Go back to the ⬆ Table of Contents or ⬆ What's next? section.
-
Remember to make a copy of the current configuration and all files/directories.
This chapter is still work in progress.
I used step-by-step tutorial from this handbook Installing from source.
I used Google Cloud instance with following parameters:
ITEM | VALUE | COMMENT |
---|---|---|
VM | Google Cloud Platform | |
vCPU | 2x | |
Memory | 4096MB | |
HTTP | Varnish on port 80 | |
HTTPS | NGINX on port 443 |
This chapter describes the basic configuration of my proxy server (for blkcipher.info domain).
Configuration is based on the installation from source chapter. If you go through the installation process step by step you can use the following configuration (minor adjustments may be required).
It's very simple - clone the repo, backup your current configuration and perform full directory sync:
git clone https://github.com/trimstray/nginx-admins-handbook
tar czvfp ~/nginx.etc.tgz /etc/nginx && mv /etc/nginx /etc/nginx.old
rsync -avur lib/nginx/ /etc/nginx/
If you compiled NGINX from source you should also update/refresh modules. All compiled modules are stored in
/usr/local/src/nginx-${ngx_version}/master/objs
and installed in accordance with the value of the--modules-path
variable.
cd /etc/nginx
find . -depth -not -path '*/\.git*' -name '*192.168.252.2*' -execdir bash -c 'mv -v "$1" "${1//192.168.252.2/xxx.xxx.xxx.xxx}"' _ {} \;
cd /etc/nginx
find . -not -path '*/\.git*' -type f -print0 | xargs -0 sed -i 's/192.168.252.2/xxx.xxx.xxx.xxx/g'
cd /etc/nginx
find . -not -path '*/\.git*' -depth -name '*blkcipher.info*' -execdir bash -c 'mv -v "$1" "${1//blkcipher.info/example.com}"' _ {} \;
cd /etc/nginx
find . -not -path '*/\.git*' -type f -print0 | xargs -0 sed -i 's/blkcipher_info/example_com/g'
find . -not -path '*/\.git*' -type f -print0 | xargs -0 sed -i 's/blkcipher.info/example.com/g'
cd /etc/nginx/master/_server/localhost/certs
# Private key + Self-signed certificate:
( _fd="localhost.key" ; _fd_crt="nginx_localhost_bundle.crt" ; \
openssl req -x509 -newkey rsa:2048 -keyout ${_fd} -out ${_fd_crt} -days 365 -nodes \
-subj "/C=X0/ST=localhost/L=localhost/O=localhost/OU=X00/CN=localhost" )
cd /etc/nginx/master/_server/defaults/certs
# Private key + Self-signed certificate:
( _fd="defaults.key" ; _fd_crt="nginx_defaults_bundle.crt" ; \
openssl req -x509 -newkey rsa:2048 -keyout ${_fd} -out ${_fd_crt} -days 365 -nodes \
-subj "/C=X1/ST=default/L=default/O=default/OU=X11/CN=default_server" )
cd /etc/nginx/master/_server/example.com/certs
# For multidomain:
certbot certonly -d example.com -d www.example.com --rsa-key-size 2048
# For wildcard:
certbot certonly --manual --preferred-challenges=dns -d example.com -d *.example.com --rsa-key-size 2048
# Copy private key and chain:
cp /etc/letsencrypt/live/example.com/fullchain.pem nginx_example.com_bundle.crt
cp /etc/letsencrypt/live/example.com/privkey.pem example.com.key
Update modules list and include modules.conf
to your configuration:
_mod_dir="/etc/nginx/modules"
:>"${_mod_dir}.conf"
for _module in $(ls "${_mod_dir}/") ; do echo -en "load_module\t\t${_mod_dir}/$_module;\n" >> "${_mod_dir}.conf" ; done
In the example (
lib/nginx
) error pages are included fromlib/nginx/master/_static/errors.conf
file.
- default location:
/etc/nginx/html
:50x.html index.html
- custom location:
/usr/share/www
:cd /etc/nginx/snippets/http-error-pages ./httpgen # You can also sync sites/ directory with /etc/nginx/html: # rsync -var sites/ /etc/nginx/html/ rsync -var sites/ /usr/share/www/
# At the end of the file (in 'IPS/DOMAINS' section):
include /etc/nginx/master/_server/domain.com/servers.conf;
include /etc/nginx/master/_server/domain.com/backends.conf;
cd /etc/nginx/master/_server
cp -R example.com domain.com
cd domain.com
find . -not -path '*/\.git*' -depth -name '*example.com*' -execdir bash -c 'mv -v "$1" "${1//example.com/domain.com}"' _ {} \;
find . -not -path '*/\.git*' -type f -print0 | xargs -0 sed -i 's/example_com/domain_com/g'
find . -not -path '*/\.git*' -type f -print0 | xargs -0 sed -i 's/example.com/domain.com/g'
mkdir -p /var/log/nginx/localhost
mkdir -p /var/log/nginx/defaults
mkdir -p /var/log/nginx/others
mkdir -p /var/log/nginx/domains/blkcipher.info
chown -R nginx:nginx /var/log/nginx
cp /etc/nginx/snippets/logrotate.d/nginx /etc/logrotate.d/
nginx -t -c /etc/nginx/nginx.conf