|
Size: 2065
Comment:
|
Size: 2394
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| = NGINX = | = Nginx = |
| Line 13: | Line 13: |
| Most Linux and BSD distributions offer a `nginx` package. | Most [[Linux]] and [[BSD]] distributions offer a `nginx` package. |
| Line 15: | Line 15: |
| On Ubuntu, to ensure all security patches have been applied, use the upstream PPA. | On [[Linux/Ubuntu|Ubuntu]], to ensure all security patches have been applied, use the upstream PPA. |
| Line 21: | Line 21: |
| }}} === Containers === [[Docker]] container images are also available for the last two versions. The image is available from [[Docker/Hub|DockerHub]] as `docker.io/library/nginx` (or simply `nginx` when using `docker(1)` specifically). Try: {{{ docker run --detach --name my-nginx \ --mount type=bind,src=/path/to/web/root,dst=/usr/share/nginx/html,readonly \ --publish 127.0.0.1:8080:80 \ nginx:latest |
|
| Line 37: | Line 52: |
| === Server blocks === | === Syntax === |
| Line 39: | Line 54: |
| === Location blocks === | * [[Nginx/Location|Location]] * [[Nginx/Http|Http]] * [[Nginx/Server|Server]] * [[Nginx/TryFiles|Try Files]] |
| Line 41: | Line 59: |
| An example location for a uWSGI (Python) server, such as [[MoinMoinSetup|MoinMoin]]. | |
| Line 43: | Line 60: |
| {{{ location / { include /etc/nginx/uwsgi_params; uwsgi_pass unix:///var/www/my-wsgi-app/my-wsgi-app.sock; } }}} |
=== Proxying === * [[Nginx/FastCGI|FastCGI]] * [[Nginx/Uwsgi|Uwsgi]] === Advanced Configuration === * [[Nginx/Authentication|Authentication]] * [[Nginx/Compression|Compression]] * [[Nginx/Encryption|Encryption]] |
| Line 53: | Line 77: |
Access is best restricted by returning error code `444`, which causes the connection to drop without any signalling to the client. Best practice is for the default server to deny all requests, ensuring that only known domains are served. {{{ server { listen 80 default_server; server_name _; return 444; } }}} |
|
| Line 102: | Line 114: |
| ---- == See also == [[https://man.archlinux.org/man/extra/nginx/nginx.8.en|nginx(8)]] |
Nginx
nginx(8) is a web and proxy server written for modern workloads (chiefly multi-threading).
Contents
Installation
Most Linux and BSD distributions offer a nginx package.
On Ubuntu, to ensure all security patches have been applied, use the upstream PPA.
sudo add-apt-repository ppa:nginx/stable sudo apt update sudo apt install nginx
Containers
Docker container images are also available for the last two versions. The image is available from DockerHub as docker.io/library/nginx (or simply nginx when using docker(1) specifically).
Try:
docker run --detach --name my-nginx \ --mount type=bind,src=/path/to/web/root,dst=/usr/share/nginx/html,readonly \ --publish 127.0.0.1:8080:80 \ nginx:latest
Configuration
To check the configuration of nginx(8), run...
nginx -t
Syntax
Proxying
Advanced Configuration
Restricting Access
To deny requests based on the URI, use a location block.
location ~ ^\.ht {
return 444;
}To deny requests based on the HTTP method, use a conditional statement.
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
return 444;
}In all circumstances, conditional statements should be the last resort technique. They can be less than intuitive and difficult to debug.
Restricting Referrers
It is sometimes desirable to block referrals.
valid_referers none blocked server_names
~example\.com;
if ($invalid_referer) {
return 403;
}none matching missing referers ("-"), while blocked matches referers that have been deleted by a firewall.
Literal server names are given with a leading or trailing asterisk (*). Regular expressions are given with a leading tilde (~).