NGINX

De $1

reparation-ordinateur-pc-mac02_small50.pngInstallation sur ubuntu 8.04 serveur LTS

apt-get install nginx

 

Fichier /sites-available/default

# You may add here your
# server {
# ...
# }
# statements for each of your virtual hosts

server {
listen   80;
server_name  localhost;

access_log  /var/log/nginx/localhost.access.log;

location / {
  root   /var/www/nginx-default;
  index  index.html index.htm;
}

#error_page  404  /404.html;

# redirect server error pages to the static page /50x.html
#
error_page   500 502 503 504  /50x.html;
location = /50x.html {
  root   /var/www/nginx-default;
}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
  #proxy_pass   http://127.0.0.1;
#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
  #fastcgi_pass   127.0.0.1:9000;
  #fastcgi_index  index.php;
  #fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
  #includefastcgi_params;
#}

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
  #deny  all;
#}
}

# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
#listen   8000;
#listen   somename:8080;
#server_name  somename  alias  another.alias;

#location / {
#root   html;
#index  index.html index.htm;
#}
#}

server {

            listen   80;
            server_name  test.domaine.ext;

            access_log  /var/log/nginx/test.domaine.ext.access.log;
            error_log /var/log/nginx/test.domaine.ext.errors.log;

            location / {
            proxy_pass      http://XXX.XXX.XXX.XXX/;
            add_header      Cache-Control public;
            include         /etc/nginx/proxy.conf;

           }

    }


# HTTPS server
#
#server {
#listen   443;
#server_name  localhost;

#ssl  on;
#ssl_certificate  cert.pem;
#ssl_certificate_key  cert.key;

#ssl_session_timeout  5m;

#ssl_protocols  SSLv2 SSLv3 TLSv1;
#ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
#ssl_prefer_server_ciphers   on;

#location / {
#root   html;
#index  index.html index.htm;
#}
#}

Fichier proxy.conf

proxy_redirect          off;
proxy_set_header        Host            $host;
proxy_set_header        X-Real-IP       $remote_addr;
proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size    10m;
client_body_buffer_size 128k;
proxy_connect_timeout   90;
proxy_send_timeout      90;
proxy_read_timeout      90;
proxy_buffers           32 4k;

 

nginx could not build the server names hash

 

Rajouter dans le fichier /etc/nginx/nginx.conf la ligne :

    server_names_hash_bucket_size  256;

Redémarrer nginx

 

Redirect dans le fichier index.html

<!DOCTYPE html>

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr-FR" lang="fr-FR">

<head>

<meta charset="UTF-8" />

<meta http-equiv="Refresh" content="0; url=http://mon_site.com" />

<title>Welcome</title>

</head>


<body bgcolor="white" text="black">

</body>

</html>

 

 

reparation-ordinateur-pc-mac02_small50.pngConfigurer le SSL sur Nginx

 

# cd /usr/local/nginx/conf

# mkdir ssl

# cd ssl

 

# openssl genrsa -des3 -out nixcraft.in.key 1024

# openssl req -new -key nixcraft.in.key -out nixcraft.in.csr

 

# cp nixcraft.in.key nixcraft.in.key.bak

# openssl rsa -in nixcraft.in.key.bak -out nixcraft.in.key

 

# openssl x509 -req -days 365 -in nixcraft.in.csr -signkey nixcraft.in.key -out nixcraft.in.crt

 

# ssh root@lb1 mkdir /usr/local/ngnix/conf/ssl

# rsync -av /usr/local/ngnix/conf/ssl/* root@lb1:/usr/local/ngnix/conf/ssl/

 

# vi /usr/local/ngnix/conf/nginx.conf


 

server {
	### server port and name ###
        listen          443 ssl;
        server_name     nixcraft.in;
 
	### SSL log files ###
        access_log      logs/ssl-access.log;
        error_log       logs/ssl-error.log;
 
	### SSL cert files ###
        ssl_certificate      ssl/nixcraft.in.crt;
        ssl_certificate_key  ssl/nixcraft.in.key;
	### Add SSL specific settings here ###
        keepalive_timeout    60;
 
	###  Limiting Ciphers ########################
        # Uncomment as per your setup
	#ssl_ciphers HIGH:!ADH;
        #ssl_perfer_server_ciphers on;
        #ssl_protocols SSLv3;
        ##############################################
	### We want full access to SSL via backend ###
     	location / {
	        proxy_pass  http://nixcraft;
		### force timeouts if one of backend is died ##
        	proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
 
		### Set headers ####
        	proxy_set_header Host $host;
        	proxy_set_header X-Real-IP $remote_addr;
	        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 
		### Most PHP, Python, Rails, Java App can use this header ###
        	proxy_set_header X-Forwarded-Proto https;
 
		### By default we don't want to redirect it ####
	        proxy_redirect     off;
      }
 

 

 

# /usr/local/nginx/sbin/nginx -t  # /usr/local/nginx/sbin/nginx -s reload

 

 

 

Exemple de fichier conf

server {
        listen   443;
        server_name  monsite.org;

        access_log  /var/log/nginx/monsite.access.log;
    	error_log /var/log/nginx/monsite.errors.log;

ssl  on;
ssl_certificate  ssl/monsite.crt;
ssl_certificate_key  ssl/monsite.key;

ssl_session_timeout  5m;

ssl_protocols  SSLv2 SSLv3 TLSv1;
ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers   on;


        location / {
                proxy_pass      http://XXX.XXX.XXX.XXX/;
                add_header      Cache-Control public;
                include         /etc/nginx/proxy.conf;
        }
}
 

 howto05_small.pngVous en pensez quoi ?


 

 

 

 

 

Enrichissez Yakakliker en y contribuant vous aussi.

 
Images (0)
 
Commentaires (2)
Affichage de 2 commentaires sur 2: voir tout
How Do I Cache Common Files?

Edit nginx.conf and add as follows to cache common files:

location ~* \.(jpg|png|gif|jpeg|css|js|mp3|wav|swf|mov|doc|pdf|xls|ppt|docx|pptx|xlsx)$ {
proxy_buffering on;
proxy_cache_valid 200 120m;
expires 864000;
}
Save and close the file. Reload nginx:
# nginx -s reload
Posté 10:07, 19 Mai 2012
http://www.cmdln.org/2009/07/12/transparent_dynamic-reverse-proxy-with-nginx/
Posté 11:59, 6 Fév 2015
Affichage de 2 commentaires sur 2: voir tout
Vous devez être connecté pour poster un commentaire.