|
Size: 4446
Comment:
|
← Revision 25 as of 2023-08-06 18:16:32 ⇥
Size: 2057
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| = NGINX = | = Nginx = |
| Line 13: | Line 13: |
| Most Linux and BSD distributions offer a `nginx` package. | Most [[Linux]] and [[BSD]] distributions offer a `nginx` package. |
| Line 15: | Line 15: |
| On Ubuntu, to ensure all security patches have been applied, use the upstream PPA. | On [[Linux/Ubuntu|Ubuntu]], to ensure all security patches have been applied, use the upstream PPA. |
| Line 21: | Line 21: |
| }}} === Containers === [[Docker]] container images are also available for the last two versions. The image is available from [[Docker/Hub|DockerHub]] as `docker.io/library/nginx` (or simply `nginx` when using `docker(1)` specifically). Try: {{{ docker run --detach --name my-nginx \ --mount type=bind,src=/path/to/web/root,dst=/usr/share/nginx/html,readonly \ --publish 127.0.0.1:8080:80 \ nginx:latest |
|
| Line 37: | Line 52: |
| === Server blocks === | === Syntax === |
| Line 39: | Line 54: |
| Servers listen on one or more addresses and ports, specified on the `listen` directive. If the address is left off, `nginx(8)` listens on all addresses for that server. Servers can share addresses and/or ports. If `nginx(8)` receives a request, it is routed between the listening servers based on the ''domain name''. Each server is meant to represent a single web domain, which should be specified on the `server_name` directive. If a server needs to respond as any domain, enter `_` as the name. If no server name matches, the request is routed to the ''default server'', which is marked by the `default_server` option on the `listen` directive. `nginx(8)` requires one (and only one) server be marked as default. Typically, the default server is configured with a server name of `_` and returns error 444 to all requests. {{{ server { listen 80 default_server; server_name _; return 444; } server { listen 80; server_name example.com; root /var/www; location / { try_files $uri $uri/ /index.html; } } }}} |
* [[Nginx/Location|Location]] * [[Nginx/Http|Http]] * [[Nginx/RewritingAndReturning|Rewriting and Returning]] * [[Nginx/Server|Server]] * [[Nginx/TryFiles|Try Files]] |
| Line 68: | Line 62: |
| === Locations === | === Proxying === |
| Line 70: | Line 64: |
| Generally, locations map to the local file system. The `try_files` directive checks if a file exists, and will return an error otherwise. {{{ root /var/www; location / { try_files $uri $uri/ /index.html; } location /static/ { root /usr/local/share/myapp; } location /robots.txt { root /var/www; } }}} These '''prefix locations''' can be nested, and `nginx(8)` will serve the location with the longest matching prefix. As noted below, regular expression locations will take priority over prefix locations. Try `location ^~ /static` to override this. |
* [[Nginx/FastCGI|FastCGI]] * [[Nginx/Uwsgi|Uwsgi]] |
| Line 94: | Line 69: |
| ==== Regular Expression Locations ==== | === Advanced Configuration === |
| Line 96: | Line 71: |
| Regular expression locations are checked in the order they appear in the server block, and the first match is served. {{{ location ~* /images/ { # This operator is case sensitive } location ~* /Images/ { # This operator is case insensitive } }}} These locations take priority over prefix locations, except for those using the `^~` operator. ==== Exact Locations ==== `=` is a short circuit operator. If a request matches an exact location ''exactly'', `nginx(8)` immediately serves it. This is mainly useful for the root index. {{{ location = / { try_files $uri $uri/ /index.html; } }}} ==== Named Locations ==== Named locations, which are identified by the `@` prefix, do not map to directories. Named locations cannot ''be'' nested and cannot ''contain'' nested locations. These locations are used for routing. {{{ try_files $uri @uwsgi; location @uwsgi { include /etc/nginx/uwsgi_params; uwsgi_pass unix:///var/www/my-wsgi-app/my-wsgi-app.sock; } }}} === Encryption === See [[NGINX/SSL|here]] for details. === Authentication === === Restricting Access === To deny requests based on the URI, use a location block. {{{ location ~ ^\.ht { return 444; } }}} To deny requests based on the HTTP method, use a conditional statement. {{{ if ($request_method !~ ^(GET|HEAD|POST)$ ) { return 444; } }}} In all circumstances, conditional statements should be the last resort technique. They can be less than intuitive and difficult to debug. |
* [[Nginx/Authentication|Authentication]] * [[Nginx/ClientCaching|Client Caching]] * [[Nginx/Compression|Compression]] * [[Nginx/Encryption|Encryption]] |
| Line 186: | Line 94: |
=== FastCGI === See [[NGINX/FastCGI|here]] for details. |
---- |
| Line 194: | Line 98: |
| === UWSGI === | == See also == |
| Line 196: | Line 100: |
| See [[NGINX/UWSGI|here]] for details. | [[https://man.archlinux.org/man/extra/nginx/nginx.8.en|nginx(8)]] |
Nginx
nginx(8) is a web and proxy server written for modern workloads (chiefly multi-threading).
Contents
Installation
Most Linux and BSD distributions offer a nginx package.
On Ubuntu, to ensure all security patches have been applied, use the upstream PPA.
sudo add-apt-repository ppa:nginx/stable sudo apt update sudo apt install nginx
Containers
Docker container images are also available for the last two versions. The image is available from DockerHub as docker.io/library/nginx (or simply nginx when using docker(1) specifically).
Try:
docker run --detach --name my-nginx \ --mount type=bind,src=/path/to/web/root,dst=/usr/share/nginx/html,readonly \ --publish 127.0.0.1:8080:80 \ nginx:latest
Configuration
To check the configuration of nginx(8), run...
nginx -t
Syntax
Proxying
Advanced Configuration
Restricting Referrers
It is sometimes desirable to block referrals.
valid_referers none blocked server_names
~example\.com;
if ($invalid_referer) {
return 403;
}none matching missing referers ("-"), while blocked matches referers that have been deleted by a firewall.
Literal server names are given with a leading or trailing asterisk (*). Regular expressions are given with a leading tilde (~).