Nginx: Difference between revisions

Latest revision as of 23:44, 6 February 2026

sudo apt-get update;echo
sudo apt install -y nginx

PlantUML

Virtual Host

cat << EOF | tee /etc/nginx/sites-available/academia.chorke.org >/dev/null
server {
    server_name  academia.chorke.org;

    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 3;
    gzip_buffers 64 8k;
    gzip_disable "msie6";
    gzip_min_length 1100;
    gzip_http_version 1.0;
    gzip_types text/css text/xml application/x-javascript application/atom+xml text/mathml text/plain text/vnd.sun.j2me.app-descriptor text/vnd.wap.wml text/x-component image/bmp image/svg+xml image/x-icon;

    root /var/chorke/academia.chorke.org/www;
    access_log /var/chorke/academia.chorke.org/logs/nginx.access.log;
    error_log /var/chorke/academia.chorke.org/logs/nginx.error.log info;

    error_page 500 502 503 504 /500.html;
    client_max_body_size 25M;
    keepalive_timeout 10;
    expires $expires;

    location ~ ^/.well-known(/.*|$) {
        alias /var/www/html/.well-known$1;
        add_header Cache-Control public;
        gzip_static on;
        expires max;
    }

    location ^~ /assets/ {
        root /var/chorke/academia.chorke.org/www/assets;
        add_header Cache-Control public;
        gzip_static on;
        expires max;
    }

    location /minio/ {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        proxy_buffering on;
        proxy_buffer_size 8k;
        proxy_buffers 2048 8k;
        proxy_pass http://127.0.0.1:9801;
    }

    listen 443 ssl;
    ssl_certificate     /etc/letsencrypt/live/academia.chorke.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/academia.chorke.org/privkey.pem;
    include             /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam         /etc/letsencrypt/ssl-dhparams.pem;
}

server {
  server_name academia.chorke.org;

  if ($host = academia.chorke.org) {
    return 301 https://$host$request_uri;
  }

  listen 80;
  return 404;
}
EOF

ln -s /etc/nginx/sites-available/academia.chorke.org\
      /etc/nginx/sites-enabled/academia.chorke.org

Reverse Proxy

Reverse Proxy
Reverse Proxy » MinIO
MINIO_OPTS="--address :9800 --console-address :9801" MINIO_VOLUMES="/home/minio/.minio/data" MINIO_ROOT_USER=admin MINIO_ROOT_PASSWORD=academia MINIO_CONFIG_ENV_FILE=/etc/default/minio MINIO_BROWSER_REDIRECT_URL="http://academia.chorke.org/minio/" location /minio/ { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_buffering on; proxy_buffer_size 8k; proxy_buffers 2048 8k; proxy_redirect off; proxy_pass http://127.0.0.1:9801/; }
Reverse Proxy » ROR
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_redirect off; location / { proxy_pass http://127.0.0.1:3001; } location /api { proxy_pass http://127.0.0.1:3002; }

Knowledge

ufw status
netstat -a
netstat -lpn
apt install ufw
apt install nmap

sudo ss -tulwn | grep LISTEN
sudo ss -tulpn | grep LISTEN
sudo ss -tulpn | grep LISTEN | grep sshd
sudo ss -tulpn | grep LISTEN | grep minio
sudo ss -tulpn | grep LISTEN | grep resolve

sudo ufw status
sudo ufw app list
sudo ufw allow 'Nginx HTTP'
sudo ss -tulpn     | grep LISTEN
sudo lsof -i -P -n | grep LISTEN

apt install telnet
apt list --installed
netstat -uap|grep nginx

References

References
Nginx » Security » Certificate » TLS Nginx » `X-Forwarded-Prefix` Nginx » Install on Ubuntu 22.04 Nginx » Security » Certificate Nginx » Security » Password Nginx » Security » Domain Nginx » K8s » Ingress Nginx » Passenger Nginx » Security
Virtual Host And Certbot in Raspbian 10 Virtual Host And Certbot in RHEL7 Virtual Host And Certbot in RHEL6 Virtual Host And Certbot in WSL2 Localtunnel PostgreSQL HAProxy MinIO CIDR UFW	Proxy to sites that expect to be at root URL

