Solved

Configuration in NGINX in raspberry

Posted on 2016-08-29
2
53 Views
Last Modified: 2016-09-21
I followed this tutorial http://www.avoiderrors.net/owncloud-raspberry-pi and it works fine.

Meanwhile I want a different configuration in my RPI; I want multiple sites and services running behind NGINX.

<RPI IP>/owncloud
<RPI IP>/othersite (inside folder /var/www)
<RPI IP>/service (reverse proxy to localhost:9090)

Can anyone help with this configuration?
0
Comment
Question by:Bruno Martins
  • 2
2 Comments
 
LVL 40

Accepted Solution

by:
noci earned 500 total points (awarded by participants)
ID: 41779276
Here is a possible setup my looks a bit like it but i have a separate hostname (same ip address) for several services
to keep the configuration a bit sane.


nginx.conf    ( not complete.... may need more/other }
http {
        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        log_format main
                '$remote_addr - $remote_user [$time_local] '
                '"$request" $status $bytes_sent '
                '"$http_referer" "$http_user_agent" '
                '"$host" "$uri" "$request_filename" "$gzip_ratio"';

        client_header_timeout 10m;
        client_body_timeout 10m;
        client_max_body_size 10m;
        client_body_buffer_size 128k;

        send_timeout 10m;

        connection_pool_size 256;
        client_header_buffer_size 1k;
        large_client_header_buffers 4 2k;
        request_pool_size 4k;

        gzip on;
        gzip_min_length 1100;
        gzip_buffers 16 8k;
        gzip_types text/plain;
        gzip_disable "msie6";

        output_buffers 2 32k;
        postpone_output 1460;

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
     
        keepalive_timeout 75 20;

        ignore_invalid_headers on;
        proxy_connect_timeout 90;
        proxy_send_timeout 90;
        proxy_read_timeout 90;
        proxy_buffer_size 4k;
        proxy_buffers 4 32k;
        proxy_busy_buffers_size   64k;
        proxy_temp_file_write_size 64k;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_max_temp_file_size 0;

        ssl_session_timeout 5m;
        ssl_session_cache builtin:1000 shared:SSL:10m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 ; # required by SNI
        #ssl_ciphers HIGH:!aNULL:!eNULL:!MD5:!RC4:!PSK:!DES;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!aNULL:!eNULL:!EXPORT40:!EXPORT56:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4;
        ssl_prefer_server_ciphers on;

        real_ip_header X-Forwarded-For;

        index index.php index.html index.htm;
        access_log /var/log/nginx/access_log combined buffer=32k flush=5m;
        error_log /var/log/nginx/error_log;

        fastcgi_cache_path /data/nginx-cache/ levels=1:2 keys_zone=OWNCLOUD:100m inactive=60m;

        map $request_uri $skip_cache {
                default 1;
                ~*/thumbnail.php 0;
                ~*/apps/galleryplus/ 0;
                ~*/apps/gallery/ 0;
        }

        upstream php-handler { server 127.0.0.1:9000 fail_timeout=60s; }

        include /etc/nginx/nginx.d/*.conf ;

        server {
                listen 80;
                server_name _;
                root /var/www/localhost/htdocs/ ;
                index index.html;
                access_log      /var/log/nginx/access_unknown combined buffer=32k flush=5m;
                error_log       /var/log/nginx/error_unknown;
        }
        server { 
                listen localhost:443 ssl; 
                server_name _;
                access_log      /var/log/nginx/access_unknown combined buffer=32k flush=5m;
                error_log       /var/log/nginx/error_unknown;
                include /etc/nginx/sslparams.inc ;
                ssl_certificate /etc/ssl/server/yourcert-cert.pem ;
                ssl_certificate_key /etc/ssl/server/yourcert-key.pem;

                # Path to the root of your installation
                root /var/www/localhost/htdocs/;
                index index.html;
        }
}

