Skip to content

nginx

Static Site


services:
  nginx:
    image: nginx:latest
    hostname: wiki
    ports:
      - "8082:80"
    volumes:
      - ./html:/usr/share/nginx/html:ro



Example nginx.conf

server {
    listen       80;
    server_name  localhost;
    root /var/www/html;
    index index.html;
    # serve static files as per the below configuration. The static file will be cached for 5 days
    location / {
        try_files $uri $uri/ =404;
    }
}

apps/static/default.conf · master · Paul Mullins / DentropyCloud-traefik · GitLab

Proxy Nginx Config

server {
    listen 80;
    location / {
        proxy_pass http://backend_service_name;
    }
}

docker run -d
    --name=nginx-proxy
    --network=quivr_default
    -p 80:80 \
    -v \ $(pwd)/nginx.conf:/etc/nginx/conf.d/default.conf \ nginx


networks:
  quivr_default:
    external:
      name: quivr_default

services:
  nginx:
    image: nginx:latest
    hostname: wiki
    ports:
      - "8082:80"
    networks:
      - quivr_default
    volumes:
      - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro


Port Forwarding using Nginx with SSL

Check nginx config

sudo nginx -t

Restart nginx

sudo systemctl reload nginx

Port Forwarding using Nginx with Self Signed SSL Cert

  1. Setup a ubuntu VM and install nginx

    sudo apt update
    sudo apt install -y nginx
    
  2. Create some self signed certs

    sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
    
  3. Create file to manage proxy site at /etc/nginx/sites-available/{site hostname}} the following format

    server {
        listen 80;
        server_name {site hostname}};
        return 302 https://{site hostname}};
    }

    server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name {site hostname}};

        ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
        ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
        ssl_protocols TLSv1.2 TLSv1.1 TLSv1;


        location / {
            proxy_pass {http or https}}://{proxied hostname or IP address}};
        }
    }
  1. Link site to site-available folder
    ln -s /etc/nginx/sites-available/{site hostname}} /etc/nginx/sites-enabled/{site hostname}}
    

Port Forwarding using Nginx with Letsencrypt SSL Cert

  1. Install Letsencrypt

    sudo apt update
    sudo apt install -y letsencrypt
    
  2. Run command to generate certs

    sudo mkdir -p /var/lib/letsencrypt/
    sudo certbot certonly --email {your@emailaddress}} -d {yourdomain}} --standalone
    
  3. Modify as necessary

    server {
        listen 80;
        server_name {site hostname}};
        return 302 https://{site hostname}};
    }
    
    server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name {site hostname}};
    
        #ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
        #ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
        ssl_trusted_certificate   /etc/letsencrypt/live/{site hostname}}/chain.pem;
        ssl_certificate           /etc/letsencrypt/live/{site hostname}}/fullchain.pem;
        ssl_certificate_key       /etc/letsencrypt/live/{site hostname}}/privkey.pem;
    
        ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
        location / {
            proxy_pass {http or https}}://{proxied hostname or IP address}};
        }
    }
    
  4. Run the following commands

    sudo apt install certbot
    sudo mkdir -p /var/lib/letsencrypt/
    sudo certbot certonly --email <your@emailaddress> -d <yourdomain> --standalone
    

    * Alternative virtual host setup

One can copy just the server section of config code and put it in between the http brackets of /etc/nginx.conf as long as the line container proxy\~cache~ is removed

Add a HTTP Password

https://www.digitalocean.com/community/tutorials/how-to-set-up-password-authentication-with-nginx-on-ubuntu-14-04

Docker compose

version: '3'
services:
    nginx:
        image: nginx:latest
        container_name: production_nginx
        volumes:
            - ./nginx.conf:/etc/nginx/nginx.conf
        ports:
            - 7080:80
            - 7443:443

user www www; ## Default: nobody worker\~processes~ 5; ## Default: 1 error\~log~ logs/error.log; pid logs/nginx.pid; worker\~rlimit~\~nofile~ 8192;

events { worker\~connections~ 4096; ## Default: 1024 }

http { include conf/mime.types; include /etc/nginx/proxy.conf; include /etc/nginx/fastcgi.conf; index index.html index.htm index.php;

default\~type~ application/octet-stream; log\~format~ main '$remote\~addr~ - $remote~user~ [$time\~local~] $status ' '"$request" $body~bytessent~ "$http\~referer~"' '"$http~useragent~" "$http\~x~\~forwarded~\~for~"'; access\~log~ logs/access.log main; sendfile on; tcp\~nopush~ on; server\~names~\~hash~\~bucket~\~size~ 128; # this seems to be required for some vhosts

server { # simple reverse-proxy listen 80; server\~name~ domain2.com www.domain2.com; access\~log~ logs/domain2.access.log main;

# pass requests for dynamic content to rails/turbogears/zope, et al
location / {
  proxy_pass      https://127.0.0.1:7001;
}

} }

Sources and further reading

Example of proxypass Simpler nginx config Reset default nginx configuration
Nginx example config How to enable a site