Nginx: Difference between revisions
→Initial setup
imported>Sjwhitak (Add syntax highlighting.) |
imported>Sjwhitak |
||
| (6 intermediate revisions by the same user not shown) | |||
|
</syntaxhighlight>
{{Note|If that's all you want, don't use nginx; it'd be easier to write a [https://funprojects.blog/2021/04/11/a-web-server-in-1-line-of-bash/ single-lined Bash script] to run a single page.
In <code>/etc/nginx/nginx.conf</code>, <code>/etc/nginx/conf.d/*.conf</code> and <code>/etc/nginx/sites-enabled/*</code> are included. Therefore, if you have a complicated set up, you can split up your configuration among multiple files.
To test your configuration,
{{RootCmd|nginx -t}}
This will tell you what syntax is wrong if there happens to be any. For instance, some directives can't be certain areas.
== A single domain ==
}
</syntaxhighlight>
Please note that you'll need [https://shell.lug.mtu.edu/wiki/index.php?title=Nginx
=== Subservers ===
One can also use a single server using varying [https://nginx.org/en/docs/http/ngx_http_core_module.html#location location] directives:
<syntaxhighlight lang="nginx">
server {
root /var/www/html;
index index.html;
server_name example.com;
listen 80;
listen [::]:80;
location /blog {
alias /var/www/blog;
}
location /wiki {
alias /var/www/mediawiki;
}
location /forum {
alias /var/www/phpbb;
index index.php;
# php stuff
}
}
</syntaxhighlight>
The [https://nginx.org/en/docs/http/ngx_http_core_module.html#location location] directive can use regex:
<syntaxhighlight lang="nginx">
server {
listen 80;
listen [::]:80;
location ~ ^/~(.+?)(\/.*)?$ {
alias /home/$1/website$2;
}
}
</syntaxhighlight>
where this regex maps a home directory with a tilde; hence, a public access unix server with a public html page.
== Simple security ==
If you want to protect your server from people access your IP (typically if they're crawling via IPs, they're probably not up to something good), you can up a configuration:
Instead, we can use a free service, [https://letsencrypt.org/ Let's Encrypt], [https://dehydrated.io/ Dehydrated], or [https://zerossl.com/ ZeroSSL]. Let's Encrypt is the most common, and is a straightforward set up.
{{RootCmd|apt install certbot python3-certbot-nginx}}
Once certbot is installed, ensure your domain is pointed to the correct nginx server, then run:
{{RootCmd|certbot --nginx -d example.com -d ...}}
Where you can keep chaining <code>-d <domain></code> for each domain you have. <code>python3-certbot-nginx</code> will find the right nginx configuration to call, and <code>certbot</code> will make sure you've got rights to that domain. You can't just run certbot on google.com, you need to own the domain and the IP that domain is connected to. At this point, <code>python3-certbot-nginx</code> should have edited your nginx configuration to have certbot's certificate auto-configured. If you force https, you'll see:
<syntaxhighlight lang="nginx" line>
[https://letsencrypt.org/ Let's Encrypt] is simple. Just run <code>certbot renew</code> and it'll renew your certificate.
[https://letsencrypt.org/ Let's Encrypt]'s certificates are valid for 3 months, so you can update this every 3 months when it expires. Or, have a cronjob do it for you! Type
{{RootCmd|crontab -e}}
and then add:
0 12 * * * /usr/bin/certbot renew --quiet
You want to run a blog that hosts static pages and a wiki that runs [https://www.mediawiki.org/wiki/MediaWiki mediawiki].
Here's the steps you'd take with a fresh system (everything run as root):
<syntaxhighlight lang="bash">
apt install nginx php7.4 php7.4-fpm git
</syntaxhighlight>
Make sure you get the php version that's most recent or the one that's used by whatever software you're trying to use. This example uses version 7.4.
Then, make your folders and grab your content:
<syntaxhighlight lang="bash" line>
mkdir /var/www/wiki; cd /var/www/wiki
git clone https://github.com/wikimedia/mediawiki .
mkdir /var/www/blog; cd /var/www/blog
echo "Here's all my blog files" > index.html
</syntaxhighlight>
Configure <code>nginx</code> to point at these files, edit <code>/etc/nginx/sites-enabled/sites.conf</code>:
<syntaxhighlight lang="nginx">
server {
root /var/www/blog;
index index.html;
server_name blog.example.com;
listen 80;
listen [::]:80;
}
server {
root /var/www/mediawiki;
index index.php;
server_name wiki.example.com;
listen 80;
listen [::]:80;
location ~ \.php {
try_files $uri = 404;
fastcgi_pass 127.0.0.1:7777;
fastcgi_index index.php;
include fastcgi_params;
include fastcgi.conf;
}
}
</syntaxhighlight>
Please note that specifically with mediawiki, there are more configurations typically added, like denying access to deleted images, cached files, etc. To do that, paste your URL to: [https://shorturls.redwerks.org/ shortURLs] and step through their given configuration. Finally, mediawiki uses [[mysql]] to run a database, though this is explained when you follow the [https://www.mediawiki.org/wiki/Manual:Installation_guide installation guide].
At this point, we have nginx pointing to port <code>7777</code> for our <code>fastcgi</code> server to run the php files. We need to configure <code>fpm</code> to do this:
{{RootCmd|vim /etc/php/7.4/fpm/pool.d/www.conf}}
and write
<syntaxhighlight lang="text" line start="36">
listen = 127.0.0.1:7777
</syntaxhighlight>
Update everything with systemd,
{{RootCmd|systemctl restart nginx}}
{{RootCmd|systemctl restart php7.4-fpm}}
and the two sites should work.
| |||