Nginx
Aus Alexander's Wiki
Version vom 8. April 2022, 22:18 Uhr von Admin (Diskussion | Beiträge)
Nginx installieren
Debian / Ubuntu
sudo apt update
sudo apt install nginx -y
CentOS
sudo yum install epel-release -y
sudo yum install nginx -y
Zusätzliche Befehle
Nginx starten und automatisch starten lassen:
systemctl start nginx
systemctl enable nginx
Wenn Änderungen in der Konfiguration vorgenommen werden, muss nginx neu gestartet werden:
sudo systemctl reload nginx
Ports auf den nginx läuft:
netstat -plntu
Firewall konfigurieren
UFW Firewall
ufw allow ssh
ufw enable
ufw allow http
ufw allow https
ufw status
Firewalld
systemctl start firewalld
systemctl enable firewalld
firewall-cmd --add-service=http --permanent
firewall-cmd --add-service=https --permanent
firewall-cmd --reload
firewall-cmd --list-services
ssh ist standardmäßig aktiviert.
Letsencrypt
Installation
Debian / Ubuntu
sudo apt install letsencrypt -y
cd /etc/nginx/
vim snippets/certbot.conf
einfügen:
location /.well-known {
alias /var/www/html/.well-known;
}
Bearbeiten Sie nun die standardmäßige virtuelle Nginx-Hostdatei.
vim sites-available/default
Fügen Sie folgende Konfiguration unter den Blöcken ’server {..}‘ hinzu.
include snippets/certbot.conf;
CentOS
sudo yum install certbot -y
cd /etc/nginx/
vim default.d/certbot.conf
einfügen
location /.well-known {
alias /usr/share/nginx/html/.well-known;
}
Nginx neu starten
SSL letsencrypt Zertifikate installieren
Debian / Ubuntu
certbot certonly --rsa-key-size 4096 --webroot --agree-tos --no-eff-email --email mail@akluge.de -w /var/www/html -d kluge-pferde.de
CentOS
certbot certonly --rsa-key-size 4096 --webroot --agree-tos --no-eff-email --email mail@akluge.de -w /usr/share/nginx/html -d kluge-pferde.de
Wenn es vollständig ist, erhalten Sie alle SSL-Zertifikatsdateien für den Domainnamen im Verzeichnis ‚/etc/letsencrypt/live‘.
Portweiterleitung:
server {
listen 80;
server_name kluge-pferde.de www.kluge-pferde.de;
return 301 https://www.kluge-pferde.de$request_uri;
}
ssss
server {
listen 443;
server_name kluge-pferde.de;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
rewrite_log on;
root /var/www/app/webroot;
index index.php index.html index.htm;
client_max_body_size 100M;
# Static files.
# Set expire headers, Turn off access log
location ~* \favicon.ico$ {
access_log off;
expires 1d;
add_header Cache-Control public;
}
location ~ ^/(img|cjs|ccss)/ {
access_log off;
expires 7d;
add_header Cache-Control public;
}
# Deny access to .htaccess files,
# git & svn repositories, etc
location ~ /(\.ht|\.git|\.svn) {
deny all;
}
}
Spezielle Anpassungen für CakePHP
# Not found this on disk?
# Feed to CakePHP for further processing!
if (!-e $request_filename) {
rewrite ^/(.+)$ /index.php?url=$1 last;
break;
}
# Pass the PHP scripts to FastCGI server
# listening on 127.0.0.1:9000
# location ~ \.php$ {
# fastcgi_pass unix:/tmp/php.socket;
# #fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_intercept_errors on; # to support 404s for PHP files not found
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# include fastcgi_params;
# }
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
# With php5-cgi alone:
#fastcgi_pass 127.0.0.1:9000;
# With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
