Nginx: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
← Older edit
VisualWikitext
No edit summary
 
(13 intermediate revisions by the same user not shown)
Line 2: Line 2:
|-
|-
|valign='top' style='width:50%'|
|valign='top' style='width:50%'|
sudo apt install nginx
<syntaxhighlight lang='bash'>
sudo apt-get update;echo
sudo apt install -y nginx
</syntaxhighlight>


|valign='top' style='width:50%'|
|valign='top' style='width:50%'|
|-
|valign='top' colspan='2'|
{|class='wikitable mw-collapsible mw-collapsed'
!scope='col' style='text-align:left'|
[https://editor.plantuml.com/uml/fPH1Rzf048Nl-okcv51G2g79XLQYYeXIcggABEEeFVGoUDVWOEzOksl0_xwpjXCSY9fAtOib-xrv-yqCN5k7nfLv9h1qfCjygOnuvzOgLr1ac6eXtiF2LLcgLv2GWSYWjWKQfUCAK4luWHMLJjXDglarvh34UBCoL6fvGnax-BXdKrTeroXfvmi_dmGpgpgI6Uq3bBAhkHmB8J1sJUNsz1wiCZ0pjEDd3quFMl0ImMLT6gS5QjSOxrUftl_M_L1jbR4A0aFxQj3h6ck944lQloZP2yjbnRrXN2y_KrV9PIA5_zHDwGLbZh1GPllwpNo2bmZ5pUICLuA2ogr9FqMT9H-JYVfq6ZGlTHgJqHVbpyNyxZJB1zML_XBr7RVOOKgIv4gDJwCMXV4pcH4vxjqjRusKIa94UOoEkyTHZUGG9QPJ27bJlCyHrCthU_01JAUYdX_0y4lJRO3pS_WCyzi8BWoccHrYKOZs4ulgdhQYhsHsQ2HiKuI7-xjViA1ue_ozr6Wr-W3i75b-DH2jwn0o7B8_P5W8bIr8y-uTCfwkv3NVeYWuQ8vGsl7qVTVVWf6Fg5TqJDCKEA7ngSqm_LewYYbZge2CWybuF6QWndW4L1l-1wXUWdvdnczHFRA1cT9EMEkkDVLl2WAqjiQARe83neGnMkqHniih_XF6DMyR_vVz0G00 PlantUML]
|-
|valign='top'|
<kroki lang='plantuml'>
@startuml
autonumber
!theme plain
' Styling for Transparency and Layout
skinparam backgroundColor    transparent
skinparam DefaultFontName    Helvetica
skinparam shadowing          false
skinparam BoxPadding        20
actor          "User Browser"                  as User
participant    "Nginx\n(Reverse Proxy)"        as Nginx
box            "Ruby Stack"  #e3f2fd
    participant "Puma Server"                    as Puma
end box
box            "Python Stack" #f1f8e9
    participant "Gunicorn/uWSGI"                as Python
end box
box            "Java Stack"  #fff3e0
    participant "Spring Boot\n(Embedded Tomcat)" as Spring
end box
== Routing to Ruby (Puma) ==
User  -> Nginx  ++ : GET /rails-app
Nginx  -> Puma  ++ : Forward via UNIX Socket\n(e.g., app.sock)
Puma  -> Nginx  -- : Rack Response
Nginx  -> User  -- : HTTP Response
== Routing to Python (WSGI) ==
User  -> Nginx  ++ : GET /django-app
Nginx  -> Python ++ : Forward via HTTP/uWSGI Protocol\n(Port 8000)
Python -> Nginx  -- : WSGI Response
Nginx  -> User  -- : HTTP Response
== Routing to Java (Spring Boot) ==
User  -> Nginx  ++ : GET /java-api
Nginx  -> Spring ++ : Proxy Pass via TCP\n(Port 8080)
Spring -> Nginx  -- : HTTP Response
Nginx  -> User  -- : HTTP Response
@enduml
</kroki>
|}
|}
|}


