Nginx

From Segfault
Jump to: navigation, search

Installation

apt-get install gcc make mercurial libpcre3-dev zlib1g-dev libssl-dev     # Debian, Ubuntu
zypper  install gcc make mercurial pcre-devel zlib-devel libopenssl-devel # openSUSE
 
hg clone http://hg.nginx.org/nginx nginx-hg
cd nginx-hg

We can also switch to a stable branch:

hg update -r stable-1.4

Build:

auto/configure --prefix=/opt/nginx --with-ipv6 --with-http_ssl_module --with-http_spdy_module \
    --without-http_browser_module --without-http_geo_module --without-http_memcached_module \
    --without-http_referer_module --without-http_scgi_module --without-http_split_clients_module \
    --without-http_ssi_module --without-http_userid_module --without-http_uwsgi_module

make
sudo make install

Configuration

nginx.conf

#
# nginx.conf
#
user                www-data www-data;
worker_processes    4;

error_log           /var/log/nginx/error.log;
pid                 /var/run/nginx.pid;

events {
        worker_connections              1024;
        use                             epoll;
#       multi_accept                    on;
}

http {
        sendfile                        on;
        tcp_nopush                      on;
        tcp_nodelay                     on;
#       types_hash_max_size             1024;
#       server_names_hash_bucket_size   64;
        client_max_body_size            32M;
        include                         /opt/nginx/conf/mime.types;
        default_type                    application/octet-stream;
#       default_type                    text/plain;
        server_tokens                   on;

        access_log      /var/log/nginx/access.log;
        log_not_found   off;
        sendfile        on;
        gzip            on;
        gzip_disable    "msie6";

        include         /usr/local/etc/nginx/conf/vhosts/*.conf;
}
  • Enable multi_accept to accept more than one connection at a time.

vhosts/example.conf

#
# example.conf
#

# www.example.com:80
server {
        listen                 80;
        listen                 [::]:80;

        server_name             www.example.com;
        access_log              /dev/null;
        rewrite                 ^ https://$server_name$request_uri? permanent;
}

# www.example.com:443
server {
        listen                  443      ssl default_server;
        listen                  [::]:443 ssl default_server;

        server_name             www.example.com;
        access_log              /dev/null;

        root                    /var/www;
        index                   index.html index.php;
        autoindex               on;

        # SSL
        ssl_certificate         /usr/local/etc/nginx/conf/example.crt;
        ssl_certificate_key     /usr/local/etc/nginx/conf/example.key;
        ssl_dhparam             /usr/local/etc/nginx/conf/dhparam.pem;
        ssl_protocols           TLSv1.1 TLSv1.2;
        ssl_ciphers             RC4:HIGH:!aNULL:!MD5:!kEDH;
        ssl_prefer_server_ciphers on;

#       ssl_stapling on;
#       ssl_stapling_verify on;

        ssl_session_timeout     1d; 
        ssl_session_cache       shared:SSL:50m;
        add_header              Strict-Transport-Security max-age=15768000;

        # mod_rewrite
        location / {
                rewrite ^/a/(.*)$       /data/a/$1   last;
                rewrite ^/b/(.*)$       /data/a/b/$1 last;
        }

        # mod_auth
        location /private {
                alias /var/private/;
                autoindex               on;
                auth_basic              "Restricted";
                auth_basic_user_file    /usr/local/etc/nginx/conf/htpasswd;
                satisfy                 all;
                allow                   10.0.0.0/24;
                allow                   192.168.0.123/32;
                deny                    all;
                limit_rate_after        5m;
                limit_rate              300k;
                access_log              /var/www/logs/access.log;
        }

        # PHP
        location ~ \.php$ {
                # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
        #       fastcgi_pass 127.0.0.1:9000;
                fastcgi_index index.php;
                include /opt/nginx/conf/fastcgi_params;
        #       fastcgi_intercept_errors on;
        }

        # MediaWiki
        location /wiki {
                alias /var/www/mediawiki;
                if (!-f $request_filename) {
                        rewrite ^/wiki/([^?]*)(?:\?(.*))? /mediawiki/index.php?title=$1&$2 last;
                }
        }

        # phpMyAdmin
        location /phpmyadmin {
                alias /usr/share/phpmyadmin;
                allow 10.0.0.0/24;
                deny all;
        }
}

Links

References