Javiertury (talk | contribs) No edit summary |
m (→Configuration) |
||
Line 16: | Line 16: | ||
== Configuration == | == Configuration == | ||
The configuration of nginx is | The configuration of nginx is straightforward. The main configuration file is located in {{filename|/etc/nginx/nginx.conf}} and is structured in the following way, first there is some very general configuration about nginx itself and an events block which looks like this: | ||
user nginx; | user nginx; | ||
worker_processes 1; | worker_processes 1; | ||
Line 31: | Line 31: | ||
} | } | ||
The advised number of processes is the number of cores/threads your cpu has. Remember that you should | The advised number of processes is the number of cores/threads your cpu has. Remember that you should use a semicolon(;) after each option, except for the blocks themselves. | ||
After that there is one big http block that contains the general configuration related to this protocol. Notice that inside this block there is the following line | After that there is one big http block that contains the general configuration related to this protocol. Notice that inside this block there is the following line |
Revision as of 17:44, 16 August 2015
Nginx is a fast and lightweight web, http load balancer, reverse proxy and http cache server. The main characteristics are efficiency and escalability which makes Nginx suited for both the small and the bussiest servers on the Internet.
Installation
$ su # yum install nginx
To have the server start at each boot:
# systemctl enable nginx.service
To start the server now:
# systemctl start nginx.service
Configuration
The configuration of nginx is straightforward. The main configuration file is located in /etc/nginx/nginx.conf
and is structured in the following way, first there is some very general configuration about nginx itself and an events block which looks like this:
user nginx; worker_processes 1; error_log /var/log/nginx/error.log; #error_log /var/log/nginx/error.log notice; #error_log /var/log/nginx/error.log info; pid /var/run/nginx.pid; events { worker_connections 1024; }
The advised number of processes is the number of cores/threads your cpu has. Remember that you should use a semicolon(;) after each option, except for the blocks themselves.
After that there is one big http block that contains the general configuration related to this protocol. Notice that inside this block there is the following line
include /etc/nginx/conf.d/*.conf;
which tells us that the rest of the configuration files are going to be in the configuration directory /etc/nginx/conf.d/
and are going to have a .conf extension.
And inside this http block, either in the nginx.conf file itself or included from the configuration directory /etc/nginx/conf.d/
there is one server block per virtual host.
Webserver
Nginx was designed to be a webserver. All you need to create a virtual host is to create a new file in the /etc/nginx/conf.d/
directory with a .conf extension and a server block in it. the server block will be automatically included in the http block.
For example, /etc/nginx/conf.d/myhost.com.conf
server { listen 80; server_name myhost.com; root /var/www/myhost.com/public_html; index index.php index.html; }
TLS/SSL
Nginx uses ngx_http_ssl_module which is based on OpenSSL and at the moment there are no alternatives.
Install an existing certificate
If you already have a certificate generated on another computer, move the certificate and the key file to the correct folder, and ensure their SELinux contexts, ownerships and permissions are correct:
# mv key_file.key /etc/pki/tls/private/myhost.com.key # restorecon /etc/pki/tls/private/myhost.com.key # chown root.root /etc/pki/tls/private/myhost.com.key # chmod 0600 /etc/pki/tls/private/myhost.com.key # mv certificate.crt /etc/pki/tls/certs/myhost.com.crt # restorecon /etc/pki/tls/private/myhost.com.crt # chown root.root /etc/pki/tls/private/myhost.com.crt # chmod 0600 /etc/pki/tls/private/myhost.com.crt
After this set it up
Generate a new certificate
How to generate a new certificate
Configuring TLS/SSL hosts
Modify inside the server block of a particular virtual host the following lines or add them, so it looks like this:
listen 443 ssl; ssl_certificate /etc/pki/tls/certs/myhost.com.crt ssl_certificate_key /etc/pki/tls/private/myhost.com.key