nginx

Install on FreeBSD 10.3

load_module /usr/local/libexec/nginx/ngx_mail_module.so;
load_module /usr/local/libexec/nginx/ngx_stream_module.so;

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    server {
        listen       80;
        server_name  localhost;

        location / {
            root   /usr/local/www/nginx;
            index  index.html index.htm;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/local/www/nginx-dist;
        }
    }

}

include /usr/local/etc/nginx/sslbalance.d/*;

stream{
   upstream backend {
       server 127.0.0.1:8443;
       server 127.0.0.1:8444;
    }

   server {
       listen 443;
       proxy_pass backend;
   }
}

Install on Slackware

   1 cd /tmp 
   2 wget https://slackbuilds.org/slackbuilds/14.2/network/nginx.tar.gz
   3 tar xvzf nginx.tar.gz
   4 cd nginx
   5 wget http://nginx.org/download/nginx-1.10.2.tar.gz
   6 ./nginx.SlackBuild
   7 installpkg  /tmp/nginx-1.10.2-x86_64-1_SBo.tgz
   8 
   9 /etc/rc.d/rc.httpd stop
  10 sh /etc/rc.d/rc.nginx start

nginx.conf with reverse proxy example

# nginx.conf
worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;


    server {
        listen       80;
        server_name  localhost;

        location / {
            root   /var/www/html;
            index  index.html index.htm;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /var/www/html;
        }
    }

    server{
          listen 80;
          server_name abc.example.org;
          location / { proxy_pass   http://127.0.0.1:8081; }
     }

    server {
      listen 80;
      server_name cde.example.org;
      location / {  proxy_pass   http://127.0.0.1:8082; }
    }

}

Reverse proxy with redirect from 80 t0 443

cat  /etc/nginx/sites-enabled/example.org 
server {
  listen 80; 
  return 301 https://example.org$request_uri;
  server_name example.org;
  #root /var/www/example;
  location / {
    proxy_pass http://localhost:8888/;
  }
}

server {
  listen 443 ssl;
  server_name example.org;
  location / {
    proxy_pass http://localhost:8888/;
  }
  ssl_certificate /etc/ssl/certs/example_fullchain.crt;
  ssl_certificate_key /etc/ssl/private/example_private.key;
}

test.example.org

   1 # SSL/TLS cert
   2 sudo bash 
   3 mkdir -p /var/www/test.example.org/
   4 echo "<html><body>Hello test</body></html>" >  /var/www/test.example.org/index.html 
   5 
   6 # create getssl configuration files and folder for test.example.org 
   7 ./getssl -c test.example.org
   8 # edit config file
   9 nano ~/.getssl/test.example.org/getssl.cfg

   1 # specify correct ACL option
   2 CA="https://acme-v02.api.letsencrypt.org"
   3 ACL=('/var/www/test.example.org/.well-known/acme-challenge')

   1 # edit test nginx config
   2 nano /etc/nginx/sites-enabled/test.example.org

   1 server {
   2   listen 80; 
   3   server_name test.example.org;
   4   root /var/www/test.example.org;
   5 }

   1 ./getssl test.example.org
   2 #Certificate saved in /root/.getssl/test.example.org/test.example.org.crt
   3 cp /root/.getssl/test.example.org/fullchain.crt /etc/ssl/certs/test_fullchain.crt
   4 cp /root/.getssl/test.example.org/test.example.org.key /etc/ssl/private/test_private.key
   5 
   6 # edit test nginx config
   7 nano  /etc/nginx/sites-enabled/test.example.org  | grep -v "#" 

   1 server {
   2   listen 80; 
   3   return 301 https://test.example.org$request_uri;
   4   server_name test.example.org;
   5   root /var/www/test.example.org;
   6 }
   7 
   8 server {
   9   listen 443 ssl;
  10   server_name test.example.org;
  11   root /var/www/test.example.org;
  12   ssl_protocols TLSv1.2 TLSv1.3;
  13   ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
  14   ssl_prefer_server_ciphers on;
  15   ssl_certificate /etc/ssl/certs/test_fullchain.crt;
  16   ssl_certificate_key /etc/ssl/private/test_private.key;
  17 }

   1 curl -s https://test.example.org/ -vvv 2>&1 | grep -e "expire date" -e Host
   2 #* Host test.example.org:443 was resolved.
   3 #*  expire date: Sep 10 12:31:58 2026 GMT
   4 #> Host: test.example.org
   5 
   6 cd /var/www/
   7 chown www-data * -R
   8 chgrp www-data * -R
   9 nginx -t
  10 service nginx restart

nginx (last edited 2026-06-12 14:01:48 by vitor)