Line 13: Line 73:
|-
|-
|valign='top'|
|valign='top'|
<syntaxhighlight lang='bash'>
<syntaxhighlight lang='nginx'>
cat << EOF | tee /etc/nginx/sites-available/academia.chorke.org >/dev/null
cat << EOF | tee /etc/nginx/sites-available/academia.chorke.org >/dev/null
server {
server {
Line 39: Line 99:
     location ~ ^/.well-known(/.*|$) {
     location ~ ^/.well-known(/.*|$) {
         alias /var/www/html/.well-known$1;
         alias /var/www/html/.well-known$1;
        add_header Cache-Control public;
         gzip_static on;
         gzip_static on;
         expires max;
         expires max;
        add_header Cache-Control public;
     }
     }


     location ^~ /assets/ {
     location ^~ /assets/ {
         root /var/chorke/academia.chorke.org/www/assets;
         root /var/chorke/academia.chorke.org/www/assets;
        add_header Cache-Control public;
         gzip_static on;
         gzip_static on;
         expires max;
         expires max;
        add_header Cache-Control public;
     }
     }


     location /minio/ {
     location /minio/ {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header Host $http_host;
         proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_redirect off;
         proxy_redirect off;
         proxy_buffering on;
         proxy_buffering on;
Line 63: Line 123:


     listen 443 ssl;
     listen 443 ssl;
     ssl_certificate /etc/letsencrypt/live/academia.chorke.org/fullchain.pem; # managed by Certbot
     ssl_certificate     /etc/letsencrypt/live/academia.chorke.org/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/academia.chorke.org/privkey.pem; # managed by Certbot
     ssl_certificate_key /etc/letsencrypt/live/academia.chorke.org/privkey.pem;
     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
     include             /etc/letsencrypt/options-ssl-nginx.conf;
     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
     ssl_dhparam         /etc/letsencrypt/ssl-dhparams.pem;
}
}


server {
server {
  server_name academia.chorke.org;
   if ($host = academia.chorke.org) {
   if ($host = academia.chorke.org) {
     return 301 https://$host$request_uri;
     return 301 https://$host$request_uri;
   } # managed by Certbot
   }
 
 
  server_name academia.chorke.org;


  listen [::]:80;
   listen 80;
   listen 80;
   return 404; # managed by Certbot
   return 404;
}
}
EOF
EOF
Line 106: Line 164:
</syntaxhighlight>
</syntaxhighlight>


<syntaxhighlight lang='text'>
<syntaxhighlight lang='nginx'>
location /minio/ {
location /minio/ {
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto $scheme;
   proxy_set_header Host $http_host;
   proxy_set_header Host $http_host;
  proxy_set_header X-Forwarded-Proto $scheme;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_buffering on;
   proxy_buffering on;
   proxy_buffer_size 8k;
   proxy_buffer_size 8k;
Line 125: Line 183:
|-
|-
|valign='top'|
|valign='top'|
<syntaxhighlight lang='text'>
<syntaxhighlight lang='nginx'>
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
Line 191: Line 249:
|-
|-
|valign='top' style='width:33%'|
|valign='top' style='width:33%'|
* [[Security/Certificate/TLS|Nginx » Security » Certificate » TLS]]
* [https://library.humio.com/falcon-logscale/installation-cluster-nginx-proxy.html Nginx » <code>X-Forwarded-Prefix</code>]
* [https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-22-04 Nginx » Install on Ubuntu 22.04]
* [https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-22-04 Nginx » Install on Ubuntu 22.04]
* [https://library.humio.com/falcon-logscale/installation-cluster-nginx-proxy.html Nginx » <code>X-Forwarded-Prefix</code>]
* [[Security/Certificate|Nginx » Security » Certificate]]
* [[Security/Password|Nginx » Security » Password]]
* [[Security/Domain|Nginx » Security » Domain]]
* [[K8s/Nginx/Ingress|Nginx » K8s » Ingress]]
* [[Nginx/Passenger|Nginx » Passenger]]
* [[HTTP Security|Nginx » Security]]


|valign='top' style='width:34%'|
|valign='top' style='width:34%'|
Line 199: Line 264:
|-
|-
|valign='top'|
|valign='top'|
* [https://serverfault.com/questions/618669/ Proxy to sites that expect to be at root URL]
* [[Virtual Host And Certbot in Raspbian 10]]
* [[Virtual Host And Certbot in Raspbian 10]]
* [[Virtual Host And Certbot in RHEL7]]
* [[Virtual Host And Certbot in RHEL7]]
Line 208: Line 272:
* [[HAProxy]]
* [[HAProxy]]
* [[MinIO]]
* [[MinIO]]
* [[CIDR]]
* [[UFW]]


