Nginx: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 13: | Line 13: | ||
{|class='wikitable mw-collapsible mw-collapsed' | {|class='wikitable mw-collapsible mw-collapsed' | ||
!scope='col' style='text-align:left'| | !scope='col' style='text-align:left'| | ||
[https://editor.plantuml.com/uml/ | [https://editor.plantuml.com/uml/fPG_Rzim4CLtVeg3kjX8xQZ9uWPm4JX8tNG815b1CtGvYvIZsE899EK_txv7IgaSUqY1QX74U-yTVqT2jzQXSKsr4TWuqasrL4ROTQbhD5Z14lFrob2ZvHrjo80pg2sNb7P7Alk2adQbNa616wkEAZFQ9oYbBrt5Gc3kE2Hwiih0pD2Etn6W1RyWsE7AlAnHEuWULwNU_zQ3L6sLiGeIG_l3C8X3IOWbxI5Ac-K15evt6S4dTLrS5L80F--oagP2M2YpxRhvRw6q18xeSfA3Uo7zDwduKapKr_EaUQFBd8o-R7ujvWzjM72UnFt4BVPXHN6julEmHMtyN6P4Za7lUV9IAWaPLJcw5hMLzE7JAQJKE6zp105-u6c6C9sAC5M0qRTsGW0N5t03y_iCBWsM6pl2kXPTYKLXAfteEvaT6WdR4k7fyU4P5fIlbT-M6g_6du6TOyjBGz6v-YQZ4VjJ9eLKsPeq7t_VusrBNlCZov9USuBIpN_Wn_eHZ7n5lQ9JcZRWZCPtRK_BNo57EMsOAY7ZO1B7CGErnXEWOFWVe7031aT7_17LAnkOgJngrhc39jn_ID3QW9NT9Jt6X34wxGd6-ot-4yOjNpR-7Vm1 Diagram] | ||
|- | |- | ||
|valign='top'| | |valign='top'| | ||
| Line 39: | Line 39: | ||
== Routing to Ruby (Puma) == | == Routing to Ruby (Puma) == | ||
User -> Nginx ++ : GET /rails-app | User -> Nginx ++ : GET /rails-app | ||
Nginx -> Puma ++ : Forward via UNIX Socket\n(e.g., app.sock) | Nginx -> Puma ++ : Forward via UNIX Socket\n(e.g., app.sock) | ||
Puma -> Nginx -- : Rack Response | Puma -> Nginx -- : Rack Response | ||
Nginx -> User -- : HTTP Response | Nginx -> User -- : HTTP Response | ||
== Routing to Python (WSGI) == | == Routing to Python (WSGI) == | ||
User -> Nginx ++ : GET /django-app | User -> Nginx ++ : GET /django-app | ||
Nginx -> Python ++ : Forward via HTTP/uWSGI Protocol\n(Port 8000) | Nginx -> Python ++ : Forward via HTTP/uWSGI Protocol\n(Port 8000) | ||
Python -> Nginx -- : WSGI Response | Python -> Nginx -- : WSGI Response | ||
Nginx -> User -- : HTTP Response | Nginx -> User -- : HTTP Response | ||
== Routing to Java (Spring Boot) == | == Routing to Java (Spring Boot) == | ||
User -> Nginx ++ : GET /java-api | User -> Nginx ++ : GET /java-api | ||
Nginx -> Spring ++ : Proxy Pass via TCP\n(Port 8080) | Nginx -> Spring ++ : Proxy Pass via TCP\n(Port 8080) | ||
Spring -> Nginx -- : HTTP Response | Spring -> Nginx -- : HTTP Response | ||
Nginx -> User -- : HTTP Response | Nginx -> User -- : HTTP Response | ||
@enduml | @enduml | ||
Revision as of 10:15, 6 February 2026
sudo apt-get update;echo
sudo apt install -y nginx
|
|||
| |||
Virtual Host
|
Virtual Host |
|---|
cat << EOF | tee /etc/nginx/sites-available/academia.chorke.org >/dev/null
server {
server_name academia.chorke.org;
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 3;
gzip_buffers 64 8k;
gzip_disable "msie6";
gzip_min_length 1100;
gzip_http_version 1.0;
gzip_types text/css text/xml application/x-javascript application/atom+xml text/mathml text/plain text/vnd.sun.j2me.app-descriptor text/vnd.wap.wml text/x-component image/bmp image/svg+xml image/x-icon;
root /var/chorke/academia.chorke.org/www;
access_log /var/chorke/academia.chorke.org/logs/nginx.access.log;
error_log /var/chorke/academia.chorke.org/logs/nginx.error.log info;
error_page 500 502 503 504 /500.html;
client_max_body_size 25M;
keepalive_timeout 10;
expires $expires;
location ~ ^/.well-known(/.*|$) {
alias /var/www/html/.well-known$1;
add_header Cache-Control public;
gzip_static on;
expires max;
}
location ^~ /assets/ {
root /var/chorke/academia.chorke.org/www/assets;
add_header Cache-Control public;
gzip_static on;
expires max;
}
location /minio/ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_buffering on;
proxy_buffer_size 8k;
proxy_buffers 2048 8k;
proxy_pass http://127.0.0.1:9801;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/academia.chorke.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/academia.chorke.org/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
server_name academia.chorke.org;
if ($host = academia.chorke.org) {
return 301 https://$host$request_uri;
}
listen 80;
return 404;
}
EOF
ln -s /etc/nginx/sites-available/academia.chorke.org\
/etc/nginx/sites-enabled/academia.chorke.org
|
Reverse Proxy
|
Reverse Proxy | |
|---|---|
| Reverse Proxy » MinIO | |
MINIO_OPTS="--address :9800 --console-address :9801"
MINIO_VOLUMES="/home/minio/.minio/data"
MINIO_ROOT_USER=admin
MINIO_ROOT_PASSWORD=academia
MINIO_CONFIG_ENV_FILE=/etc/default/minio
MINIO_BROWSER_REDIRECT_URL="http://academia.chorke.org/minio/"
location /minio/ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_buffering on;
proxy_buffer_size 8k;
proxy_buffers 2048 8k;
proxy_redirect off;
proxy_pass http://127.0.0.1:9801/;
}
|
|
| Reverse Proxy » ROR | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
location / {
proxy_pass http://127.0.0.1:3001;
}
location /api {
proxy_pass http://127.0.0.1:3002;
}
|
|
Knowledge
|
Knowledge | ||
|---|---|---|
ufw status
netstat -a
netstat -lpn
apt install ufw
apt install nmap
|
sudo ss -tulwn | grep LISTEN
sudo ss -tulpn | grep LISTEN
sudo ss -tulpn | grep LISTEN | grep sshd
sudo ss -tulpn | grep LISTEN | grep minio
sudo ss -tulpn | grep LISTEN | grep resolve
|
sudo ufw status
sudo ufw app list
sudo ufw allow 'Nginx HTTP'
sudo ss -tulpn | grep LISTEN
sudo lsof -i -P -n | grep LISTEN
|
apt install telnet apt list --installed netstat -uap|grep nginx |
||
References
|
References | ||
|---|---|---|