51 NGINX 101
NGINX is a web server also used for load balancer. The full documentation is available at http://nginx.org/en/docs/.
NGINX has one or more configuration files that are merged together.
A minimal configuration file is
http {
server {
server_name example.org;
location / {
root /data/www;
}
}
}The above configuration file has
- a
httpcontext that represents the HTTP server. - a
servercontext that represents a virtual HTTP server. - a
server_namedirective used to decide if the server should reply to a given request. - a
locationcontext used when a given partner matches the request URI. - a
rootdirective used to define the root directory for requests.
51.1 Security
By default, NGINX will return a lot of metadata information in the header.
curl -I localhostHTTP/1.1 200 OK
Server: nginx/1.18.0 (Ubuntu)
Date: Thu, 16 Mar 2023 07:49:35 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Wed, 15 Mar 2023 10:05:45 GMT
Connection: keep-alive
ETag: "64119879-264"
Accept-Ranges: bytesChange
# server_tokens off;to
server_tokens off;in /etc/nginx/nginx.conf.
Test NGINX configuration file:
sudo nginx -tReload and restart NGINX:
sudo systemctl reload nginx.servicesudo systemctl restart nginx.serviceVerify that NGINX is running:
sudo systemctl status nginx.service51.2 Encrypted Communication
Use Let’s Encrypt to enable Hypertext Transfer Protocol Secure (HTTPS).
You can obtain the SSL certificate with the help of CertBot:
Note
NGINX must be able to reply to external requests. You can use a service like https://downforeveryoneorjustme.com to test if the server is accessible from outside GESIS network.
sudo snap install --classic certbotsudo ln -s /snap/bin/certbot /usr/bin/certbotsudo certbot \
--nginx \
-d your.awesome.domain.com \
--debug-challenges -v51.3 Debugging
sudo cat /var/log/nginx/error.log51.4 Retire Encrypted Communication
sudo certbot delete \
-cert-name your.awesome.domain.com