Open in new window


sslparams:  these are separate to be able to easily adjust settings on a central place.
                ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
                #ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELIA:!DES:!MD5:!PSK:!RC4 ;
                #ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:HIGH:!aNULL:!eNULL:!EXPORT:!EXPORT40:!EXPORT56:!DES:!3DES:!MD5:!PSK:!RC4;
                ssl_prefer_server_ciphers on;
                #ssl_ciphers 'ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5';
                ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !kECDH !DSS !MD5 !RC4 !EXP !PSK !SRP !CAMELLIA !SEED';

                ssl_dhparam /etc/nginx/dhparam.pem ;
                ssl_session_timeout 180m;
                ssl_session_cache builtin:1000 shared:SSL:10m;
                # Before enabling Strict-Transport-Security headers please read into this topic first.
                add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";

Open in new window



and per service:
simple service conf:
        server { 
                listen 80; 
                server_name domainname ; 
                root /var/www/domainname/htdocs/ ;
                index index.html;
        }

Open in new window

regular otherservice conf with https:
        server { listen 80; server_name domainname otherdomainname; return 301 https://domainname/$request_uri; } # enforce https


        server { 
                listen localhost:443 ssl; 
                server_name domainname otherdomainname ;   { whatever matches the certificate }
                ssl_certificate /etc/letsencrypt/live/domainname/fullchain.pem ; #   /etc/ssl/server/domainname.chain.pem ;
                ssl_certificate_key /etc/letsencrypt/live/domainname/privkey.pem;  #   /etc/ssl/server/domainname.key.pem;
                ssl_session_cache builtin:1000 shared:SSL:10m;
                include nginx.d/sslparams.inc ;
                # Path to the root of your installation
                root /var/www/domainname/htdocs/;

                client_max_body_size 1M; # set max upload size
                fastcgi_buffers 64 4K;
                proxy_set_header  Host domainname:443;

                location ~ ^/robots.txt {
                        allow all;
                        log_not_found off;
                        access_log off;
                }

                location ~ (\.php) {                      ## Settings for my setup "
                        try_files $uri =404;
                        include fastcgi-php.conf;
                        fastcgi_index index.php;
                        fastcgi_keep_conn on;
                        fastcgi_split_path_info       ^(.+\.php)(.*)$;
                        fastcgi_param HTTP_PROXY "";
                        fastcgi_param PATH_INFO       $fastcgi_path_info;
                        fastcgi_param PATH_TRANSLATED    $request_filename;
                        #       fastcgi_param SCRIPT_FILENAME    $request_filename;
                        fastcgi_pass php-handler;
                }

                location ~ ^/$ {
                        try_files $uri $uri/ index.html;
                }

Open in new window


Proxy:
     upstream lh9090 { server 127.0.0.1:9090; }


     server {
         listen 80; 
         server_name domainname;

         location ~ ^/service {
              # Forward WebSocket, if needed......
              proxy_http_version 1.1;
              proxy_set_header Upgrade $http_upgrade;
              proxy_set_header Connection $connection_upgrade;
              # forward request
              proxy_set_header Host $host;
              proxy_pass http://lh9090;
          }

           location ~ ^/owncloud {
# see owncloud for settings, they may depend on version and the presented config may interfere with other settings within a host.... and are far more complex.
# may i suggest using a different hostname for that....
           }

            location ~ ^/othersite {
                root /var/www/domainname/othersite;
            }
     } 

Open in new window

0
 
LVL 40

Expert Comment

by:noci
ID: 41808380
it works, nothing heard back though.
0
Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Steve Terp was featured in a video created by CRN about how "Channel Is Crucial To Market Disruption". Click on View source to see the video and article
A customer recently asked me about anti-malware and the different deployment options available for his business. Daily news about cyberattacks, zero-day vulnerabilities, and companies that suffered a security breach made him wonder if the endpoint a…
This Micro Tutorial will explain how to export DynamoDB tables in Amazon Web Services.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now