Solved

Configuration in NGINX in raspberry

Posted on 2016-08-29
2
36 Views
Last Modified: 2016-09-21
I followed this tutorial http://www.avoiderrors.net/owncloud-raspberry-pi and it works fine.

Meanwhile I want a different configuration in my RPI; I want multiple sites and services running behind NGINX.

<RPI IP>/owncloud
<RPI IP>/othersite (inside folder /var/www)
<RPI IP>/service (reverse proxy to localhost:9090)

Can anyone help with this configuration?
0
Comment
Question by:Bruno Martins
  • 2
2 Comments
 
LVL 39

Accepted Solution

by:
noci earned 500 total points (awarded by participants)
Comment Utility
Here is a possible setup my looks a bit like it but i have a separate hostname (same ip address) for several services
to keep the configuration a bit sane.


nginx.conf    ( not complete.... may need more/other }
http {
        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        log_format main
                '$remote_addr - $remote_user [$time_local] '
                '"$request" $status $bytes_sent '
                '"$http_referer" "$http_user_agent" '
                '"$host" "$uri" "$request_filename" "$gzip_ratio"';

        client_header_timeout 10m;
        client_body_timeout 10m;
        client_max_body_size 10m;
        client_body_buffer_size 128k;

        send_timeout 10m;

        connection_pool_size 256;
        client_header_buffer_size 1k;
        large_client_header_buffers 4 2k;
        request_pool_size 4k;

        gzip on;
        gzip_min_length 1100;
        gzip_buffers 16 8k;
        gzip_types text/plain;
        gzip_disable "msie6";

        output_buffers 2 32k;
        postpone_output 1460;

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
     
        keepalive_timeout 75 20;

        ignore_invalid_headers on;
        proxy_connect_timeout 90;
        proxy_send_timeout 90;
        proxy_read_timeout 90;
        proxy_buffer_size 4k;
        proxy_buffers 4 32k;
        proxy_busy_buffers_size   64k;
        proxy_temp_file_write_size 64k;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_max_temp_file_size 0;

        ssl_session_timeout 5m;
        ssl_session_cache builtin:1000 shared:SSL:10m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 ; # required by SNI
        #ssl_ciphers HIGH:!aNULL:!eNULL:!MD5:!RC4:!PSK:!DES;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:HIGH:!aNULL:!eNULL:!EXPORT40:!EXPORT56:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4;
        ssl_prefer_server_ciphers on;

        real_ip_header X-Forwarded-For;

        index index.php index.html index.htm;
        access_log /var/log/nginx/access_log combined buffer=32k flush=5m;
        error_log /var/log/nginx/error_log;

        fastcgi_cache_path /data/nginx-cache/ levels=1:2 keys_zone=OWNCLOUD:100m inactive=60m;

        map $request_uri $skip_cache {
                default 1;
                ~*/thumbnail.php 0;
                ~*/apps/galleryplus/ 0;
                ~*/apps/gallery/ 0;
        }

        upstream php-handler { server 127.0.0.1:9000 fail_timeout=60s; }

        include /etc/nginx/nginx.d/*.conf ;

        server {
                listen 80;
                server_name _;
                root /var/www/localhost/htdocs/ ;
                index index.html;
                access_log      /var/log/nginx/access_unknown combined buffer=32k flush=5m;
                error_log       /var/log/nginx/error_unknown;
        }
        server { 
                listen localhost:443 ssl; 
                server_name _;
                access_log      /var/log/nginx/access_unknown combined buffer=32k flush=5m;
                error_log       /var/log/nginx/error_unknown;
                include /etc/nginx/sslparams.inc ;
                ssl_certificate /etc/ssl/server/yourcert-cert.pem ;
                ssl_certificate_key /etc/ssl/server/yourcert-key.pem;

                # Path to the root of your installation
                root /var/www/localhost/htdocs/;
                index index.html;
        }
}

