Revert to this revision

Syntax highlighting of fc7ae51 ~( devops/nginx) 

# Nginx

[TOC]

## Refs

[Nginx Docker Image](https://hub.docker.com/_/nginx)

[How To Install Nginx on Ubuntu 18.04 [Quickstart]](https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-18-04-quickstart)

[nginx: See Active connections / Connections Per Seconds](https://www.cyberciti.biz/faq/nginx-see-active-connections-connections-per-seconds/)

[Ускоряем Nginx за 5 минут](https://habr.com/post/198982/)

[HTTPS behind your reverse proxy](https://reinout.vanrees.org/weblog/2017/05/02/https-behind-proxy.html)

[Using nginx as HTTP load balancer](http://nginx.org/en/docs/http/load_balancing.html)


## Commands

```bash
# управление сервисом
sudo systemctl start/stop/restart/status nginx
# проверка синтаксиса конфигурации без перезапуска
sudo nginx -t
# reload configuration without server restart
nginx -s reload
# or
/etc/init.d/nginx reload
```

## nginx.conf

client_max_body_size 100m; - ограничение максимального размера фалов в запросе

Ожидание для проксированных запросов.
```
location / {
  ...
  proxy_send_timeout      150;
  proxy_read_timeout      150;
}
```

## Basic Auth

```bash
sudo apt-get install -y apache2-utils
sudo htpasswd -c /etc/nginx/htpasswd.elk kibanauser
```
```nginx
location / {
  auth_basic "Restricted Access";
  auth_basic_user_file /etc/nginx/htpasswd.elk;
}
```

## Static Files

https://docs.nginx.com/nginx/admin-guide/web-server/serving-static-content/

```nginx
server {
        listen 80 default_server;
        listen [::]:80 default_server;

        root /var/www/conf-server;

        index index.html;

        server_name _;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

        location /ds4/ {
                autoindex on;
        }
}
```

```bash
/var/www/conf-server/
├── ds4
   └── readme.txt
└── index.html
```

![web index](https://purl.onrails.ru/files/8fa401c9-dd57-4172-8cbc-46281a88fd3a.png)


## nginx status

```nginx
server {
	listen 81 default_server;
	listen [::]:81 default_server;

	root /var/www/html;
	index index.html index.htm index.nginx-debian.html;

	server_name _;

	location / {
		try_files $uri $uri/ =404;
	}

	location /nginx_status {
        	stub_status;
        	allow 127.0.0.1;
        	deny all;
        }
}
```

## websocket

Рабочая конфигурация centrifugo в проекте example

```nginx
server {
  listen 80;
  server_name new.example.com new-api.example.com;

  rewrite ^ https://$server_name$request_uri? permanent;
}

server {
  listen 443;
  ssl on;
  server_name new.example.com;
  ssl_certificate /etc/nginx/ssl/example.crt;
  ssl_certificate_key /etc/nginx/ssl/example.key;
  ssl_session_timeout     5m;
  ssl_protocols           SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
  ssl_prefer_server_ciphers   on;

  location / {

  proxy_pass http://127.0.0.1:8080;

  proxy_set_header Host $host;

  proxy_set_header X-Real-IP $remote_addr;

  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

  error_page 500 502 503 504 /error50x.html;
  location = /error50x.html {
  root /var/www/errors;
  }  

  }


}
map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }
upstream websocket {
        server 127.0.0.1:8083;
    }

server {
  listen 443;
  ssl on;
  server_name ws.example.com;
  ssl_certificate /etc/nginx/ssl/example.crt;
  ssl_certificate_key /etc/nginx/ssl/example.key;
  ssl_session_timeout     5m;
  ssl_protocols           SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
  ssl_prefer_server_ciphers   on;

  location / {

  proxy_pass http://websocket;

  # proxy_set_header Host $host;
  # proxy_set_header X-Real-IP $remote_addr;
  # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

  proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
  }
}



server {
        listen 443;# default_server;
        server_name new-api.example.com;
  ssl on;
  ssl_certificate /etc/nginx/ssl/example.crt;
  ssl_certificate_key /etc/nginx/ssl/example.key;
  ssl_session_timeout     5m;
  ssl_protocols           SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
  ssl_prefer_server_ciphers   on;

        location / {
                passenger_enabled on;
                passenger_max_request_queue_size 1000;
#                passenger_min_instances 3;
#                passenger_max_pool_size 10;
                rails_env    production;
                root         /var/www/api/current/public;

                # redirect server error pages to the static page /50x.html
                # error_page   500 502 503 504  /error50x.html;
    # location = /error50x.html; {
    #   root /var/www/errors;
    #  }
                }
}
```