From Fedora Project Wiki

Revision as of 01:56, 1 September 2014 by Javiertury (talk | contribs)

Nginx is a fast and lightweight web, http load balancer, reverse proxy and http cache server. The main characteristics are efficiency and escalability which makes Nginx suited for both the small and the bussiest servers on the Internet.

Installation

$ su
# yum install nginx

To have the server start at each boot:

# systemctl enable nginx.service

To start the server now:

# systemctl start nginx.service

Configuration

The configuration of nginx is straight forward. The main configuration file is located in /etc/nginx/nginx.conf and is structured in the following way, first there is some very general configuration about nginx itself and an events block which look like this:

user              nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log;
#error_log  /var/log/nginx/error.log  notice;
#error_log  /var/log/nginx/error.log  info;

pid        /var/run/nginx.pid;


events {
   worker_connections  1024;
}

The advised number of processes is the number of cores/threads your cpu has. Remember that you should write a semicolon(;) after each option, except for the blocks themselves.

After that there is one big http block that contains the general configuration related to this protocol. Notice that inside this block there is the following line

    include /etc/nginx/conf.d/*.conf;

which tells us that the rest of the configuration files are going to be in the configuration directory /etc/nginx/conf.d/ and are going to have a .conf extension.

And inside this http block, either in the nginx.conf file itself or included from the configuration directory /etc/nginx/conf.d/ there is one server block per virtual host.

Webserver

Nginx was designed to be a webserver. All you need to create a virtual host is to create a new file in the /etc/nginx/conf.d/ directory with a .conf extension and a server block in it. the server block will be automatically included in the http block.

For example, /etc/nginx/conf.d/myhost.com.conf

server {
	listen 80;
	server_name myhost.com;
	root /var/www/myhost.com/public_html;
	index index.php index.html;
}

TLS/SSL

Nginx uses ngx_http_ssl_module which is based on OpenSSL and at the moment there are no alternatives.

Install an existing certificate

If you already have a certificate generated on another computer, move the certificate and the key file to the correct folder, and ensure their SELinux contexts, ownerships and permissions are correct:

# mv key_file.key /etc/pki/tls/private/myhost.com.key
# restorecon /etc/pki/tls/private/myhost.com.key
# chown root.root /etc/pki/tls/private/myhost.com.key
# chmod 0600 /etc/pki/tls/private/myhost.com.key
# mv certificate.crt /etc/pki/tls/certs/myhost.com.crt
# restorecon /etc/pki/tls/private/myhost.com.crt
# chown root.root /etc/pki/tls/private/myhost.com.crt
# chmod 0600 /etc/pki/tls/private/myhost.com.crt

After this set it up

Generate a new certificate

How to generate a new certificate

Configuring TLS/SSL hosts

Modify inside the server block of a particular virtual host the following lines or add them, so it looks like this:

	listen 443 ssl;
	ssl_certificate /etc/pki/tls/certs/myhost.com.crt
	ssl_certificate_key /etc/pki/tls/private/myhost.com.key