nginx

nginx is a small HTTP server and a proxy server, what we will use for serve static files and proxy dynamic requests.

addgroup --system www-proxy
adduser --disabled-login --shell /bin/false --system --home /var/www --ingroup www-proxy www-proxy

grep www-proxy /etc/passwd >>/usr/local/chroot.web/etc/passwd
grep www-proxy /etc/group >>/usr/local/chroot.web/etc/group

rm /var/www/nginx-default

mkdir -p /var/www/var/lib/nginx/body
mkdir -p /var/www/var/lib/nginx/fastcgi
mkdir -p /var/www/var/lib/nginx/proxy
mkdir -p /var/www/var/log/nginx

chown www-proxy:www-proxy /var/www/var/log/nginx
chmod 0700 /var/www/var/log/nginx

rm -r /var/log/nginx
ln -s /var/www/var/log/nginx /var/log/nginx

/etc/nginx/nginx.conf

user  www-proxy www-proxy;
worker_processes  2;
pid  /var/run/nginx.pid;

error_log  /var/log/nginx/error.log  warn;

events {
    worker_connections  160;
}

http {
    include       /etc/nginx/mime.types;
    include       /etc/nginx/proxy.conf;

    log_format    main '$host $remote_addr - $remote_user [$time_local] $status "$request $connection $request_time" $body_bytes_sent "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';
    access_log    /var/log/nginx/access.log main;

    client_body_timeout  10;
    client_header_timeout  10;

    client_body_temp_path  /tmp 1 2;
    client_body_buffer_size  128k;
    client_max_body_size  8m;

    default_type  text/html;

    keepalive_timeout  60;
    server_names_hash_bucket_size  64;

    sendfile      on;
    tcp_nopush    on;

    gzip             on;
    gzip_min_length  1000;
    gzip_types       text/html text/css text/xml application/x-javascript;

    include  /etc/nginx/sites-enabled/*;
}

/etc/nginx/proxy.conf

proxy_redirect          off;
proxy_set_header        Host            $host;
proxy_set_header        X-Real-IP       $remote_addr;
proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout   60;
proxy_send_timeout      60;
proxy_read_timeout      60;
proxy_buffers           32 4k;

/etc/nginx/deny.conf

    location ~ /\.ht {
        deny  all;
    }
    location ~ /.+\.(inc|conf|cnf) {
        deny  all;
    }

/etc/nginx/sites_available/default

server {
    server_name _ *;
    listen  <server_ip>:80 default;

    access_log  /var/log/nginx/access.log main;

    root  /var/DocRoot/localhost;
    index  index.html index.php;

    location ~ \.php$ {
        proxy_pass  http://127.0.0.1:80;
    }

    include  /etc/nginx/deny.conf;
}

/etc/nginx/sites_available/default_ssl

server {
    server_name _ *;
    listen  <server_ip>:443 default;

    access_log  /var/log/nginx/ssl.log main;

    root  /var/DocRoot/localhost;
    index  index.html index.php;

    location ~ \.php$ {
        proxy_pass  http://127.0.0.1:443;
    }

    include  /etc/nginx/deny.conf;

    ssl  on;
    ssl_certificate  /etc/nginx/ssl/server_cacert.pem;
    ssl_certificate_key  /etc/nginx/ssl/server_privkey.pem;
}

/etc/nginx/sites_available/first

server {
    server_name  first www.first;

    listen  <server_ip>:80;

    access_log  /var/log/nginx/hosts.access.log main;

    location ~* ^/.+\.(ico|css|js|gif|png|xml|rss|txt|swf|avi|mpeg|mpg|wmv)$ {
        root  /var/DocRoot/$host;
    }

    include  /etc/nginx/deny.conf;

    location / {
        proxy_pass  http://127.0.0.1:80;
    }

}

/etc/nginx/sites_available/my_ssl

server {
    server_name  my.first;

    listen  <server_ip>:443;

    access_log  /var/log/nginx/ssl.log main;

    root  /var/DocRoot/$host;
    index  index.html index.php;

    include  /etc/nginx/deny.conf;

    location / {
        auth_basic            "Restricted";
        auth_basic_user_file  /etc/nginx/users.conf;
    }

    location ~ \.php$ {
        proxy_pass  http://127.0.0.1:443;
    }

    ssl  on;
    ssl_certificate  /etc/nginx/ssl/server_cacert.pem;
    ssl_certificate_key  /etc/nginx/ssl/server_privkey.pem;

    location /libraries {
        deny  all;
    }
}

You need some links from /etc/nginx/sites-available to /etc/nginx/sites-enabled.

ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/000-default
ln -s /etc/nginx/sites-available/default_ssl /etc/nginx/sites-enabled/000-default_ssl

/etc/init.d/nginx

# (re) init ramdisks
/etc/init.d/rc.local $1

NEW_ROOT=/var/www

case "$1" in
  start)
        echo -n "Starting $DESC: "
        start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \
                --exec $DAEMON --chroot $NEW_ROOT -- $DAEMON_OPTS
        echo "$NAME."
        ;;
  stop)
        echo -n "Stopping $DESC: "
        start-stop-daemon --stop --quiet --pidfile /var/www/var/run/$NAME.pid \
                --exec $DAEMON --chroot $NEW_ROOT
        echo "$NAME."
        ;;
  restart|force-reload)
        echo -n "Restarting $DESC: "
        start-stop-daemon --stop --quiet --pidfile \
                /var/www/var/run/$NAME.pid --exec $DAEMON --chroot $NEW_ROOT
        sleep 1
        start-stop-daemon --start --quiet --pidfile \
                /var/run/$NAME.pid --exec $DAEMON --chroot $NEW_ROOT -- $DAEMON_OPTS
        echo "$NAME."
        ;;
  reload)
      echo -n "Reloading $DESC configuration: "
      start-stop-daemon --stop --signal HUP --quiet --pidfile /var/www/var/run/$NAME.pid \
          --exec $DAEMON --chroot $NEW_ROOT
      echo "$NAME."
      ;;
  *)
        N=/etc/init.d/$NAME
        echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
        exit 1
        ;;
esac

/etc/logrotate.d/nginx

        postrotate
                [ ! -f /var/www/var/run/nginx.pid ] || kill -USR1 `cat /var/www/var/run/nginx.pid`
        endscript



http://wiki.nginx.org//Main

 
Logged in as: Oszkár Kmetti
web/proxy.txt · Last modified: 2009.03.31 11:33 by oszi
 
Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki