diff options
| author | Silvino Silva <silvino@bk.ru> | 2016-09-27 23:12:55 +0100 |
|---|---|---|
| committer | Silvino Silva <silvino@bk.ru> | 2016-09-28 00:16:21 +0100 |
| commit | 98ae91447d2f29640094398068cca1a884f46d9b (patch) | |
| tree | 5eaa04cb0719157284de67e20d5e9a990387ace7 /tools/nginx.html | |
| parent | 7514d8a93d6c494b58af629f15f688c46de4926c (diff) | |
| download | doc-98ae91447d2f29640094398068cca1a884f46d9b.tar.gz | |
tool ningx revision, added install scripts
Diffstat (limited to 'tools/nginx.html')
| -rw-r--r-- | tools/nginx.html | 175 |
1 files changed, 83 insertions, 92 deletions
diff --git a/tools/nginx.html b/tools/nginx.html index 8fe632e..01c5515 100644 --- a/tools/nginx.html +++ b/tools/nginx.html @@ -7,9 +7,9 @@ <body> <a href="index.html">Tools Index</a> - <h1>1. Nginx</h1> + <h1>Nginx</h1> - <h2 id="install">1.1. Install Nginx</h2> + <h2 id="install">1. Install Nginx</h2> <pre> $ prt-get depinst nginx @@ -21,17 +21,16 @@ UID=xxxxx-xxx-xxx-xxx-xxxxxxxx /srv/www ext4 defaults,nosuid,noexec,nodev,noatime 1 2 </pre> - <p>Remove nginx user or group, system defines www user and group;</p> + <p>Add user nginx to www group;</p> <pre> - # userdel nginx - # groupdel nginx + # usermod -a -G www nginx </pre> - <p>Change default home directory of www user;</p> + <p>Change default home directory of nginx user;</p> <pre> - # usermod -m -d /srv/www www + # usermod -m -d /srv/www nginx </pre> <p>Create configuration directory's for better organization;</p> @@ -42,44 +41,11 @@ $ sudo mkdir /etc/nginx/sites </pre> - <h2 id="logs">1.2. Logs</h2> - - <pre> - $ sudo grep "login" /var/log/nginx/access.log - $ sudo grep "etc/passwd" /var/log/nginx/access.log - $ sudo egrep -i "denied|error|warn" /var/log/nginx/error.log - </pre> - - <h2 id="userdir">1.3. User Directory</h2> - - <p><a href="http://wiki.nginx.org/UserDir">Nginx Wiki UserDir</a></p> - - <pre> - location ~ ^/~(.+?)(/.*)?$ { - alias /home/$1/public_html$2; - index index.html index.htm; - autoindex on; - } - </pre> - - <p>Directories should have 644 or 664 and - files chmod 755 or 775;</p> - - <pre> - $ sudo find . -type f -print0 | xargs -0 chmod 644 - $ sudo find . -type d -print0 | xargs -0 chmod 755 - </pre> - - <h2 id="certs">1.4. Certificates</h2> + <h2 id="certs">2. Certificates</h2> <p>Certificates allow a more secure connection. Lets create self-signed certificate;</p> - <pre> - $ sudo mkdir /etc/nginx/ssl - $ sudo cd /etc/nginx/ssl - </pre> - <p>Create private key;</p> <pre> @@ -112,7 +78,7 @@ Locality Name (eg, city) []: Organization Name (eg, company) [Internet Widgits Pty Ltd]: Organizational Unit Name (eg, section) []: - Common Name (e.g. server FQDN or YOUR name) []:c13.nark.biz.tm + Common Name (e.g. server FQDN or YOUR name) []:core.privat-network.net Email Address []: Please enter the following 'extra' attributes @@ -127,33 +93,31 @@ <pre> $ sudo openssl x509 -req -days 365 -in /etc/ssl/certs/nginx.csr -signkey /etc/ssl/keys/nginx.key -out /etc/ssl/certs/nginx.crt Signature ok - subject=/C=PT/ST=Porto/O=Internet Widgits Pty Ltd/CN=c13.nark.biz.tm + subject=/C=PT/ST=Porto/O=Internet Widgits Pty Ltd/CN=core.privat-network.net Getting Private key Enter pass phrase for /etc/ssl/keys/nginx.key: $ </pre> - <h3>Remove Password</h3> - <p>Having password is a good idea, but requires it every time nginx is restarted. To remove;</p> <pre> - $ sudo cp /etc/ssl/keys/nginx.key /etc/ssl/keys/nginx.key.org - $ sudo openssl rsa -in /etc/ssl/keys/nginx.key.org -out /etc/ssl/keys/nginx.key + $ sudo cp /etc/ssl/keys/nginx.key /etc/ssl/keys/nginx.key.pass + $ sudo openssl rsa -in /etc/ssl/keys/nginx.key.pass -out /etc/ssl/keys/nginx.key Enter pass phrase for /etc/ssl/keys/nginx.key.org: writing RSA key $ </pre> - <h2 id="nginxconf">1.5. Nginx Configuration</h2> + <h2 id="nginxconf">3. Nginx Configuration</h2> - <p><a href="http://wiki.nginx.org/Pitfalls">READ NGINX PITFALLS</a>, + <p>Read <a href="http://wiki.nginx.org/Pitfalls">nginx pitfalls</a>, for more information about optimization <a href="https://www.digitalocean.com/community/tutorials/how-to-optimize-nginx-configuration">digitalocean</a>, <p>Number of worker_processes must be equal or less than - the number of available cpu cores</p> + the number of available cpu cores. This is set to auto.</p> <pre> $ nproc @@ -172,32 +136,26 @@ <pre> # - # /etc/nginx/nginx.conf + # /etc/nginx/nginx.conf - nginx server configuration # - user www; - worker_processes 2; - error_log /var/log/nginx/error.log info; + user nginx; + worker_processes auto; + + error_log /var/log/nginx/error.log; + + pid /var/run/nginx.pid; + events { worker_connections 1024; } - http { - - include /etc/nginx/mime.types; - default_type application/octet-stream; - - sendfile on; - #tcp_nopush on; - #keepalive_timeout 620; - keepalive_timeout 65; - client_body_timeout 12; - client_header_timeout 12; - # send_timeout 620; - send_timeout 65; + http { + include mime.types; + default_type application/octet-stream; ## # SSL Settings @@ -209,25 +167,25 @@ ssl_certificate /etc/ssl/certs/nginx.crt; ssl_certificate_key /etc/ssl/keys/nginx.key; - ## - # Logging Settings - ## #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; - access_log /var/log/nginx/access.log combined; - error_log /var/log/nginx/error.log; + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log - ## - # Gzip Settings - ## + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + client_body_timeout 12; + client_header_timeout 12; + send_timeout 65; - gzip on; - gzip_disable "msie6"; + gzip on; gzip_vary on; - gzip_proxied any; + #gzip_proxied any; gzip_comp_level 9; # gzip_buffers 16 8k; # gzip_http_version 1.1; @@ -245,40 +203,44 @@ include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*.conf; + } - # End of file </pre> + # End of file + </pre> - <h2 id="server">1.6. Server with PHP</h2> + <h2 id="server">4. Server with PHP</h2> - check <a href "../conf/etc/nginx/">configuration directory</a> - for more examples. Install php and composer that is required - by Laravel;</p> + <p>Check <a href="conf/etc/nginx/sites/">/etc/nginx/sites</a> + for more examples.</p> - <h3>1.6.1. Setup PHP</h3> + <h3>4.1. Setup PHP</h3> + + <p> Install php and setup php.ini as development mode;</p> <pre> - $ prt-get depinst php php-fpm php-gd php-pdo-pgsql composer + $ prt-get depinst php php-fpm php-gd </pre> <p>Setup php ini in development mode;<p/> <pre> - $ sudo cp /etc/php/php.ini-development php.ini + $ sudo cp /etc/php/php.ini-development /etc/php/php.ini + </pre> + + <pre> $ php --ini Configuration File (php.ini) Path: /etc/php Loaded Configuration File: /etc/php/php.ini Scan for additional .ini files in: /etc/php/conf.d Additional .ini files parsed: /etc/php/conf.d/extensions.ini, /etc/php/conf.d/pdo_pgsql.ini - - $ </pre> - <h3>1.6.2. Setup Virtual Host</h3> + <h3>4.2. Setup Virtual Host</h3> <p>Server (virtual host) with Laravel, - /etc/nginx/sites/<a href="../conf/etc/nginx/sites/laravel.conf">laravel.conf</a>;</p> + <a href="conf/etc/nginx/sites/laravel.conf">/etc/nginx/sites/laravel.conf</a>;</p> <pre> server { @@ -286,7 +248,7 @@ listen [::]:443 ssl; root /srv/www/atom/public; - server_name c13.nark.biz.tm; + server_name core.privat-network.net; index index.html index.htm index.php; charset utf-8; @@ -299,7 +261,7 @@ location = /robots.txt { access_log off; log_not_found off; } access_log off; - error_log /var/log/nginx/c13-nark-biz-tm-error.log error; + error_log /var/log/nginx/core.privat-network.net-error.log error; sendfile off; @@ -322,6 +284,35 @@ } </pre> + <h2 id="userdir">5. User Directory</h2> + + <p><a href="http://wiki.nginx.org/UserDir">Nginx Wiki UserDir</a></p> + + <pre> + location ~ ^/~(.+?)(/.*)?$ { + alias /home/$1/public_html$2; + index index.html index.htm; + autoindex on; + } + </pre> + + <p>Directories should have 644 or 664 and + files chmod 755 or 775;</p> + + <pre> + $ sudo find . -type f -print0 | xargs -0 chmod 644 + $ sudo find . -type d -print0 | xargs -0 chmod 755 + </pre> + + <h2 id="logs">6. Logs</h2> + + <pre> + $ sudo grep "login" /var/log/nginx/access.log + $ sudo grep "etc/passwd" /var/log/nginx/access.log + $ sudo egrep -i "denied|error|warn" /var/log/nginx/error.log + </pre> + + <a href="index.html">Tools Index</a> <p>This is part of the c9-doc Manual. |