Nginx: Difference between revisions

Latest revision as of 23:44, 6 February 2026

Contents

Virtual Host

Reverse Proxy

Knowledge

References

Navigation menu

@@ Line 1: / Line 1: @@
- sudo apt install nginx
+{|class='wikitable'
+|-
+|valign='top' style='width:50%'|
+<syntaxhighlight lang='bash'>
+sudo apt-get update;echo
+sudo apt install -y nginx
+</syntaxhighlight>
+|valign='top' style='width:50%'|
+|-
+|valign='top' colspan='2'|
+{|class='wikitable mw-collapsible mw-collapsed'
+!scope='col' style='text-align:left'|
+[https://editor.plantuml.com/uml/fPH1Rzf048Nl-okcv51G2g79XLQYYeXIcggABEEeFVGoUDVWOEzOksl0_xwpjXCSY9fAtOib-xrv-yqCN5k7nfLv9h1qfCjygOnuvzOgLr1ac6eXtiF2LLcgLv2GWSYWjWKQfUCAK4luWHMLJjXDglarvh34UBCoL6fvGnax-BXdKrTeroXfvmi_dmGpgpgI6Uq3bBAhkHmB8J1sJUNsz1wiCZ0pjEDd3quFMl0ImMLT6gS5QjSOxrUftl_M_L1jbR4A0aFxQj3h6ck944lQloZP2yjbnRrXN2y_KrV9PIA5_zHDwGLbZh1GPllwpNo2bmZ5pUICLuA2ogr9FqMT9H-JYVfq6ZGlTHgJqHVbpyNyxZJB1zML_XBr7RVOOKgIv4gDJwCMXV4pcH4vxjqjRusKIa94UOoEkyTHZUGG9QPJ27bJlCyHrCthU_01JAUYdX_0y4lJRO3pS_WCyzi8BWoccHrYKOZs4ulgdhQYhsHsQ2HiKuI7-xjViA1ue_ozr6Wr-W3i75b-DH2jwn0o7B8_P5W8bIr8y-uTCfwkv3NVeYWuQ8vGsl7qVTVVWf6Fg5TqJDCKEA7ngSqm_LewYYbZge2CWybuF6QWndW4L1l-1wXUWdvdnczHFRA1cT9EMEkkDVLl2WAqjiQARe83neGnMkqHniih_XF6DMyR_vVz0G00 PlantUML]
+|-
+|valign='top'|
+<kroki lang='plantuml'>
+@startuml
+autonumber
+!theme plain
+' Styling for Transparency and Layout
+skinparam backgroundColor    transparent
+skinparam DefaultFontName    Helvetica
+skinparam shadowing          false
+skinparam BoxPadding         20
+actor           "User Browser"                   as User
+participant     "Nginx\n(Reverse Proxy)"         as Nginx
+box             "Ruby Stack"   #e3f2fd
+    participant "Puma Server"                    as Puma
+end box
+box             "Python Stack" #f1f8e9
+    participant "Gunicorn/uWSGI"                 as Python
+end box
+box             "Java Stack"   #fff3e0
+    participant "Spring Boot\n(Embedded Tomcat)" as Spring
+end box
+== Routing to Ruby (Puma) ==
+User   -> Nginx  ++ : GET /rails-app
+Nginx  -> Puma   ++ : Forward via UNIX Socket\n(e.g., app.sock)
+Puma   -> Nginx  -- : Rack Response
+Nginx  -> User   -- : HTTP Response
+== Routing to Python (WSGI) ==
+User   -> Nginx  ++ : GET /django-app
+Nginx  -> Python ++ : Forward via HTTP/uWSGI Protocol\n(Port 8000)
+Python -> Nginx  -- : WSGI Response
+Nginx  -> User   -- : HTTP Response
+== Routing to Java (Spring Boot) ==
+User   -> Nginx  ++ : GET /java-api
+Nginx  -> Spring ++ : Proxy Pass via TCP\n(Port 8080)
+Spring -> Nginx  -- : HTTP Response
+Nginx  -> User   -- : HTTP Response
+@enduml
+</kroki>
+|}
+|}
 ==Virtual Host==
-<source lang="bash">
+{|class='wikitable mw-collapsible'
+!scope='col' style='text-align:left'|
+Virtual Host
+|-
+|valign='top'|
+<syntaxhighlight lang='nginx'>
 cat << EOF | tee /etc/nginx/sites-available/academia.chorke.org >/dev/null
 server {
@@ Line 8: / Line 79: @@
      gzip on;
-     gzip_http_version 1.0;
+     gzip_vary on;
+    gzip_proxied any;
+    gzip_comp_level 3;
+    gzip_buffers 64 8k;
      gzip_disable "msie6";
-    gzip_vary on;
      gzip_min_length 1100;
-     gzip_buffers 64 8k;
+     gzip_http_version 1.0;
-    gzip_comp_level 3;
+     gzip_types text/css text/xml application/x-javascript application/atom+xml text/mathml text/plain text/vnd.sun.j2me.app-descriptor text/vnd.wap.wml text/x-component image/bmp image/svg+xml image/x-icon;
