Nginx Basics: Difference between revisions
From WikiMLT
m (→CLI) |
m (→CLI) |
||
| Line 1: | Line 1: | ||
<noinclude><!--[[Category:Web_Servers|?]]-->{{ContentArticleHeader/Web_Servers}}</noinclude> | <noinclude><!--[[Category:Web_Servers|?]]-->{{ContentArticleHeader/Web_Servers}}</noinclude> | ||
== CLI == | == Nginx CLI == | ||
<syntaxhighlight lang="shell" line="1"> | <syntaxhighlight lang="shell" line="1"> | ||
sudo nginx -h | sudo nginx -h | ||
| Line 21: | Line 21: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Control via <code>systemctl</code>. | == Control via <code>systemctl</code>. == | ||
<syntaxhighlight lang="shell" line="1" class="code-continue"> | <syntaxhighlight lang="shell" line="1" class="code-continue"> | ||
sudo systemctl start nginx.service | sudo systemctl start nginx.service | ||
| Line 36: | Line 35: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== Enable or Disable a Virtual Host Configuration == | |||
There is not available a native command equivalent of <code>a2ensite</code> or <code>a2dissite</code>. So we need to create or remove the VH relevant symbolic links manually.<syntaxhighlight lang="shell" line="1" class="code-continue"> | |||
sudo ln -s /etc/nginx/sites-{available,enabled}/vhost-name.conf | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="shell" line="1" class="code-continue mlw-shell-gray"> | |||
sudo rm /etc/nginx/sites-enabled/vhost-name.conf | |||
</syntaxhighlight>After that test the configuration and reload (or restart) the service.<syntaxhighlight lang="shell" line="1" class="code-continue"> | |||
sudo nginx -tq && sudo nginx -s reload | |||
</syntaxhighlight> | |||
== Example Configuration == | |||
Here are few example configurations: | |||
* [https://github.com/metalevel-tech/exc-laravel-react-v1/blob/master/assets/web.conf/laravel-nginx.conf Laravel compatible setup] - where Laravel is served on the base URL. This example is based on [https://laravel.com/docs/10.x/deployment#nginx Laravel 10.x Docs]. | |||
* [https://github.com/metalevel-tech/exc-laravel-react-v1/blob/master/assets/web.conf/app-nginx.conf Laravel+React compatible setup] - where React is served on the base URL and Laravel is served on the sub path (location) <code>/laravel</code>. Note: in a real world [https://bootcamp.laravel.com/inertia/installation#installing-laravel-breeze Laravel+React] application we do not need such complicated setup, but the scenario of the concrete [https://github.com/metalevel-tech/exc-laravel-react-v1 exercise] requires it. This example uses a solution provided within the answers of this Stack Overflow topic: [https://stackoverflow.com/questions/27785372/config-nginx-for-laravel-in-a-subfolder/62965174#62965174 Config nginx for Laravel In a subfolder]. | |||
* ''Find more examples within the [[NGINX Basic Setup#References|references below]].'' | |||
== PHP Enable == | |||
Nginx uses PHP-FPM, so as reference how to setup PHP-FPM see the article: [[Setup PHP on Ubuntu#Enable and Start PHP-FPM Service|'''Setup PHP on Ubuntu''']]. | |||
== Let's Encrypt == | |||
Currently I'm using Let's Encrypt *wildcard certificate, which is not compatible with the Nginx or Apache2 plugins, however to generate the helpers configuration file <code>/etc/letsencrypt/options-ssl-nginx.conf</code> you can use the command provided below, but first you must test your configuration for errors, because it there is some the conf-file will not be created.<syntaxhighlight lang="shell" line="1" class="code-continue mlw-shell-gray"> | |||
sudo nginx -t | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="shell" line="1" class="code-continue"> | |||
sudo certbot --nginx -n # run non-interactively: -n | |||
</syntaxhighlight> | |||
== References == | == References == | ||
| Line 46: | Line 72: | ||
