on;
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
    }
}

server {
    listen 80;
    server_name  domain.com;
    return       301 http://www.domain.com$request_uri;
}

server {

listen 80;

server_name www.domain.com;

access_log /var/log/nginx/domain.com.log;

root /home/domain.com/html/public;

index index.html index.php;

access_log /var/log/nginx/domain.com.log;

error_log /var/log/nginx/domain.com-error.log;

client_max_body_size 1000M;

proxy_read_timeout 600s;

fastcgi_read_timeout 600s;

fastcgi_send_timeout 600s;

location / {

try_files $uri $uri/ /index.php$is_args$args;

}

location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {

try_files $uri =404;

access_log off;

expires max;

}

location = /robots.txt { access_log off; log_not_found off; }

location = /favicon.ico { access_log off; log_not_found off; }

location ~ \.php$ {

include snippets/fastcgi-php.conf;

fastcgi_intercept_errors on;

fastcgi_buffers 16 16k;

fastcgi_buffer_size 32k;

fastcgi_pass unix:/run/php/php7.2-fpm.sock;

}

server {

listen 80;

server_name domain.com;

return 301 http://www.domain.com$request_uri;

}

Nginx Config for Laravel Application in sub folder […]

Disable TLSv1 in Nginx

Posted on February 6, 2019 (February 6, 2019) by ServerOk

To disable TLSv1 in nginx, add

ssl_protocols TLSv1.1 TLSv1.2;

1	ssl_protocols TLSv1.1 TLSv1.2;

in your server config. if you are using letsencrypt SSL, edit file

vi /etc/letsencrypt/options-ssl-nginx.conf

1	vi /etc/letsencrypt/options-ssl-nginx.conf

Find

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

1	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

Replace with

ssl_protocols TLSv1.1 TLSv1.2;

1	ssl_protocols TLSv1.1 TLSv1.2;

Restart Nginx

service nginx restart

1	service nginx restart

To verify, run

nmap --script ssl-enum-ciphers -p 443 DOMAIN.EXTN

1	nmap --script ssl-enum-ciphers -p 443 DOMAIN.EXTN

This will list all supported SSL protocols. […]

Nginx Rails Origin header didn’t match request.base_url

Posted on January 30, 2019 by ServerOk

After installing SSL on Nginx server, rails application login page stopped working. On log file (log/production.log), found following error HTTP Origin header (https://domain.com) didn’t match request.base_url (http://domain.com) The Nginx config used was

upstream app {
   server unix:/var/www/public/shared/sockets/unicorn.sock fail_timeout=0;
}

server {
   listen 443 ssl;
   root /var/www/public;
   ssl_certificate /etc/ssl/ssl.crt;
   ssl_certificate_key /etc/ssl/ssl.key;
   server_name domain.com;
   try_files $uri/index.html $uri @app;
   location @app {
       proxy_pass http://app;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header Host $http_host;
       proxy_redirect off;
   }
   error_page 500 502 503 504 /500.html;
   client_max_body_size 4G;
   keepalive_timeout 10;
}

upstream app {

server unix:/var/www/public/shared/sockets/unicorn.sock fail_timeout=0;

}

server {

listen 443 ssl;

root /var/www/public;

ssl_certificate /etc/ssl/ssl.crt;

ssl_certificate_key /etc/ssl/ssl.key;

server_name domain.com;

try_files $uri/index.html $uri @app;

location @app {

proxy_pass http://app;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header Host $http_host;

proxy_redirect off;

}

error_page 500 502 503 504 /500.html;

client_max_body_size 4G;

keepalive_timeout 10;

}

The problem is solved by adding following to nginx config.

proxy_set_header  X-Forwarded-Proto $scheme;
proxy_set_header  X-Forwarded-Ssl on;
proxy_set_header  X-Forwarded-Port $server_port;
proxy_set_header  X-Forwarded-Host $host;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Forwarded-Ssl on;

proxy_set_header X-Forwarded-Port $server_port;

proxy_set_header X-Forwarded-Host $host;

The new config is

server {
   listen 443 ssl;
   root /var/www/public;
   ssl_certificate /etc/ssl/ssl.crt;
   ssl_certificate_key /etc/ssl/ssl.key;
   server_name domain.com;
   try_files $uri/index.html $uri @app;
   location @app {
       proxy_pass http://app;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header Host $http_host;
       proxy_set_header  X-Forwarded-Proto $scheme;
       proxy_set_header  X-Forwarded-Ssl on;
       proxy_set_header  X-Forwarded-Port $server_port;
       proxy_set_header  X-Forwarded-Host $host;
       proxy_redirect off;
   }
   error_page 500 502 503 504 /500.html;
   client_max_body_size 4G;
   keepalive_timeout 10;
}

server {

listen 443 ssl;

root /var/www/public;

ssl_certificate /etc/ssl/ssl.crt;

ssl_certificate_key /etc/ssl/ssl.key;

server_name domain.com;

try_files $uri/index.html $uri @app;

location @app {

proxy_pass http://app;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

proxy_set_header Host $http_host;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Forwarded-Ssl on;

proxy_set_header X-Forwarded-Port $server_port;

proxy_set_header X-Forwarded-Host $host;

proxy_redirect off;

