Difference between revisions of "/etc/nginx/nginx.conf"

From wikieduonline
Jump to navigation Jump to search
Tags: Mobile web edit, Mobile edit
 
(16 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[[wikipedia:Nginx]] [[web server]] that was written in 2004 as an alternative to popular [[Apache]] [[web server]].
+
[[Nginx]]
  
* Official documentation: https://nginx.org/en/docs/
+
* <code>[[/etc/nginx/]]nginx.conf</code>
* Configuration Files:
+
* <code>[[/etc/nginx/sites-enabled/default]]</code>
:<code>/etc/nginx/[[nginx.conf]]</code>
+
* <code>[[/etc/nginx/fastcgi.conf]]</code>
:<code>/etc/nginx/conf.d/[[default.conf]]</code>
 
:<code>/etc/nginx/sites-enabled</code>
 
  
[[Nginx logs]] (See also [[Nginx change log]])
 
* Error log file: <code>/var/log/nginx/[[error.log (Nginx)|error.log]]</code>
 
* Access log file: <code>/var/log/nginx/access.log</code>
 
* [[Logrotate]]: <code>/etc/logrotate.d/nginx</code>
 
* <code>[[journalctl]] -u nginx</code>
 
::<code> journalctl -u nginx | grep [[emerg]]</code>
 
  
== Installation ==
+
== Default [[Ubuntu 20.04]] ==
[[Ubuntu]]
 
apt install [[nginx-light]]
 
[[systemctl status]] nginx
 
[[/var]]/www/html/
 
  
[[Docker Nginx]] https://hub.docker.com/_/nginx
+
cat  /etc/nginx/nginx.conf | grep -v "#" | grep .
 +
user [[www-data]];
 +
worker_processes auto;
 +
pid /run/nginx.pid;
 +
include /etc/nginx/modules-enabled/*.conf;
 +
events {
 +
        worker_connections 768;
 +
}
 +
http {
 +
        sendfile on;
 +
        tcp_nopush on;
 +
        tcp_nodelay on;
 +
        keepalive_timeout 65;
 +
        types_hash_max_size 2048;
 +
        include /etc/nginx/mime.types;
 +
        default_type application/octet-stream;
 +
        ssl_prefer_server_ciphers on;
 +
        access_log /var/log/nginx/access.log;
 +
        error_log /var/log/nginx/error.log;
 +
        gzip on;
 +
        include /etc/nginx/conf.d/*.conf;
 +
        include [[/etc/nginx/sites-enabled/]]*;
 +
}
  
== [[Nginx Sample Configurations]] ==
+
* Related: <code>[[/etc/nginx/sites-enabled/default]]</code>
  
== Features ==
+
== Default Ubuntu ==
Nginx can be deployed to serve dynamic [[HTTP]] content on the network using [[FastCGI]], [[SCGI]] handlers for [[scripting language|scripts]], [[Web Server Gateway Interface|WSGI]] application servers or [[Phusion Passenger]] modules, and it can serve as a software [[load balancer]].<ref name="Kleinman" />
 
  
Nginx uses an [[asynchronous system|asynchronous]] [[event (computing)|event-driven]] approach, rather than threads, to handle requests.<ref name="Welcome" /> Nginx's modular [[event-driven architecture]] can provide more predictable performance under high loads.<ref name="aosabook" /><ref name="Configuration" />
 
  
Nginx default configuration file is <code>nginx.conf</code>.<ref name="Beginner" />
+
<pre>
 +
user www-data;
 +
worker_processes auto;
 +
pid /run/nginx.pid;
 +
include /etc/nginx/modules-enabled/*.conf;
  
=== HTTP proxy and Web server features ===
+
events {
* Ability to handle [[c10k problem|more than 10,000 simultaneous connections]] with a low memory footprint (~2.5&nbsp;MB per 10k inactive [[HTTP persistent connection|HTTP keep-alive connections]])
+
worker_connections 768;
* Handling of static files, index files and auto-indexing
+
# multi_accept on;
* [[Reverse proxy]] with caching<ref>https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/</ref> (<code>[[proxy_pass]]</code> [[directive]]) (Do not support [[proxy]] <ref>https://serverfault.com/a/298401</ref>)
+
}
* [[Load balancer|Load balancing]] with in-band health checks<ref name="Load balancing" /> (<code>[[upstream]]</code> directive)
 
* [[TLS]]/[[SSL]] with [[Server Name Indication|SNI]] and [[OCSP stapling]] support, via [[OpenSSL]]
 
* [[FastCGI]], [[SCGI]], [[uWSGI]] support with caching
 
* [[gRPC]] support since March 2018, version 1.13.10.<ref>https://www.nginx.com/blog/nginx-1-13-10-grpc/</ref>
 
* Name- and IP address-based virtual servers
 
* [[IPv6]]-compatible
 
* [[WebSocket]]s since 1.3.13,<ref>http://nginx.org/en/docs/http/websocket.html</ref><ref>https://nginx.org/en/docs/http/websocket.html</ref> including acting as a reverse proxy and do load balancing of WebSocket applications.<ref>https://www.nginx.com/blog/websocket-nginx/</ref>
 
* [[HTTP/1.1 Upgrade header|HTTP/1.1 Upgrade (101 Switching Protocols)]],<ref name="101 Switching Protocols" /> [[HTTP/2]] protocol support
 
* [[rewrite engine|URL rewriting]] and [[URL redirection|redirection]]<ref name="mdoc-intro" /><ref name="mdoc" />
 
  
=== Mail proxy features ===
+
http {
* [[Transport Layer Security|TLS/SSL]] support
 
* [[STARTTLS]] support
 
* [[SMTP]],<ref>https://docs.nginx.com/nginx/admin-guide/mail-proxy/mail-proxy/</ref> [[POP3]], and [[IMAP]] [[Proxy server|proxy]]
 
