Differences between revisions 23 and 27 (spanning 4 versions)
Revision 23 as of 2023-04-24 17:55:48
Size: 2452
Editor: DominicRicottone
Comment:
Revision 27 as of 2025-12-19 21:39:53
Size: 1972
Editor: DominicRicottone
Comment: Pruning dead links
Deletions are marked like this. Additions are marked like this.
Line 15: Line 15:
On [[Linux/Ubuntu|Ubuntu]], to ensure all security patches have been applied, use the upstream PPA. On Ubuntu, to ensure all security patches have been applied, use the upstream PPA.
Line 55: Line 55:
 * [[Nginx/Http|Http]]
 * [[Nginx/RewritingAndReturning|RewritingAndReturning]]		  * [[Nginx/RewritingAndReturning|Rewriting and Returning]]
Line 71: Line 70:
 * [[Nginx/Authentication|Authentication]]  * [[Nginx/ClientCaching|Client Caching]]
Line 74: Line 73:



=== Restricting Access ===

To deny requests based on the URI, use a location block.

{{{
location ~ ^\.ht {
    return 444;
}
}}}

To deny requests based on the HTTP method, use a conditional statement.

{{{
if ($request_method !~ ^(GET|HEAD|POST)$ ) {
    return 444;
}
}}}

In all circumstances, conditional statements should be the last resort technique. They can be less than intuitive and difficult to debug.

Nginx

nginx(8) is a web and proxy server written for modern workloads (chiefly multi-threading).

Contents

  1. Nginx
    1. Installation
      1. Containers
    2. Configuration
      1. Syntax
      2. Proxying
      3. Advanced Configuration
      4. Restricting Referrers
    3. See also

Installation

Most Linux and BSD distributions offer a nginx package.

On Ubuntu, to ensure all security patches have been applied, use the upstream PPA. 

sudo add-apt-repository ppa:nginx/stable
sudo apt update
sudo apt install nginx

Containers

Docker container images are also available for the last two versions. The image is available from DockerHub as docker.io/library/nginx (or simply nginx when using docker(1) specifically).

Try: 

docker run --detach --name my-nginx \
  --mount type=bind,src=/path/to/web/root,dst=/usr/share/nginx/html,readonly \
  --publish 127.0.0.1:8080:80 \
  nginx:latest

Configuration

To check the configuration of nginx(8), run... 

nginx -t

Syntax

Proxying

Advanced Configuration

Restricting Referrers

It is sometimes desirable to block referrals. 

valid_referers none blocked server_names
               ~example\.com;
if ($invalid_referer) {
    return 403;
}

none matching missing referers ("-"), while blocked matches referers that have been deleted by a firewall.

Literal server names are given with a leading or trailing asterisk (*). Regular expressions are given with a leading tilde (~).

See also

nginx(8)

CategoryRicottone

Nginx (last edited 2025-12-19 21:39:53 by DominicRicottone)