Nginx
Jump to navigation
Jump to search
Installation
apt-get install gcc make mercurial libpcre3-dev zlib1g-dev libssl-dev # Debian, Ubuntu zypper install gcc make mercurial pcre-devel zlib-devel libopenssl-devel # openSUSE hg clone http://hg.nginx.org/nginx nginx-hg cd nginx-hg
We can also switch to a stable branch:
hg update -r stable-1.22
Build:
auto/configure --prefix=/opt/nginx --with-http_ssl_module --with-http_v2_module make sudo make install
Configuration
nginx.conf
# # nginx.conf # user www-data www-data; worker_processes 4; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid; events { worker_connections 1024; use epoll; # multi_accept on; } http { sendfile on; tcp_nopush on; tcp_nodelay on; # types_hash_max_size 1024; # server_names_hash_bucket_size 64; client_max_body_size 32M; include /opt/nginx/conf/mime.types; default_type application/octet-stream; # default_type text/plain; server_tokens on; access_log /var/log/nginx/access.log; log_not_found off; sendfile on; gzip on; gzip_disable "msie6"; include /usr/local/etc/nginx/conf/vhosts/*.conf; }
- Choose the appropriate Connection processing method
- Enable multi_accept to accept more than one connection at a time.
- Increase types_hash_max_size if necessary[1]
- Increase server_names_hash_bucket_size if necessary[2]
vhosts/example.conf
# # example.conf # # www.example.com:80 server { listen 80; listen [::]:80; server_name www.example.com; access_log /dev/null; rewrite ^ https://$server_name$request_uri? permanent; } # www.example.com:443 server { listen 443 ssl default_server; listen [::]:443 ssl default_server; server_name www.example.com; access_log /dev/null; root /var/www; index index.html index.php; autoindex on; # SSL ssl_certificate /usr/local/etc/nginx/conf/example.crt; ssl_certificate_key /usr/local/etc/nginx/conf/example.key; ssl_dhparam /usr/local/etc/nginx/conf/dhparam.pem; ssl_protocols TLSv1.1 TLSv1.2; ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH; ssl_prefer_server_ciphers on; # ssl_stapling on; # ssl_stapling_verify on; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; add_header Strict-Transport-Security max-age=15768000; # mod_rewrite location / { rewrite ^/a/(.*)$ /data/a/$1 last; rewrite ^/b/(.*)$ /data/a/b/$1 last; } # mod_auth location /private { alias /var/private/; autoindex on; auth_basic "Restricted"; auth_basic_user_file /usr/local/etc/nginx/conf/htpasswd; satisfy all; allow 10.0.0.0/24; allow 192.168.0.123/32; deny all; limit_rate_after 5m; limit_rate 300k; access_log /var/www/logs/access.log; } # PHP location ~ \.php$ { # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php5-fpm.sock; # fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; include /opt/nginx/conf/fastcgi_params; # fastcgi_intercept_errors on; } # MediaWiki location /wiki { alias /var/www/mediawiki; if (!-f $request_filename) { rewrite ^/wiki/([^?]*)(?:\?(.*))? /mediawiki/index.php?title=$1&$2 last; } } # phpMyAdmin location /phpmyadmin { alias /usr/share/phpmyadmin; allow 10.0.0.0/24; deny all; } }
Links
- Nginx Configuration
- Debian #524785 - nginx: could not build the server_names_hash, you should increase server_names_hash_bucket_size: 32
- HttpSubModule - string substitutions on response bodies
- HttpSubsModule - same, but 3rd party
- NGINX + PHP-FPM + APC = Awesome
- ngx_http_auth_digest
- Nginx & UserDir & PHP
- Mozilla SSL Configuration Generator