If you have a static website build using plain html files, your url will look like https://yourdomain/page.html. This .html extension is useful for the files when it is on your local computer, it help computer to associate the file with specific application, say your HTML editor. But on a web server this .html extension serve […]
Nginx show full url in access log
To show full url in nginx access log, add following
|
1 2 3 4 |
log_format main '$http_x_forwarded_for - $remote_user [$time_local] ' '"$request_method $scheme://$host$request_uri $server_protocol" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" $request_time'; |
See Nginx […]
Nginx HTTP 414 request-URI too large
On a Nginx server, when accessing a long url, i get error
|
1 |
HTTP 414 Request-URI Too Large |
To fix the error, edit
|
1 |
vi /etc/nginx/nginx.conf |
inside “http” section, find
|
1 |
large_client_header_buffers |
Replace the line with
|
1 |
large_client_header_buffers 4 32k; |
If your URL is very large, you may need to increase the 32k to higher or reduce the url length. Large url like this mostly happend […]
Show Real IP Nginx Behind Reverse Proxy
When your Nginx web server is running behind a reverse proxy, you will see IP of the reverse proxy server as visitor IP in web servers access log. To fix this, edit nginx.conf file
|
1 |
vi /etc/nginx/nginx.conf |
Find
|
1 |
http { |
Inside http section, add
|
1 2 |
set_real_ip_from IP_ADDRESS_OF_PROXY_SERVER_HERE; real_ip_header X-Forwarded-For; |
Example
|
1 2 |
set_real_ip_from 192.168.122.1; real_ip_header X-Forwarded-For; |
Restart Nginx
|
1 |
nginx -s reload |
[…]
Nginx Location Directive
Nginx Location Directive is used to route request to correct files. Match Exact match is used to match an exact URL.
|
1 2 3 4 5 6 7 8 9 10 |
server { listen 80 default_server; root /var/www/html; index index.html; server_name _; location /ok/ { root /home/; } } |
When location is used with no modifiers, then beginning of the URL is matched. In this case, any url http://domain/ok/FILE_NAME will be served from /home/ok/FILE_NAME Exact Match (=) Exact match is used to […]
Nginx Password Protect a website
To password protect a web site, you need to install htpasswd utility. On Ubuntu/Debian, you can install it with command
|
1 |
apt install apache2-utils -y |
Now create a password file with command
|
1 |
htpasswd -c /etc/nginx/.htpasswd USER_NAME_HERE |
It will ask for password. Edit configuration file for your web site and add following in the server entry for the web site.
|
1 2 |
auth_basic "Members Only"; auth_basic_user_file /etc/nginx/.htpasswd; |
Restart Nginx. […]
Configure Nginx to listen on single IP Address
By default Nginx listens on all IP address on a server. To make nginx listen on specific IP address, edit nginx configuration file
|
1 |
vi /etc/nginx/nginx.conf |
And VirtualHost/server files for each domain located in folders
|
1 2 |
/etc/nginx/conf.d => on CentOS/RHEL /etc/nginx/sites-available => on Debian/Ubuntu |
Find
|
1 |
listen 80 |
Replace with
|
1 |
listen IP_ADDR_HERE:80 |
IP_ADDR_HERE = your server IP address on which you need nginx listen on. See Nginx […]
Nginx Config for Laravel Application in sub folder
To run Laravel Application on sub folder of a web site, use following configuration. If you run Laravel application as main site, see Nginx Config for Laravel Application
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
# subFolderApp1 location /subFolderApp1 { alias /home/yorudomain.com/html/subFolderApp1/public; try_files $uri $uri/ @nested1; location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_pass unix:/run/php/php7.2-fpm-torrentp.sock; } } location @nested1 { rewrite /subFolderApp1/(.*)$ /subFolderApp1/index.php?/$1 last; } # end subFolderApp1 |
Here you place Laravel application in a subdirectory “subFolderApp1”. Example
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
server { server_name serverok.in www.serverok.in; root /home/serverok.in/html/; index index.php index.html index.htm; client_max_body_size 1000M; proxy_read_timeout 600s; fastcgi_read_timeout 600s; fastcgi_send_timeout 600s; location / { try_files $uri $uri/ /index.php?$query_string; } # service location /service { alias /home/serverok.in/html/service/public; try_files $uri $uri/ @nested1; location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_pass unix:/run/php/php7.2-fpm-torrentp.sock; } } location @nested1 { rewrite /service/(.*)$ /service/index.php?/$1 last; } # end service location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_intercept_errors on; fastcgi_buffers 16 16k; fastcgi_buffer_size 32k; fastcgi_pass unix:/run/php/php7.2-fpm-torrentp.sock; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/serverok.in/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/serverok.in/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = www.serverok.in) { return 301 https://$host$request_uri; } # managed by Certbot if ($host = serverok.in) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; server_name serverok.in www.serverok.in; return 404; # managed by Certbot } |
[…]
Nginx Config for Laravel Application
Here is Nginx configuration for a laravel application
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
server { listen 80; server_name www.domain.com; access_log /var/log/nginx/domain.com.log; root /home/domain.com/html/public; index index.html index.php; access_log /var/log/nginx/domain.com.log; error_log /var/log/nginx/domain.com-error.log; client_max_body_size 1000M; proxy_read_timeout 600s; fastcgi_read_timeout 600s; fastcgi_send_timeout 600s; location / { try_files $uri $uri/ /index.php$is_args$args; } location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ { try_files $uri =404; access_log off; expires max; } location = /robots.txt { access_log off; log_not_found off; } location = /favicon.ico { access_log off; log_not_found off; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_intercept_errors on; fastcgi_buffers 16 16k; fastcgi_buffer_size 32k; fastcgi_pass unix:/run/php/php7.2-fpm.sock; } } server { listen 80; server_name domain.com; return 301 http://www.domain.com$request_uri; } |
Nginx Config for Laravel Application in sub folder […]
Disable TLSv1 in Nginx
To disable TLSv1 in nginx, add
|
1 |
ssl_protocols TLSv1.1 TLSv1.2; |
in your server config. if you are using letsencrypt SSL, edit file
|
1 |
vi /etc/letsencrypt/options-ssl-nginx.conf |
Find
|
1 |
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; |
Replace with
|
1 |
ssl_protocols TLSv1.1 TLSv1.2; |
Restart Nginx
|
1 |
service nginx restart |
To verify, run
|
1 |
nmap --script ssl-enum-ciphers -p 443 DOMAIN.EXTN |
This will list all supported SSL protocols. Nginx SSL Configuration See Nginx […]