Solved

Configuration in NGINX in raspberry

Posted on 2016-08-29
2
63 Views
Last Modified: 2016-09-21
I followed this tutorial http://www.avoiderrors.net/owncloud-raspberry-pi and it works fine.

Meanwhile I want a different configuration in my RPI; I want multiple sites and services running behind NGINX.

<RPI IP>/owncloud
<RPI IP>/othersite (inside folder /var/www)
<RPI IP>/service (reverse proxy to localhost:9090)

Can anyone help with this configuration?
0
Comment
Question by:Bruno Martins
  • 2
2 Comments
 
LVL 40

Accepted Solution

by:
noci earned 500 total points (awarded by participants)
ID: 41779276
Here is a possible setup my looks a bit like it but i have a separate hostname (same ip address) for several services
to keep the configuration a bit sane.


nginx.conf    ( not complete.... may need more/other }
http {
        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        log_format main
                '$remote_addr - $remote_user [$time_local] '
                '"$request" $status $bytes_sent '
                '"$http_referer" "$http_user_agent" '
                '"$host" "$uri" "$request_filename" "$gzip_ratio"';

        client_header_timeout 10m;
        client_body_timeout 10m;
        client_max_body_size 10m;
        client_body_buffer_size 128k;

        send_timeout 10m;

        connection_pool_size 256;
        client_header_buffer_size 1k;
        large_client_header_buffers 4 2k;
        request_pool_size 4k;

        gzip on;
        gzip_min_length 1100;
        gzip_buffers 16 8k;
        gzip_types text/plain;
        gzip_disable "msie6";

        output_buffers 2 32k;
        postpone_output 1460;

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
     
        keepalive_timeout 75 20;

        ignore_invalid_headers on;
        proxy_connect_timeout 90;
        proxy_send_timeout 90;
        proxy_read_timeout 90;
        proxy_buffer_size 4k;
        proxy_buffers 4 32k;
        proxy_busy_buffers_size   64k;
        proxy_temp_file_write_size 64k;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_max_temp_file_size 0;

        ssl_session_timeout 5m;
        ssl_session_cache builtin:1000 shared:SSL:10m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 ; # required by SNI
        #ssl_ciphers HIGH:!aNULL:!eNULL:!MD5:!RC4:!PSK:!DES;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!aNULL:!eNULL:!EXPORT40:!EXPORT56:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4;
        ssl_prefer_server_ciphers on;

        real_ip_header X-Forwarded-For;

        index index.php index.html index.htm;
        access_log /var/log/nginx/access_log combined buffer=32k flush=5m;
        error_log /var/log/nginx/error_log;

        fastcgi_cache_path /data/nginx-cache/ levels=1:2 keys_zone=OWNCLOUD:100m inactive=60m;

        map $request_uri $skip_cache {
                default 1;
                ~*/thumbnail.php 0;
                ~*/apps/galleryplus/ 0;
                ~*/apps/gallery/ 0;
        }

        upstream php-handler { server 127.0.0.1:9000 fail_timeout=60s; }

        include /etc/nginx/nginx.d/*.conf ;

        server {
                listen 80;
                server_name _;
                root /var/www/localhost/htdocs/ ;
                index index.html;
                access_log      /var/log/nginx/access_unknown combined buffer=32k flush=5m;
                error_log       /var/log/nginx/error_unknown;
        }
        server { 
                listen localhost:443 ssl; 
                server_name _;
                access_log      /var/log/nginx/access_unknown combined buffer=32k flush=5m;
                error_log       /var/log/nginx/error_unknown;
                include /etc/nginx/sslparams.inc ;
                ssl_certificate /etc/ssl/server/yourcert-cert.pem ;
                ssl_certificate_key /etc/ssl/server/yourcert-key.pem;

                # Path to the root of your installation
                root /var/www/localhost/htdocs/;
                index index.html;
        }
}