* Requires Authentication using an external HTTP server or by an authentication script<ref name="Authentication" /><ref>https://docs.nginx.com/nginx/admin-guide/mail-proxy/mail-proxy/#mail_auth</ref>
 
  
Other features include upgrading executable and configuration without client connections loss,<ref name="Controlling nginx" /> and a module-based architecture with both core<ref name="documentation" /> and third-party module support.<ref name="3rdPartyModules" />
+
##
 +
# Basic Settings
 +
##
  
The paid [[Nginx]] Plus product includes additional features such as advanced [[load balancing]] and access to an expanded suite of metrics for performance monitoring.<ref name="Plus metrics" /><ref name="Plus load balancing" />
+
sendfile on;
 +
tcp_nopush on;
 +
tcp_nodelay on;
 +
keepalive_timeout 65;
 +
types_hash_max_size 2048;
 +
# server_tokens off;
  
== Linux Nginx Operation on [[systemd]] distributions ==
+
# server_names_hash_bucket_size 64;
* Verify/Test Configuration: <code>[[nginx -t]]</code>
+
# server_name_in_redirect off;
* Status: <code>[[systemctl]] status nginx</code>
 
* Start: <code>systemctl start nginx</code>
 
* Stop: <code>systemctl stop nginx</code>
 
* Restart: <code>systemctl restart nginx</code> (See also: <code>[[nginx -t]]</code>)
 
  
== Activities ==
+
include /etc/nginx/mime.types;
* [[Track Application Response time in Nginx]]
+
default_type application/octet-stream;
* Enable status page in [[Nginx]] to get information about active connections and other parameters: https://easyengine.io/tutorials/nginx/status-page/ and test it: <code>curl http://127.0.0.1/nginx_status</code>
+
 
* Read [[Nginx change log|Nginx Change log]]
+
##
* [[Configure HTTP to HTTPs redirection with Nginx]]
+
# SSL Settings
* Review [[SSL]] nginx configuration
+
##
 +
 
 +
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
 +
ssl_prefer_server_ciphers on;
 +
 
 +
##
 +
# Logging Settings
 +
##
 +
 
 +
access_log /var/log/nginx/access.log;
 +
error_log /var/log/nginx/error.log;
 +
 
 +
##
 +
# Gzip Settings
 +
##
 +
 
 +
gzip on;
 +
 
 +
# gzip_vary on;
 +
# gzip_proxied any;
 +
# gzip_comp_level 6;
 +
# gzip_buffers 16 8k;
 +
# gzip_http_version 1.1;
 +
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
 +
 
 +
##
 +
# Virtual Host Configs
 +
##
 +
 
 +
include /etc/nginx/conf.d/*.conf;
 +
include /etc/nginx/sites-enabled/*;
 +
}
 +
 
 +
 
 +
#mail {
 +
# # See sample authentication script at:
 +
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
 +
#
 +
# # auth_http localhost/auth.php;
 +
# # pop3_capabilities "TOP" "USER";
 +
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
 +
#
 +
# server {
 +
# listen    localhost:110;
 +
# protocol  pop3;
 +
# proxy      on;
 +
# }
 +
#
 +
# server {
 +
# listen    localhost:143;
 +
# protocol  imap;
 +
# proxy      on;
 +
# }
 +
#}
 +
 
 +
</pre>
 +
 
 +
== Misc ==
 +
 
 +
 
 +
* Error log file: <code>/var/log/nginx/[[Error.log (Nginx)|error.log]]</code>
 +
* Access log file: <code>/var/log/nginx/[[access.log]]</code>
  
Medium
 
* Use <code>[[prometheus]]-[[nginx]]-exporter</code> to collect Nginx metrics
 
  
== Related terms ==
+
== Examples ==
* [[NGINX Amplify]] [[SaaS]]
+
* [[Track Application Response time in Nginx]]
 +
* [[Nginx Sample Configurations]]
  
 
== See also ==
 
== See also ==
* {{certbot}}
+
* {{nginx.conf}}
 
* {{nginx}}
 
* {{nginx}}
* {{http}}
+
* {{Apache HTTP}}
* {{proxy}}
+
* [[Reverse proxy]]
* [[Nagios]]: <code>[[check_http]]</code>
 
 
 
[[Category:Web]]
 
[[Category:Nginx]]
 
  
{{CC license}}
+
[[Category:Web server software]]
Source: https://en.wikipedia.org/wiki/Nginx
 

Latest revision as of 15:56, 11 September 2021

Nginx


Default Ubuntu 20.04[edit]

cat  /etc/nginx/nginx.conf | grep -v "#" | grep .
user www-data; 
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
        worker_connections 768;
}
http {
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        include /etc/nginx/mime.types;
        default_type application/octet-stream;
        ssl_prefer_server_ciphers on;
        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;
        gzip on;
        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}

Default Ubuntu[edit]

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 768;
	# multi_accept on;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	# server_tokens off;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;

	# gzip_vary on;
	# gzip_proxied any;
	# gzip_comp_level 6;
	# gzip_buffers 16 8k;
	# gzip_http_version 1.1;
	# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}


#mail {
#	# See sample authentication script at:
#	# http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
#	# auth_http localhost/auth.php;
#	# pop3_capabilities "TOP" "USER";
#	# imap_capabilities "IMAP4rev1" "UIDPLUS";
#
#	server {
#		listen     localhost:110;
#		protocol   pop3;
#		proxy      on;
#	}
#
#	server {
#		listen     localhost:143;
#		protocol   imap;
#		proxy      on;
#	}
#}

Misc[edit]


Examples[edit]

See also[edit]

Advertising: