Nginx Basics: Difference between revisions
From WikiMLT
m (→Section 1) |
m (Стадий: 6 [Фаза:Утвърждаване, Статус:Утвърден]; Категория:Web Servers) |
||
| (8 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
<noinclude><!--[[Category:Web_Servers|?]]-->{{ContentArticleHeader/Web_Servers}}</noinclude> | <noinclude><!--[[Category:Web_Servers|?]]-->{{ContentArticleHeader/Web_Servers}}</noinclude> | ||
== Nginx CLI == | |||
<syntaxhighlight lang="shell" line="1"> | |||
sudo nginx -h | |||
</syntaxhighlight><syntaxhighlight lang="shell-session"> | |||
nginx version: nginx/1.18.0 (Ubuntu) | |||
Usage: nginx [-?hvVtTq] [-s signal] [-c filename] [-p prefix] [-g directives] | |||
Options: | |||
-?,-h : this help | |||
-v : show version and exit | |||
-V : show version and configure options then exit | |||
-t : test configuration and exit | |||
-T : test configuration, dump it and exit | |||
-q : suppress non-error messages during configuration testing | |||
-s signal : send signal to a master process: stop, quit, reopen, reload | |||
-p prefix : set prefix path (default: /usr/share/nginx/) | |||
-c filename : set configuration file (default: /etc/nginx/nginx.conf) | |||
-g directives : set global directives out of configuration file | |||
</syntaxhighlight> | |||
== Control via <code>systemctl</code>. == | |||
<syntaxhighlight lang="shell" line="1" class="code-continue"> | |||
sudo systemctl start nginx.service | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="shell" line="1" class="code-continue mlw-shell-gray"> | |||
sudo systemctl stop nginx.service | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="shell" line="1" class="code-continue"> | |||
sudo systemctl reload nginx.service | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="shell" line="1" class="code-continue mlw-shell-gray"> | |||
sudo systemctl restart nginx.service | |||
</syntaxhighlight> | |||
== Enable or Disable a Virtual Host Configuration == | |||
There is not available a native command equivalent of <code>a2ensite</code> or <code>a2dissite</code>. So we need to create or remove the VH relevant symbolic links manually.<syntaxhighlight lang="shell" line="1" class="code-continue"> | |||
sudo ln -s /etc/nginx/sites-{available,enabled}/vhost-name.conf | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="shell" line="1" class="code-continue mlw-shell-gray"> | |||
sudo rm /etc/nginx/sites-enabled/vhost-name.conf | |||
</syntaxhighlight>After that test the configuration and reload (or restart) the service.<syntaxhighlight lang="shell" line="1" class="code-continue"> | |||
sudo nginx -tq && sudo nginx -s reload | |||
</syntaxhighlight> | |||
== Example Configuration == | |||
Here are few example configurations: | |||
* [https://github.com/metalevel-tech/exc-laravel-react-v1/blob/master/assets/web.conf/laravel-nginx.conf Laravel compatible setup] - where Laravel is served on the base URL. This example is based on [https://laravel.com/docs/10.x/deployment#nginx Laravel 10.x Docs]. | |||
* [https://github.com/metalevel-tech/exc-laravel-react-v1/blob/master/assets/web.conf/app-nginx.conf Laravel+React compatible setup] - where React is served on the base URL and Laravel is served on the sub path (location) <code>/laravel</code>. Note: in a real world [https://bootcamp.laravel.com/inertia/installation#installing-laravel-breeze Laravel+React] application we do not need such complicated setup, but the scenario of the concrete [https://github.com/metalevel-tech/exc-laravel-react-v1 exercise] requires it. This example uses a solution provided within the answers of this Stack Overflow topic: [https://stackoverflow.com/questions/27785372/config-nginx-for-laravel-in-a-subfolder/62965174#62965174 Config nginx for Laravel In a subfolder]. | |||
* ''Find more examples within the [[NGINX Basic Setup#References|references below]].'' | |||
== PHP Enable == | |||
Nginx uses PHP-FPM, so as reference how to setup PHP-FPM see the article: [[Setup PHP on Ubuntu#Enable and Start PHP-FPM Service|'''Setup PHP on Ubuntu''']]. | |||
== Let's Encrypt == | |||
Currently I'm using Let's Encrypt *wildcard certificate, which is not compatible with the Nginx or Apache2 plugins, however to generate the helpers configuration file <code>/etc/letsencrypt/options-ssl-nginx.conf</code> you can use the command provided below, but first you must test your configuration for errors, because it there is some the conf-file will not be created.<syntaxhighlight lang="shell" line="1" class="code-continue mlw-shell-gray"> | |||
sudo nginx -t | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="shell" line="1" class="code-continue"> | |||
sudo certbot --nginx -n # run non-interactively: -n | |||
</syntaxhighlight> | |||
== References == | == References == | ||
* NGINX Docs: [https://docs.nginx.com/ Product Documentation] | |||
* NGINX Docs: [https://docs.nginx.com/nginx-waf/ NGINX ModSecurity WAF Documentation] | * NGINX Docs: [https://docs.nginx.com/nginx-waf/ NGINX ModSecurity WAF Documentation] | ||
