Contents
nginx
Install on FreeBSD 10.3
- pkg install nginx
- /usr/local/etc/nginx/nginx.conf
load_module /usr/local/libexec/nginx/ngx_mail_module.so;
load_module /usr/local/libexec/nginx/ngx_stream_module.so;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root /usr/local/www/nginx;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/www/nginx-dist;
}
}
}
include /usr/local/etc/nginx/sslbalance.d/*;- /usr/local/etc/nginx/sslbalance.d/sslbalance.conf
stream{
upstream backend {
server 127.0.0.1:8443;
server 127.0.0.1:8444;
}
server {
listen 443;
proxy_pass backend;
}
}
Install on Slackware
nginx.conf with reverse proxy example
# nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root /var/www/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/html;
}
}
server{
listen 80;
server_name abc.example.org;
location / { proxy_pass http://127.0.0.1:8081; }
}
server {
listen 80;
server_name cde.example.org;
location / { proxy_pass http://127.0.0.1:8082; }
}
}
Reverse proxy with redirect from 80 t0 443
cat /etc/nginx/sites-enabled/example.org
server {
listen 80;
return 301 https://example.org$request_uri;
server_name example.org;
#root /var/www/example;
location / {
proxy_pass http://localhost:8888/;
}
}
server {
listen 443 ssl;
server_name example.org;
location / {
proxy_pass http://localhost:8888/;
}
ssl_certificate /etc/ssl/certs/example_fullchain.crt;
ssl_certificate_key /etc/ssl/private/example_private.key;
}
test.example.org
1 # SSL/TLS cert
2 sudo bash
3 mkdir -p /var/www/test.example.org/
4 echo "<html><body>Hello test</body></html>" > /var/www/test.example.org/index.html
5
6 # create getssl configuration files and folder for test.example.org
7 ./getssl -c test.example.org
8 # edit config file
9 nano ~/.getssl/test.example.org/getssl.cfg
1 ./getssl test.example.org
2 #Certificate saved in /root/.getssl/test.example.org/test.example.org.crt
3 cp /root/.getssl/test.example.org/fullchain.crt /etc/ssl/certs/test_fullchain.crt
4 cp /root/.getssl/test.example.org/test.example.org.key /etc/ssl/private/test_private.key
5
6 # edit test nginx config
7 nano /etc/nginx/sites-enabled/test.example.org | grep -v "#"
1 server {
2 listen 80;
3 return 301 https://test.example.org$request_uri;
4 server_name test.example.org;
5 root /var/www/test.example.org;
6 }
7
8 server {
9 listen 443 ssl;
10 server_name test.example.org;
11 root /var/www/test.example.org;
12 ssl_protocols TLSv1.2 TLSv1.3;
13 ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
14 ssl_prefer_server_ciphers on;
15 ssl_certificate /etc/ssl/certs/test_fullchain.crt;
16 ssl_certificate_key /etc/ssl/private/test_private.key;
17 }