|valign='top'|
|valign='top'|
* [https://serverfault.com/questions/618669/ Proxy to sites that expect to be at root URL]


|valign='top'|
|valign='top'|
|}
|}

Latest revision as of 23:44, 6 February 2026

sudo apt-get update;echo
sudo apt install -y nginx

PlantUML

Virtual Host

Virtual Host 

cat << EOF | tee /etc/nginx/sites-available/academia.chorke.org >/dev/null
server {
    server_name  academia.chorke.org;

    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 3;
    gzip_buffers 64 8k;
    gzip_disable "msie6";
    gzip_min_length 1100;
    gzip_http_version 1.0;
    gzip_types text/css text/xml application/x-javascript application/atom+xml text/mathml text/plain text/vnd.sun.j2me.app-descriptor text/vnd.wap.wml text/x-component image/bmp image/svg+xml image/x-icon;

    root /var/chorke/academia.chorke.org/www;
    access_log /var/chorke/academia.chorke.org/logs/nginx.access.log;
    error_log /var/chorke/academia.chorke.org/logs/nginx.error.log info;

    error_page 500 502 503 504 /500.html;
    client_max_body_size 25M;
    keepalive_timeout 10;
    expires $expires;

    location ~ ^/.well-known(/.*|$) {
        alias /var/www/html/.well-known$1;
        add_header Cache-Control public;
        gzip_static on;
        expires max;
    }

    location ^~ /assets/ {
        root /var/chorke/academia.chorke.org/www/assets;
        add_header Cache-Control public;
        gzip_static on;
        expires max;
    }

    location /minio/ {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_buffering on;
        proxy_buffer_size 8k;
        proxy_buffers 2048 8k;
        proxy_pass http://127.0.0.1:9801;
    }

    listen 443 ssl;
    ssl_certificate     /etc/letsencrypt/live/academia.chorke.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/academia.chorke.org/privkey.pem;
    include             /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam         /etc/letsencrypt/ssl-dhparams.pem;
}

server {
  server_name academia.chorke.org;

  if ($host = academia.chorke.org) {
    return 301 https://$host$request_uri;
  }

  listen 80;
  return 404;
}
EOF

ln -s /etc/nginx/sites-available/academia.chorke.org\
      /etc/nginx/sites-enabled/academia.chorke.org

Reverse Proxy

Reverse Proxy

Reverse Proxy » MinIO 
MINIO_OPTS="--address :9800 --console-address :9801"
MINIO_VOLUMES="/home/minio/.minio/data"
MINIO_ROOT_USER=admin
MINIO_ROOT_PASSWORD=academia
MINIO_CONFIG_ENV_FILE=/etc/default/minio
MINIO_BROWSER_REDIRECT_URL="http://academia.chorke.org/minio/"

location /minio/ {
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header X-Forwarded-Proto $scheme;
   proxy_set_header Host $http_host;
   proxy_buffering on;
   proxy_buffer_size 8k;
   proxy_buffers 2048 8k;
   proxy_redirect off;
   proxy_pass http://127.0.0.1:9801/;
}
Reverse Proxy » ROR 
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;

location / {
  proxy_pass http://127.0.0.1:3001;
}

location /api {
  proxy_pass http://127.0.0.1:3002;
}

Knowledge

Knowledge 

ufw status
netstat -a
netstat -lpn
apt install ufw
apt install nmap

sudo ss -tulwn | grep LISTEN
sudo ss -tulpn | grep LISTEN
sudo ss -tulpn | grep LISTEN | grep sshd
sudo ss -tulpn | grep LISTEN | grep minio
sudo ss -tulpn | grep LISTEN | grep resolve

sudo ufw status
sudo ufw app list
sudo ufw allow 'Nginx HTTP'
sudo ss -tulpn     | grep LISTEN
sudo lsof -i -P -n | grep LISTEN

apt install telnet
apt list --installed
netstat -uap|grep nginx

References

References

Retrieved from "https://wiki.chorke.org/index.php?title=Nginx&oldid=16580"