| Line 9: | Line 71: | ||
* TrustWave Software Updates: [https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/ End of Sale and Trustwave Support for ModSecurity Web Application Firewall] | * TrustWave Software Updates: [https://www.trustwave.com/en-us/resources/security-resources/software-updates/end-of-sale-and-trustwave-support-for-modsecurity-web-application-firewall/ End of Sale and Trustwave Support for ModSecurity Web Application Firewall] | ||
* OWASP Docs: [https://owasp.org/blog/2021/12/22/announcing-coraza OWASP Core Ruleset Project announces Coraza SecLang engine] | * OWASP Docs: [https://owasp.org/blog/2021/12/22/announcing-coraza OWASP Core Ruleset Project announces Coraza SecLang engine] | ||
* Proxmox VE Wiki: [[pve:Web_Interface_Via_Nginx_Proxy|Web Interface Via Nginx Proxy]] | |||
* Server Fault: [https://serverfault.com/questions/30705/how-to-set-up-nginx-as-a-caching-reverse-proxy '''How to set up Nginx as a caching reverse proxy?'''] | |||
* Server Fault: [https://serverfault.com/q/424452/364207 Nginx enable site command] | |||
<noinclude> | <noinclude> | ||
<div id='devStage'> | <div id='devStage'> | ||
{{devStage | {{devStage | ||
| Прндл = Web Servers | | Прндл = Web Servers | ||
| Стадий = | | Стадий = 6 | ||
| Фаза = | | Фаза = Утвърждаване | ||
| Статус = | | Статус = Утвърден | ||
| ИдтПт = Spas | | ИдтПт = Spas | ||
| РзбПт = {{REVISIONUSER}} | | РзбПт = Spas | ||
| АвтПт = Spas | |||
| УтвПт = {{REVISIONUSER}} | |||
| ИдтДт = 17.09.2022 | | ИдтДт = 17.09.2022 | ||
| РзбДт = {{Today}} | | РзбДт = 18.02.2023 | ||
| АвтДт = 18.02.2023 | |||
| УтвДт = {{Today}} | |||
| ИдтРв = [[Special:Permalink/31604|31604]] | | ИдтРв = [[Special:Permalink/31604|31604]] | ||
| РзбРв = {{REVISIONID}} | | РзбРв = [[Special:Permalink/32258|32258]] | ||
| АвтРв = [[Special:Permalink/32259|32259]] | |||
| УтвРв = {{REVISIONID}} | |||
}} | }} | ||
</div> | </div> | ||
</noinclude> | </noinclude> | ||
Latest revision as of 11:45, 18 February 2023
Nginx CLI
sudo nginx -h
nginx version: nginx/1.18.0 (Ubuntu)
Usage: nginx [-?hvVtTq] [-s signal] [-c filename] [-p prefix] [-g directives]
Options:
-?,-h : this help
-v : show version and exit
-V : show version and configure options then exit
-t : test configuration and exit
-T : test configuration, dump it and exit
-q : suppress non-error messages during configuration testing
-s signal : send signal to a master process: stop, quit, reopen, reload
-p prefix : set prefix path (default: /usr/share/nginx/)
-c filename : set configuration file (default: /etc/nginx/nginx.conf)
-g directives : set global directives out of configuration file
Control via systemctl.
sudo systemctl start nginx.service
sudo systemctl stop nginx.service
sudo systemctl reload nginx.service
sudo systemctl restart nginx.service
Enable or Disable a Virtual Host Configuration
There is not available a native command equivalent of a2ensite or a2dissite. So we need to create or remove the VH relevant symbolic links manually.
sudo ln -s /etc/nginx/sites-{available,enabled}/vhost-name.conf
sudo rm /etc/nginx/sites-enabled/vhost-name.conf
After that test the configuration and reload (or restart) the service.
sudo nginx -tq && sudo nginx -s reload
Example Configuration
Here are few example configurations:
- Laravel compatible setup – where Laravel is served on the base URL. This example is based on Laravel 10.x Docs.
- Laravel+React compatible setup – where React is served on the base URL and Laravel is served on the sub path (location)
/laravel. Note: in a real world Laravel+React application we do not need such complicated setup, but the scenario of the concrete exercise requires it. This example uses a solution provided within the answers of this Stack Overflow topic: Config nginx for Laravel In a subfolder. - Find more examples within the references below.
PHP Enable
Nginx uses PHP-FPM, so as reference how to setup PHP-FPM see the article: Setup PHP on Ubuntu.
Let's Encrypt
Currently I'm using Let's Encrypt *wildcard certificate, which is not compatible with the Nginx or Apache2 plugins, however to generate the helpers configuration file /etc/letsencrypt/options-ssl-nginx.conf you can use the command provided below, but first you must test your configuration for errors, because it there is some the conf-file will not be created.
sudo nginx -t
sudo certbot --nginx -n # run non-interactively: -n
References
- NGINX Docs: Product Documentation
- NGINX Docs: NGINX ModSecurity WAF Documentation
- Linode Docs: Securing Nginx With ModSecurity
- NGINX Part of F5: F5 NGINX ModSecurity WAF Is Transitioning to End-of-Life
- TrustWave Software Updates: End of Sale and Trustwave Support for ModSecurity Web Application Firewall
- OWASP Docs: OWASP Core Ruleset Project announces Coraza SecLang engine
- Proxmox VE Wiki: Web Interface Via Nginx Proxy
- Server Fault: How to set up Nginx as a caching reverse proxy?
- Server Fault: Nginx enable site command