Open in new window


sslparams:  these are separate to be able to easily adjust settings on a central place.
                ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
                #ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELIA:!DES:!MD5:!PSK:!RC4 ;
                #ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:HIGH:!aNULL:!eNULL:!EXPORT:!EXPORT40:!EXPORT56:!DES:!3DES:!MD5:!PSK:!RC4;
                ssl_prefer_server_ciphers on;
                #ssl_ciphers 'ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5';
                ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !kECDH !DSS !MD5 !RC4 !EXP !PSK !SRP !CAMELLIA !SEED';

                ssl_dhparam /etc/nginx/dhparam.pem ;
                ssl_session_timeout 180m;
                ssl_session_cache builtin:1000 shared:SSL:10m;
                # Before enabling Strict-Transport-Security headers please read into this topic first.
                add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";

Open in new window



and per service:
simple service conf:
        server { 
                listen 80; 
                server_name domainname ; 
                root /var/www/domainname/htdocs/ ;
                index index.html;
        }

Open in new window

regular otherservice conf with https:
        server { listen 80; server_name domainname otherdomainname; return 301 https://domainname/$request_uri; } # enforce https


        server { 
                listen localhost:443 ssl; 
                server_name domainname otherdomainname ;   { whatever matches the certificate }
                ssl_certificate /etc/letsencrypt/live/domainname/fullchain.pem ; #   /etc/ssl/server/domainname.chain.pem ;
                ssl_certificate_key /etc/letsencrypt/live/domainname/privkey.pem;  #   /etc/ssl/server/domainname.key.pem;
                ssl_session_cache builtin:1000 shared:SSL:10m;
                include nginx.d/sslparams.inc ;
                # Path to the root of your installation
                root /var/www/domainname/htdocs/;

                client_max_body_size 1M; # set max upload size
                fastcgi_buffers 64 4K;
                proxy_set_header  Host domainname:443;

                location ~ ^/robots.txt {
                        allow all;
                        log_not_found off;
                        access_log off;
                }

                location ~ (\.php) {                      ## Settings for my setup "
                        try_files $uri =404;
                        include fastcgi-php.conf;
                        fastcgi_index index.php;
                        fastcgi_keep_conn on;
                        fastcgi_split_path_info       ^(.+\.php)(.*)$;
                        fastcgi_param HTTP_PROXY "";
                        fastcgi_param PATH_INFO       $fastcgi_path_info;
                        fastcgi_param PATH_TRANSLATED    $request_filename;
                        #       fastcgi_param SCRIPT_FILENAME    $request_filename;
                        fastcgi_pass php-handler;
                }

                location ~ ^/$ {
                        try_files $uri $uri/ index.html;
                }

Open in new window


Proxy:
     upstream lh9090 { server 127.0.0.1:9090; }


     server {
         listen 80; 
         server_name domainname;

         location ~ ^/service {
              # Forward WebSocket, if needed......
              proxy_http_version 1.1;
              proxy_set_header Upgrade $http_upgrade;
              proxy_set_header Connection $connection_upgrade;
              # forward request
              proxy_set_header Host $host;
              proxy_pass http://lh9090;
          }

           location ~ ^/owncloud {
# see owncloud for settings, they may depend on version and the presented config may interfere with other settings within a host.... and are far more complex.
# may i suggest using a different hostname for that....
           }

            location ~ ^/othersite {
                root /var/www/domainname/othersite;
            }
     } 

Open in new window

0
 
LVL 40

Expert Comment

by:noci
ID: 41808380
it works, nothing heard back though.
0
Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Dropbox doesnt syscronize 7 75
How setup ip cams with cloud 7 127
stackato and cloud 4 85
Adding multiple JVM environments to RedHat 6 7 18
There is no doubt that cloud is gaining importance. Many of you must have read about this technology and its growing importance. More and more organisations are embracing this technology not forgetting start-ups. The process begins by dipping …
Cloud-based technologies and services will continue to grow in popularity in 2017 thanks to the simple, scalable and cost-effective solutions they deliver. Here are three areas where cloud adoption is poised to really take off.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now