Press "Enter" to skip to content

Useful Configs for NGINX

Shahriar 2

After posting the first of my linux SysAdmin quick config sample series titled “Useful Configs for squid” (which you can read here). I decided to write another post, this time about the powerful and popular web/cache server NGINX!

I spent quite some time reading through nginx official docs and other blogs/websites while testing each configuration directive in different scenarios. Some of the options presented in this post do not have good or any documentation. I hope you find them useful!

*** snippets are tested on nginx on Debian 8 (jessie) but they will work on other distros/OSs with minimal or no modification.

Disclaimer: These configuration files are meant to be small and simple and designed to help you get an idea of what is possible with NGINX or quickly test some of its capabilities in a lab environment. although they probably work but they may be far from complete at times. So It’s up to you to research further if you want to leverage nginx in production.


Connecting to PHP:

Probably the first thing you want to do after installing nginx is to connect it to some php interpreter to be able to run your web application.

  • Install PHP (on debian : apt install php5 php5-fpm)
  • change NGINX config file like this (essentially only uncomment the relevant section):

  • add index.php to index line
  • verify socket properties in /etc/php5/fpm/pools.d/www.conf
    • socket permissions and user must be correct (they are correct in a default Debian Jessie install)

Redirect HTTP to HTTPS:

There any many ways to accomplish this. Some websites advocate the use of if($scheme … but THIS IS WRONG. it causes performance issues and also if in nginx behaves differently and you might get unexpected results. The correct way to do this is presented below, no rewrite, if , etc are needed this(see ):

*** Note that since we are doing a permanent redirect (301), it will be cached by browsers so it will be a one time thing and they will connect to https port by default in subsequent visits.

 

Nginx Reverse Proxy:

Reverse proxy is a very popular and useful feature of nginx. It’s important that you completely understand how it works and how to use it effectively. a large number of websites and services are based on nginx reverse proxy like Netflix, CloudFlare CDN and many more!

basic reverse proxy:

This feature is usually utilized minimally like this:

I suggest you read official docs on this feature at least, there are many good articles on reverse proxying with nginx on other websites too.

Forward Proxy:

This is not a very used feature but for the sake of completeness and also because it is not available on other websites I will show you how to configure nginx as a forward proxy for your organization. It will do the job very well!

*** Do not host this on a public facing IP!

IP-based Block:

You may want to deny or allow access only from a specific ip range. you can achieve this with iptables, but this is an acceptable way too:

Custom Error Pages:

You can easily customize your error page using nginx and setup fancy error pages for all types of error (GitHub is my favorite ^_^ ):

Log format and Destination:

Changing the log format and log destination is trivial in nginx. I create a new access log format and then use it to log to syslog facility.

you can view official nginx docs regarding field names for logs and support for syslog, etc.

Basic Caching with Nginx:

This snippet is intended to give you a very rough idea of caching with nginx and the minimal configuration required to activate that. In a real server more sophisticated caching will probably be required but this will get you started on this topic.

*** Caching is one of the most advanced  features of nginx, make sure to study and understand it.

HTTP Basic Authentication:

It’s the simplest form of authentication you can have for your website or a single page. yet it is effective and secure (if your password is only known by you of course). BE CAREFUL not to put your password file in your web directory! (yes I’ve seen people do that)


some links:

Official docs

Common config pitfalls (official docs)


I hope you found this blog post useful… spread the word and tell your friends! also do not hesitate to comment. Have fun sysadmin-ing!

  1. Caching without description about caching header, like cache_control is incomplete. If cache_control be privte, no caching happend.
    Sorry for my bad english.

    • Shahriar EV Shahriar EV

      Yes of course. You are right but I tried to only show some directives as an introduction. NGINX (and OpenResty!) have endless possible configurations. Good luck. Thanks for your comment.

Leave a Reply

Your email address will not be published. Required fields are marked *