-    gzip_proxied any;
-     gzip_types text/css text/xml application/x-javascript application/atom+xml text/mathml text/plain text/vnd.sun.j2me.app-descriptor text/vnd.wap.wml text/x-component;
      root /var/chorke/academia.chorke.org/www;
@@ Line 28: / Line 99: @@
      location ~ ^/.well-known(/.*|$) {
          alias /var/www/html/.well-known$1;
+        add_header Cache-Control public;
          gzip_static on;
          expires max;
-        add_header Cache-Control public;
      }
      location ^~ /assets/ {
          root /var/chorke/academia.chorke.org/www/assets;
+        add_header Cache-Control public;
          gzip_static on;
          expires max;
-        add_header Cache-Control public;
      }
      location /minio/ {
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
          proxy_set_header Host $http_host;
-         proxy_set_header X-Forwarded-Proto $scheme;
+         proxy_redirect off;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_buffering on;
          proxy_buffer_size 8k;
          proxy_buffers 2048 8k;
-        proxy_redirect off;
          proxy_pass http://127.0.0.1:9801;
      }
      listen 443 ssl;
-     ssl_certificate /etc/letsencrypt/live/academia.chorke.org/fullchain.pem; # managed by Certbot
+     ssl_certificate     /etc/letsencrypt/live/academia.chorke.org/fullchain.pem;
-     ssl_certificate_key /etc/letsencrypt/live/academia.chorke.org/privkey.pem; # managed by Certbot
+     ssl_certificate_key /etc/letsencrypt/live/academia.chorke.org/privkey.pem;
-     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+     include             /etc/letsencrypt/options-ssl-nginx.conf;
-     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+     ssl_dhparam         /etc/letsencrypt/ssl-dhparams.pem;
 }
 server {
+  server_name academia.chorke.org;
    if ($host = academia.chorke.org) {
      return 301 https://$host$request_uri;
-   } # managed by Certbot
+   }
-  server_name academia.chorke.org;
-  listen [::]:80;
    listen 80;
-   return 404; # managed by Certbot
+   return 404;
 }
 EOF
@@ Line 74: / Line 143: @@
 ln -s /etc/nginx/sites-available/academia.chorke.org\
        /etc/nginx/sites-enabled/academia.chorke.org
-</source>
+</syntaxhighlight>
+|}
 ==Reverse Proxy==
-===Reverse Proxy » MinIO===
+{|class='wikitable mw-collapsible'
-----
+!scope='col' style='text-align:left' colspan='2'|
-<source lang="bash">
+Reverse Proxy
+|-
+!scope='col' style='width:50%'| Reverse Proxy » MinIO
+!scope='col' style='width:50%'|
+|-
+|valign='top'|
+<syntaxhighlight lang='bash'>
 MINIO_OPTS="--address :9800 --console-address :9801"
 MINIO_VOLUMES="/home/minio/.minio/data"
@@ Line 86: / Line 162: @@
 MINIO_CONFIG_ENV_FILE=/etc/default/minio
 MINIO_BROWSER_REDIRECT_URL="http://academia.chorke.org/minio/"
-</source>
+</syntaxhighlight>
-<source lang="text">
+<syntaxhighlight lang='nginx'>
 location /minio/ {
+   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+   proxy_set_header X-Forwarded-Proto $scheme;
     proxy_set_header Host $http_host;
-   proxy_set_header X-Forwarded-Proto $scheme;
-   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_buffering on;
     proxy_buffer_size 8k;
@@ Line 99: / Line 175: @@