}

error_page 500 502 503 504 /500.html;

client_max_body_size 4G;

keepalive_timeout 10;

}

See Nginx […]

Nginx Disable Access log

Posted on December 4, 2018 by ServerOk

On a high traffic web site, i want to disable access log as we are hitting I/O Limit. Since we don’t use this access log for anything now, there is no point keep writing it to a file. To disable, you need to add following to server entry for your web site.

access_log off;

1	access_log off;

Here is […]

Enable Directory Listing in Nginx

Posted on November 25, 2018 by ServerOk

To enable directory listing in Nginx, add following to server configuration.

autoindex on;

1	autoindex on;

Example

server {
	listen 80 default_server;
	listen [::]:80 default_server;
	root /var/www/html;
	autoindex on;
	index index.php index.html index.htm;

	server_name _;

    location / {
            try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        proxy_read_timeout 600;
        fastcgi_read_timeout 600;
        fastcgi_send_timeout 600;
        fastcgi_intercept_errors on;
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    }

}

server {

listen 80 default_server;

listen [::]:80 default_server;

root /var/www/html;

autoindex on;

index index.php index.html index.htm;

server_name _;

location / {

try_files $uri $uri/ /index.php?$args;

}

location ~ \.php$ {

include snippets/fastcgi-php.conf;

proxy_read_timeout 600;

fastcgi_read_timeout 600;

fastcgi_send_timeout 600;

fastcgi_intercept_errors on;

fastcgi_buffers 16 16k;

fastcgi_buffer_size 32k;

fastcgi_pass unix:/run/php/php7.0-fpm.sock;

}

If you need it for a specific folder, add

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    root /var/www/html;
    index index.php index.html index.htm;
    
    server_name _;

    location / {
            try_files $uri $uri/ /index.php?$args;
    }

    location /myfiles {
            autoindex on;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        proxy_read_timeout 600;
        fastcgi_read_timeout 600;
        fastcgi_send_timeout 600;
        fastcgi_intercept_errors on;
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    }

}

server {

listen 80 default_server;

listen [::]:80 default_server;

root /var/www/html;

index index.php index.html index.htm;

server_name _;

location / {

try_files $uri $uri/ /index.php?$args;

}

location /myfiles {

autoindex on;

}

location ~ \.php$ {

include snippets/fastcgi-php.conf;

proxy_read_timeout 600;

fastcgi_read_timeout 600;

fastcgi_send_timeout 600;

fastcgi_intercept_errors on;

fastcgi_buffers 16 16k;

fastcgi_buffer_size 32k;

fastcgi_pass unix:/run/php/php7.0-fpm.sock;

}

[…]

Nginx Configuration for Video Streaming With Secure Link

Posted on November 11, 2018 by ServerOk

here is nginx configuration i used for a video site that have secure link.

    server {
        listen   188.40.131.92:80;
        server_name s1.video.bizhat.com;
        access_log /var/log/nginx/s1.video.bizhat.com.log;
        error_log /var/log/nginx/s1.video.bizhat.com.error_log;
        location ~ ^/media/(?<secure>[\w\-=]+,\d+)(?<file>/.*\.flv)$ {
            secure_link $secure;
            secure_link_md5 $secure_link_expires.$file.hjAGhAJKAKAHJ89AHJ00AM;
            if ($secure_link = "") { return 403; }
            if ($secure_link = "0") { return 410; }
            alias  /home/s1.video.bizhat.com/private/$file;
            flv;
        }
        location ~ ^/media/(?<secure>[\w\-=]+,\d+)(?<file>/.*\.mp4)$ {
            secure_link $secure;
            secure_link_md5 $secure_link_expires.$file.hjAGhAJKAKAHJ89AHJ00AM;
            if ($secure_link = "") { return 403; }
            if ($secure_link = "0") { return 410; }
            alias  /home/s1.video.bizhat.com/private/$file;
        }
    }

server {

listen 188.40.131.92:80;

server_name s1.video.bizhat.com;

access_log /var/log/nginx/s1.video.bizhat.com.log;

error_log /var/log/nginx/s1.video.bizhat.com.error_log;

location ~ ^/media/(?<secure>[\w\-=]+,\d+)(?<file>/.*\.flv)$ {

secure_link $secure;

secure_link_md5 $secure_link_expires.$file.hjAGhAJKAKAHJ89AHJ00AM;

if ($secure_link = "") { return 403; }

if ($secure_link = "0") { return 410; }

alias /home/s1.video.bizhat.com/private/$file;

flv;

}

location ~ ^/media/(?<secure>[\w\-=]+,\d+)(?<file>/.*\.mp4)$ {

secure_link $secure;

secure_link_md5 $secure_link_expires.$file.hjAGhAJKAKAHJ89AHJ00AM;

if ($secure_link = "") { return 403; }

if ($secure_link = "0") { return 410; }

alias /home/s1.video.bizhat.com/private/$file;

}

This video server is a storage server in vShare Youtube Clone script. […]