Open in new window


sslparams:  these are separate to be able to easily adjust settings on a central place.
                ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
                #ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELIA:!DES:!MD5:!PSK:!RC4 ;
                #ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:HIGH:!aNULL:!eNULL:!EXPORT:!EXPORT40:!EXPORT56:!DES:!3DES:!MD5:!PSK:!RC4;
                ssl_prefer_server_ciphers on;
                #ssl_ciphers 'ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5';
                ssl_ciphers 'kEECDH+ECDSA+AES128 kEECDH+ECDSA+AES256 kEECDH+AES128 kEECDH+AES256 kEDH+AES128 kEDH+AES256 DES-CBC3-SHA +SHA !aNULL !eNULL !LOW !kECDH !DSS !MD5 !RC4 !EXP !PSK !SRP !CAMELLIA !SEED';

                ssl_dhparam /etc/nginx/dhparam.pem ;
                ssl_session_timeout 180m;
                ssl_session_cache builtin:1000 shared:SSL:10m;
                # Before enabling Strict-Transport-Security headers please read into this topic first.
                add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";

Open in new window



and per service:
simple service conf:
        server { 
                listen 80; 
                server_name domainname ; 
                root /var/www/domainname/htdocs/ ;
                index index.html;
        }

Open in new window

regular otherservice conf with https:
        server { listen 80; server_name domainname otherdomainname; return 301 https://domainname/$request_uri; } # enforce https


        server { 
                listen localhost:443 ssl; 
                server_name domainname otherdomainname ;   { whatever matches the certificate }
                ssl_certificate /etc/letsencrypt/live/domainname/fullchain.pem ; #   /etc/ssl/server/domainname.chain.pem ;
                ssl_certificate_key /etc/letsencrypt/live/domainname/privkey.pem;  #   /etc/ssl/server/domainname.key.pem;
                ssl_session_cache builtin:1000 shared:SSL:10m;
                include nginx.d/sslparams.inc ;
                # Path to the root of your installation
                root /var/www/domainname/htdocs/;

                client_max_body_size 1M; # set max upload size
                fastcgi_buffers 64 4K;
                proxy_set_header  Host domainname:443;

                location ~ ^/robots.txt {
                        allow all;
                        log_not_found off;
                        access_log off;
                }

                location ~ (\.php) {                      ## Settings for my setup "
                        try_files $uri =404;
                        include fastcgi-php.conf;
                        fastcgi_index index.php;
                        fastcgi_keep_conn on;
                        fastcgi_split_path_info       ^(.+\.php)(.*)$;
                        fastcgi_param HTTP_PROXY "";
                        fastcgi_param PATH_INFO       $fastcgi_path_info;
                        fastcgi_param PATH_TRANSLATED    $request_filename;
                        #       fastcgi_param SCRIPT_FILENAME    $request_filename;
                        fastcgi_pass php-handler;
                }

                location ~ ^/$ {
                        try_files $uri $uri/ index.html;
                }

Open in new window


Proxy:
     upstream lh9090 { server 127.0.0.1:9090; }


     server {
         listen 80; 
         server_name domainname;

         location ~ ^/service {
              # Forward WebSocket, if needed......
              proxy_http_version 1.1;
              proxy_set_header Upgrade $http_upgrade;
              proxy_set_header Connection $connection_upgrade;
              # forward request
              proxy_set_header Host $host;
              proxy_pass http://lh9090;
          }

           location ~ ^/owncloud {
# see owncloud for settings, they may depend on version and the presented config may interfere with other settings within a host.... and are far more complex.
# may i suggest using a different hostname for that....
           }

            location ~ ^/othersite {
                root /var/www/domainname/othersite;
            }
     } 

Open in new window

0
 
LVL 39

Expert Comment

by:noci
Comment Utility
it works, nothing heard back though.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Companies keep a much closer eye on costs today, so changing to new Technology – Microsoft Office 365 is the smartest move to take.
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now