* OWASP Docs: [https://owasp.org/blog/2021/12/22/announcing-coraza OWASP Core Ruleset Project announces Coraza SecLang engine] | * OWASP Docs: [https://owasp.org/blog/2021/12/22/announcing-coraza OWASP Core Ruleset Project announces Coraza SecLang engine] | ||
* Proxmox VE Wiki: [[pve:Web_Interface_Via_Nginx_Proxy|Web Interface Via Nginx Proxy]] | * Proxmox VE Wiki: [[pve:Web_Interface_Via_Nginx_Proxy|Web Interface Via Nginx Proxy]] | ||
* Server Fault: [https://serverfault.com/questions/30705/how-to-set-up-nginx-as-a-caching-reverse-proxy How to set up Nginx as a caching reverse proxy?] | * Server Fault: [https://serverfault.com/questions/30705/how-to-set-up-nginx-as-a-caching-reverse-proxy '''How to set up Nginx as a caching reverse proxy?'''] | ||
* Server Fault: [https://serverfault.com/q/424452/364207 Nginx enable site command] | |||
<noinclude> | <noinclude> | ||
<div id='devStage'> | <div id='devStage'> | ||
Revision as of 11:45, 18 February 2023
Nginx CLI
sudo nginx -h
nginx version: nginx/1.18.0 (Ubuntu)
Usage: nginx [-?hvVtTq] [-s signal] [-c filename] [-p prefix] [-g directives]
Options:
-?,-h : this help
-v : show version and exit
-V : show version and configure options then exit
-t : test configuration and exit
-T : test configuration, dump it and exit
-q : suppress non-error messages during configuration testing
-s signal : send signal to a master process: stop, quit, reopen, reload
-p prefix : set prefix path (default: /usr/share/nginx/)
-c filename : set configuration file (default: /etc/nginx/nginx.conf)
-g directives : set global directives out of configuration file
Control via systemctl.
sudo systemctl start nginx.service
sudo systemctl stop nginx.service
sudo systemctl reload nginx.service
sudo systemctl restart nginx.service
Enable or Disable a Virtual Host Configuration
There is not available a native command equivalent of a2ensite or a2dissite. So we need to create or remove the VH relevant symbolic links manually.
sudo ln -s /etc/nginx/sites-{available,enabled}/vhost-name.conf
sudo rm /etc/nginx/sites-enabled/vhost-name.conf
After that test the configuration and reload (or restart) the service.
sudo nginx -tq && sudo nginx -s reload
Example Configuration
Here are few example configurations:
- Laravel compatible setup – where Laravel is served on the base URL. This example is based on Laravel 10.x Docs.
- Laravel+React compatible setup – where React is served on the base URL and Laravel is served on the sub path (location)
/laravel. Note: in a real world Laravel+React application we do not need such complicated setup, but the scenario of the concrete exercise requires it. This example uses a solution provided within the answers of this Stack Overflow topic: Config nginx for Laravel In a subfolder. - Find more examples within the references below.
PHP Enable
Nginx uses PHP-FPM, so as reference how to setup PHP-FPM see the article: Setup PHP on Ubuntu.
Let's Encrypt
Currently I'm using Let's Encrypt *wildcard certificate, which is not compatible with the Nginx or Apache2 plugins, however to generate the helpers configuration file /etc/letsencrypt/options-ssl-nginx.conf you can use the command provided below, but first you must test your configuration for errors, because it there is some the conf-file will not be created.
sudo nginx -t
sudo certbot --nginx -n # run non-interactively: -n
References
- NGINX Docs: Product Documentation
- NGINX Docs: NGINX ModSecurity WAF Documentation
- Linode Docs: Securing Nginx With ModSecurity
- NGINX Part of F5: F5 NGINX ModSecurity WAF Is Transitioning to End-of-Life
- TrustWave Software Updates: End of Sale and Trustwave Support for ModSecurity Web Application Firewall
- OWASP Docs: OWASP Core Ruleset Project announces Coraza SecLang engine
- Proxmox VE Wiki: Web Interface Via Nginx Proxy
- Server Fault: How to set up Nginx as a caching reverse proxy?
- Server Fault: Nginx enable site command
