Nginx
Refs
How To Install Nginx on Ubuntu 18.04 [Quickstart]
nginx: See Active connections / Connections Per Seconds
HTTPS behind your reverse proxy
Using nginx as HTTP load balancer
Commands
# управление сервисом
sudo systemctl start/stop/restart/status nginx
# проверка синтаксиса конфигурации без перезапуска
sudo nginx -t
# reload configuration without server restart
nginx -s reload
# or
/etc/init.d/nginx reload
nginx.conf
client_max_body_size 100m; - ограничение максимального размера фалов в запросе
Ожидание для проксированных запросов.
location / {
...
proxy_send_timeout 150;
proxy_read_timeout 150;
}
Basic Auth
sudo apt-get install -y apache2-utils
sudo htpasswd -c /etc/nginx/htpasswd.elk kibanauser
location / {
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd.elk;
}
Static Files
https://docs.nginx.com/nginx/admin-guide/web-server/serving-static-content/
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/conf-server;
index index.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location /ds4/ {
autoindex on;
}
}
/var/www/conf-server/
├── ds4
│ └── readme.txt
└── index.html
nginx status
server {
listen 81 default_server;
listen [::]:81 default_server;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
location /nginx_status {
stub_status;
allow 127.0.0.1;
deny all;
}
}
websocket
Рабочая конфигурация centrifugo в проекте example
server {
listen 80;
server_name new.example.com new-api.example.com;
rewrite ^ https://$server_name$request_uri? permanent;
}
server {
listen 443;
ssl on;
server_name new.example.com;
ssl_certificate /etc/nginx/ssl/example.crt;
ssl_certificate_key /etc/nginx/ssl/example.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
error_page 500 502 503 504 /error50x.html;
location = /error50x.html {
root /var/www/errors;
}
}
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream websocket {
server 127.0.0.1:8083;
}
server {
listen 443;
ssl on;
server_name ws.example.com;
ssl_certificate /etc/nginx/ssl/example.crt;
ssl_certificate_key /etc/nginx/ssl/example.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://websocket;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}
}
server {
listen 443;# default_server;
server_name new-api.example.com;
ssl on;
ssl_certificate /etc/nginx/ssl/example.crt;
ssl_certificate_key /etc/nginx/ssl/example.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!aNULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
passenger_enabled on;
passenger_max_request_queue_size 1000;
# passenger_min_instances 3;
# passenger_max_pool_size 10;
rails_env production;
root /var/www/api/current/public;
# redirect server error pages to the static page /50x.html
# error_page 500 502 503 504 /error50x.html;
# location = /error50x.html; {
# root /var/www/errors;
# }
}
}