|
Size: 2065
Comment:
|
← Revision 25 as of 2023-08-06 18:16:32 ⇥
Size: 2057
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| = NGINX = | = Nginx = |
| Line 13: | Line 13: |
| Most Linux and BSD distributions offer a `nginx` package. | Most [[Linux]] and [[BSD]] distributions offer a `nginx` package. |
| Line 15: | Line 15: |
| On Ubuntu, to ensure all security patches have been applied, use the upstream PPA. | On [[Linux/Ubuntu|Ubuntu]], to ensure all security patches have been applied, use the upstream PPA. |
| Line 21: | Line 21: |
| }}} === Containers === [[Docker]] container images are also available for the last two versions. The image is available from [[Docker/Hub|DockerHub]] as `docker.io/library/nginx` (or simply `nginx` when using `docker(1)` specifically). Try: {{{ docker run --detach --name my-nginx \ --mount type=bind,src=/path/to/web/root,dst=/usr/share/nginx/html,readonly \ --publish 127.0.0.1:8080:80 \ nginx:latest |
|
| Line 37: | Line 52: |
| === Server blocks === | === Syntax === |
| Line 39: | Line 54: |
| === Location blocks === An example location for a uWSGI (Python) server, such as [[MoinMoinSetup|MoinMoin]]. {{{ location / { include /etc/nginx/uwsgi_params; uwsgi_pass unix:///var/www/my-wsgi-app/my-wsgi-app.sock; } }}} |
* [[Nginx/Location|Location]] * [[Nginx/Http|Http]] * [[Nginx/RewritingAndReturning|Rewriting and Returning]] * [[Nginx/Server|Server]] * [[Nginx/TryFiles|Try Files]] |
| Line 52: | Line 62: |
| === Restricting Access === | === Proxying === |
| Line 54: | Line 64: |
| Access is best restricted by returning error code `444`, which causes the connection to drop without any signalling to the client. | * [[Nginx/FastCGI|FastCGI]] * [[Nginx/Uwsgi|Uwsgi]] |
| Line 56: | Line 67: |
| Best practice is for the default server to deny all requests, ensuring that only known domains are served. | |
| Line 58: | Line 68: |
| {{{ server { listen 80 default_server; server_name _; return 444; } }}} |
|
| Line 66: | Line 69: |
| To deny requests based on the URI, use a location block. | === Advanced Configuration === |
| Line 68: | Line 71: |
| {{{ location ~ ^\.ht { return 444; } }}} To deny requests based on the HTTP method, use a conditional statement. {{{ if ($request_method !~ ^(GET|HEAD|POST)$ ) { return 444; } }}} In all circumstances, conditional statements should be the last resort technique. They can be less than intuitive and difficult to debug. |
* [[Nginx/Authentication|Authentication]] * [[Nginx/ClientCaching|Client Caching]] * [[Nginx/Compression|Compression]] * [[Nginx/Encryption|Encryption]] |
| Line 102: | Line 94: |
| ---- == See also == [[https://man.archlinux.org/man/extra/nginx/nginx.8.en|nginx(8)]] |
Nginx
nginx(8) is a web and proxy server written for modern workloads (chiefly multi-threading).
Contents
Installation
Most Linux and BSD distributions offer a nginx package.
On Ubuntu, to ensure all security patches have been applied, use the upstream PPA.
sudo add-apt-repository ppa:nginx/stable sudo apt update sudo apt install nginx
Containers
Docker container images are also available for the last two versions. The image is available from DockerHub as docker.io/library/nginx (or simply nginx when using docker(1) specifically).
Try:
docker run --detach --name my-nginx \ --mount type=bind,src=/path/to/web/root,dst=/usr/share/nginx/html,readonly \ --publish 127.0.0.1:8080:80 \ nginx:latest
Configuration
To check the configuration of nginx(8), run...
nginx -t
Syntax
Proxying
Advanced Configuration
Restricting Referrers
It is sometimes desirable to block referrals.
valid_referers none blocked server_names
~example\.com;
if ($invalid_referer) {
return 403;
}none matching missing referers ("-"), while blocked matches referers that have been deleted by a firewall.
Literal server names are given with a leading or trailing asterisk (*). Regular expressions are given with a leading tilde (~).