     proxy_pass http://127.0.0.1:9801/;
 }
-</source>
+</syntaxhighlight>
+|valign='top'|
+|-
+!scope='col'| Reverse Proxy » ROR
+!scope='col'|
+|-
+|valign='top'|
+<syntaxhighlight lang='nginx'>
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+proxy_set_header Host $http_host;
+proxy_redirect off;
+location / {
+  proxy_pass http://127.0.0.1:3001;
+}
+location /api {
+  proxy_pass http://127.0.0.1:3002;
+}
+</syntaxhighlight>
+|valign='top'|
+|}
 ==Knowledge==
-{|
+{|class='wikitable mw-collapsible'
-| valign="top" |
+!scope='col' style='text-align:left' colspan='3'|
-<source lang="bash">
+Knowledge
+|-
+|valign='top' style='width:33%'|
+<syntaxhighlight lang='bash'>
 ufw status
 netstat -a
@@ Line 110: / Line 213: @@
 apt install ufw
 apt install nmap
-</source>
+</syntaxhighlight>
-| valign="top" |
+|valign='top' style='width:34%'|
-<source lang="bash">
+<syntaxhighlight lang='bash'>
 sudo ss -tulwn | grep LISTEN
 sudo ss -tulpn | grep LISTEN
@@ Line 119: / Line 222: @@
 sudo ss -tulpn | grep LISTEN | grep minio
 sudo ss -tulpn | grep LISTEN | grep resolve
-</source>
+</syntaxhighlight>
-| valign="top" |
+|valign='top' style='width:33%'|
-<source lang="bash">
+<syntaxhighlight lang='bash'>
 sudo ufw status
 sudo ufw app list
@@ Line 128: / Line 231: @@
 sudo ss -tulpn     | grep LISTEN
 sudo lsof -i -P -n | grep LISTEN
-</source>
+</syntaxhighlight>
-|-
-|colspan='3'|
-----
 |-
 |valign='top'|
@@ Line 142: / Line 241: @@
 |valign='top'|
 |}
 ==References==
-{|
+{|class='wikitable mw-collapsible'
-| valign="top" |
+!scope='col' style='text-align:left' colspan='3'|
-* [https://serverfault.com/questions/618669/ Proxy to sites that expect to be at root URL]
+References
+|-
+|valign='top' style='width:33%'|
+* [[Security/Certificate/TLS|Nginx » Security » Certificate » TLS]]
+* [https://library.humio.com/falcon-logscale/installation-cluster-nginx-proxy.html Nginx » <code>X-Forwarded-Prefix</code>]
+* [https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-22-04 Nginx » Install on Ubuntu 22.04]
+* [[Security/Certificate|Nginx » Security » Certificate]]
+* [[Security/Password|Nginx » Security » Password]]
+* [[Security/Domain|Nginx » Security » Domain]]
+* [[K8s/Nginx/Ingress|Nginx » K8s » Ingress]]
+* [[Nginx/Passenger|Nginx » Passenger]]
+* [[HTTP Security|Nginx » Security]]
+|valign='top' style='width:34%'|
+|valign='top' style='width:33%'|
+|-
+|valign='top'|
 * [[Virtual Host And Certbot in Raspbian 10]]
 * [[Virtual Host And Certbot in RHEL7]]
 * [[Virtual Host And Certbot in RHEL6]]
 * [[Virtual Host And Certbot in WSL2]]
-* [https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-22-04 Nginx » Install on Ubuntu 22.04]
+* [[Localtunnel]]
-* [https://library.humio.com/falcon-logscale/installation-cluster-nginx-proxy.html Nginx » <code>X-Forwarded-Prefix</code>]
 * [[PostgreSQL]]
 * [[HAProxy]]
 * [[MinIO]]
+* [[CIDR]]
+* [[UFW]]
-| valign="top" |
+|valign='top'|
+* [https://serverfault.com/questions/618669/ Proxy to sites that expect to be at root URL]
-| valign="top" |
-|-
-| colspan="3" |
-----
-|-
-| valign="top" |
-| valign="top" |
-| valign="top" |
+|valign='top'|
 |}

Nginx: Difference between revisions

Latest revision as of 23:44, 6 February 2026

Virtual Host

Reverse Proxy

Knowledge

References

Navigation menu

Search