Nginx
From charlesreid1
I finally got fed up with Apache's endless permissions problems and incomprehensible labyrinth of config files and virtualhosts that never, ever work, ever, not even a single time.
I switched to nginx.
Also see Gunicorn page for running Python apps on top of nginx.
You can also run nginx with Apache. I did this because, as much as I hate Apache, MediaWiki and Wordpress integrate better with it. So I set up nginx as a reverse proxy, so that any requests sent to nginx that are for the wiki or for wordpress are sent through to apache. Nginx Apache page has details.
Installing
Ubuntu
sudo apt-get install nginx
Basic Info
By default, nginx serves files out of
/usr/share/nginx/html
The default config file is located in
/etc/nginx/sites-available/default
To start/stop nginx, use it as a service,
sudo service nginx start sudo service nginx stop
It is generally a good idea to add virtual servers into the default configuration file, despite what I do below.
Virtual Hosts
Directory Structure and Permissions
I have created two http root directories, to serve two virtual hosts:
/www/example.com/public_html/ /www/test.com/public_html/
Both contain an index.html file with a simple hello world message.
Now I transfer ownership of these two directories to my regular username,
sudo chown -R $USER:$USER /www/example.com/public_html sudo chown -R $USER:$USER /www/test.com/public_html sudo chmod -R 755 /www/
Config File
Create a copy of the config file for each site:
sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/example.com sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/test.com
The contents:
example.com config file
/etc/nginx/sites-available/example.com
--------------------------
server {
listen 80;
listen [::]:80;
root /www/example.com/public_html;
index index.html index.htm;
server_name example.com www.example.com;
location / {
try_files $uri $uri/ =404;
}
}
test.com config file
/etc/nginx/sites-available/test.com
--------------------------
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /www/test.com/public_html;
index index.html index.htm;
server_name test.com www.test.com;
location / {
try_files $uri $uri/ =404;
}
}
Enabling Site/Site Config
To enable the site whose config files we just created, we create symlinks in nginx's sites-enabled:
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/ sudo ln -s /etc/nginx/sites-available/test.com /etc/nginx/sites-enabled/
Changing Hash Bucket Size
Mentioned by [1]. Edit the nginx config file:
sudo vim /etc/nginx/nginx.conf
and uncomment this line:
server_names_hash_bucket_size 64;
Restarting nginx to Implement Changes
sudo service nginx restart
Works
Works like a dream!
Virtual Hosts Revisited
I wasn't able to successfully implement virtual hosts with nginx using the procedure above, so I gave it another shot using the procedure outlined below.
Domain Records
I have two domains, doxuments.com and doxcompany.com, through NameCheap. I log in to name cheap and change the domain records of each domain.
For each domain, I create an A Name record for @ and an A Name record for www. Both point to the IP address of the server running nginx.
This makes two IP addresses, with two A Name records each, all pointing to the same IP address.
A.B.C.D
Set Permissions
I have two sites, served by a single instance of nginx out of two directories, /www/doxuments.com and /www/doxcompany.com. The permissions on these folders are set following [2]:
$ sudo chown -R www-data:www-data doxcompany.com/ doxuments.com/ $ sudo chmod 755 doxcompany.com/ doxuments.com/
Now onto the nginx settings.
Nginx
I change the domain records so that I have two domains, doxuments.com and doxcompany.com, pointing to the same server - one single IP address.
$ cd /etc/nginx/sites-available/
$ cat doxcompany.com
server {
listen 80;
listen [::]:80;
root /www/doxcompany.com/htdocs;
index index.html index.htm;
server_name doxcompany.com;
location / {
try_files $uri $uri/ =404;
}
}
$ cat doxuments.com
server {
listen 80;
listen [::]:80;
root /www/doxuments.com/htdocs;
index index.html index.htm;
server_name doxuments.com;
location / {
try_files $uri $uri/ =404;
}
}
doxcompany.com points to /www/doxcompany.com/htdocs and doxuments.com points to /www/doxuments.com/htdocs. Couldn't be simpler.
Enable site
I enable these sites by copying these sites-available files to the sites-enabled folder:
$ cd /etc/nginx/sites-enabled $ sudo ln -fs ../sites-available/doxuments.com $ sudo ln -fs ../sites-available/doxcompany.com
Restart Nginx
Now restart the nginx service.
$ sudo service nginx restart
Works!
And whaddya know, it works.
Using /www
If you want to use a particular directory structure, like /www/htdocs, you can do it this way:
Edit the file corresponding to the desired site name, something like /etc/nginx/sites-available/basic. Change the line:
root /www/htdocs;
to reflect whatever directory structure you want. Then restart the service:
sudo service nginx restart
and you're off!
Secure Directories
Add Secure Directory to Nginx Config File
To secure a directory, add the following to your nginx sites-available configuration file's server block:
server {
[....]
location /media {
root /www/;
index index.html index.htm;
autoindex on;
# htaccess
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/.htpasswd;
}
[.....]
}
Create Credentials for Secure Directory
Now you can create user credentials in the file /etc/nginx/.htpasswd and those credentials can be used to access the restricted location.
To add user to a new httpassd file:
htpasswd -c /etc/nginx/.htpasswd username
you will then be prompted for a password.
If you already have a password file:
htpasswd /etc/nginx/.htpasswd username
This will prompt you for a password. It will then be appended to the existing password file.
Using HTTPS/SSL with Nginx
This is a three step procedure.
First, you'll create a self-signed certificate request for a commercial SSL certificate company to grant you a certificate.
Second, you'll purchase a certificate from a third party. I used thesslstore.com and was pretty happy with the price. It'll set you back about $18 for one year or $40 for three years, which all in all is pretty reasonable, considering these things can be thousands of dollars.
Third, you'll use the certificates provided by the Certificate Authority (thesslstore.com in this case) with the key you used to create the certificate request to do SSL with Nginx. This will require a few changes to the Nginx configuration file.
So, let's get started!
Creating Self-Signed Request
Purchasing Certificate
This is another process that broke down into several steps.
First, purchase the certificate.
Then, verify I am the owner of the web domain.
Next, submit my certificate request.
Finally, download and extract the certificates.
Using Certificates with Nginx HTTPS/SSL
https://stackoverflow.com/questions/30986980/the-plain-http-request-was-sent-to-https-portnginx