Tuesday, 11 November 2014

General Nginx configuration

1. Create folders structure and nginx itself:

/etc/nginx
---sites-available
---sites-enabled
nginx.conf
...

  • create config for specific site in sites-available (.. example.com.conf )
  • create in  sites-enabled symbolic link to example.com.conf   
          -ln -s /etc/nginx/sites-available/example.com.conf  /etc/nginx/sites-enabled/example.com.conf
  •  In nginx.conf add import to configs from sites-enabled: ... include /etc/nginx/sites-enabled/*.conf;
2.  Change nginx.conf file with configured compression and buffers:

       

user  nginx;
worker_processes  4;
worker_rlimit_nofile 100000;

pid        /var/run/nginx.pid;


events {
    worker_connections  50000;
    use epoll;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
 keepalive_requests 0;
 log_format  main  '"$time_iso8601","$remote_addr","$host","$request","$status",'
      '"$bytes_sent","$http_user_agent","$http_range",'
      '"$sent_http_accept_ranges","$sent_http_content_range",'
      '"$http_referer","$http_x_forwarded_for","$geoip_country_code"';
           
 geoip_country /usr/share/GeoIP/GeoIP.dat;

    access_log  /var/log/nginx/nginx-access.log  main  buffer=128k;
 error_log   /var/log/nginx/nginx-error.log;
  
 proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=defender-cache:1200m max_size=500000m inactive=600m;
 
  sendfile                on;
  tcp_nopush              on;
  tcp_nodelay             on;
  server_tokens           off;    

 ## Caching files
  open_file_cache       max=200000 inactive=20s;
  open_file_cache_valid      30s;
  open_file_cache_min_uses     2;
  open_file_cache_errors      on;

 ## Size Limits
  client_body_buffer_size         640k;
  client_header_buffer_size       640k;
  client_max_body_size            8G;
  large_client_header_buffers    6 6k;
  connection_pool_size           2048;
  request_pool_size               16k;
  server_names_hash_bucket_size   256;
  variables_hash_bucket_size    512;
  fastcgi_buffers         8192 128k;  
  proxy_buffers          8 512k;
  proxy_buffer_size        512k;
  fastcgi_buffer_size       128k;
  fastcgi_busy_buffers_size    256k;
  fastcgi_temp_file_write_size   256k;
  fastcgi_intercept_errors     off;

 ## Timeouts
  client_body_timeout             10s;
  client_header_timeout           10s;
  keepalive_timeout               10s;
  send_timeout                    10s;
  fastcgi_send_timeout            10s;
  fastcgi_read_timeout            10s;
  fastcgi_connect_timeout         10s;

 ## Compression
  gzip                     on;
  gzip_buffers             16 8k;
  gzip_comp_level          9;
  gzip_http_version        1.1;
  gzip_min_length          10;
  gzip_types               text/plain text/css application/javascript image/png image/gif image/jpeg application/x-javascrip text/xml application/xml;
  gzip_vary                on;
  gzip_static              on;
  gzip_proxied             any;
  gzip_disable             "MSIE [1-6]\.";

  
    index  index.php index.html index.htm;
        include /etc/nginx/conf.d/*.conf;
 
  include /etc/nginx/sites-enabled/*.conf;
}

       
 

How To Set Up HTTP Authentication With Nginx

printf "USER:$(openssl passwd -crypt PASSWORD)\n" >> .htpasswd
Replace USER and PASSWORD for your user and password 

Your nginx configuration file for the website should be under /etc/nginx/sites-available/. Add the two entries below under for the domain path that you want to secure.
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/.htpasswd;
The second line is the location of the htpasswd file for your website.

No comments:

Post a Comment