[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now


Configuration in NGINX in raspberry

Posted on 2016-08-29
Medium Priority
Last Modified: 2016-09-21
I followed this tutorial http://www.avoiderrors.net/owncloud-raspberry-pi and it works fine.

Meanwhile I want a different configuration in my RPI; I want multiple sites and services running behind NGINX.

<RPI IP>/owncloud
<RPI IP>/othersite (inside folder /var/www)
<RPI IP>/service (reverse proxy to localhost:9090)

Can anyone help with this configuration?
Question by:Bruno Martins
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 40

Accepted Solution

noci earned 2000 total points (awarded by participants)
ID: 41779276
Here is a possible setup my looks a bit like it but i have a separate hostname (same ip address) for several services
to keep the configuration a bit sane.

nginx.conf    ( not complete.... may need more/other }
http {
        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        log_format main
                '$remote_addr - $remote_user [$time_local] '
                '"$request" $status $bytes_sent '
                '"$http_referer" "$http_user_agent" '
                '"$host" "$uri" "$request_filename" "$gzip_ratio"';

        client_header_timeout 10m;
        client_body_timeout 10m;
        client_max_body_size 10m;
        client_body_buffer_size 128k;

        send_timeout 10m;

        connection_pool_size 256;
        client_header_buffer_size 1k;
        large_client_header_buffers 4 2k;
        request_pool_size 4k;

        gzip on;
        gzip_min_length 1100;
        gzip_buffers 16 8k;
        gzip_types text/plain;
        gzip_disable "msie6";

        output_buffers 2 32k;
        postpone_output 1460;

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 75 20;

        ignore_invalid_headers on;
        proxy_connect_timeout 90;
        proxy_send_timeout 90;
        proxy_read_timeout 90;
        proxy_buffer_size 4k;
        proxy_buffers 4 32k;
        proxy_busy_buffers_size   64k;
        proxy_temp_file_write_size 64k;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_max_temp_file_size 0;

        ssl_session_timeout 5m;
        ssl_session_cache builtin:1000 shared:SSL:10m;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 ; # required by SNI
        #ssl_ciphers HIGH:!aNULL:!eNULL:!MD5:!RC4:!PSK:!DES;
        ssl_prefer_server_ciphers on;

        real_ip_header X-Forwarded-For;

        index index.php index.html index.htm;
        access_log /var/log/nginx/access_log combined buffer=32k flush=5m;
        error_log /var/log/nginx/error_log;

        fastcgi_cache_path /data/nginx-cache/ levels=1:2 keys_zone=OWNCLOUD:100m inactive=60m;

        map $request_uri $skip_cache {
                default 1;
                ~*/thumbnail.php 0;
                ~*/apps/galleryplus/ 0;
                ~*/apps/gallery/ 0;

        upstream php-handler { server fail_timeout=60s; }

        include /etc/nginx/nginx.d/*.conf ;

        server {
                listen 80;
                server_name _;
                root /var/www/localhost/htdocs/ ;
                index index.html;
                access_log      /var/log/nginx/access_unknown combined buffer=32k flush=5m;
                error_log       /var/log/nginx/error_unknown;
        server { 
                listen localhost:443 ssl; 
                server_name _;
                access_log      /var/log/nginx/access_unknown combined buffer=32k flush=5m;
                error_log       /var/log/nginx/error_unknown;
                include /etc/nginx/sslparams.inc ;
                ssl_certificate /etc/ssl/server/yourcert-cert.pem ;
                ssl_certificate_key /etc/ssl/server/yourcert-key.pem;

                # Path to the root of your installation
                root /var/www/localhost/htdocs/;
                index index.html;

Open in new window

sslparams:  these are separate to be able to easily adjust settings on a central place.
                ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
                #ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELIA:!DES:!MD5:!PSK:!RC4 ;
                ssl_prefer_server_ciphers on;
                #ssl_ciphers 'ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5';

                ssl_dhparam /etc/nginx/dhparam.pem ;
                ssl_session_timeout 180m;
                ssl_session_cache builtin:1000 shared:SSL:10m;
                # Before enabling Strict-Transport-Security headers please read into this topic first.
                add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";

Open in new window

and per service:
simple service conf:
        server { 
                listen 80; 
                server_name domainname ; 
                root /var/www/domainname/htdocs/ ;
                index index.html;

Open in new window

regular otherservice conf with https:
        server { listen 80; server_name domainname otherdomainname; return 301 https://domainname/$request_uri; } # enforce https

        server { 
                listen localhost:443 ssl; 
                server_name domainname otherdomainname ;   { whatever matches the certificate }
                ssl_certificate /etc/letsencrypt/live/domainname/fullchain.pem ; #   /etc/ssl/server/domainname.chain.pem ;
                ssl_certificate_key /etc/letsencrypt/live/domainname/privkey.pem;  #   /etc/ssl/server/domainname.key.pem;
                ssl_session_cache builtin:1000 shared:SSL:10m;
                include nginx.d/sslparams.inc ;
                # Path to the root of your installation
                root /var/www/domainname/htdocs/;

                client_max_body_size 1M; # set max upload size
                fastcgi_buffers 64 4K;
                proxy_set_header  Host domainname:443;

                location ~ ^/robots.txt {
                        allow all;
                        log_not_found off;
                        access_log off;

                location ~ (\.php) {                      ## Settings for my setup "
                        try_files $uri =404;
                        include fastcgi-php.conf;
                        fastcgi_index index.php;
                        fastcgi_keep_conn on;
                        fastcgi_split_path_info       ^(.+\.php)(.*)$;
                        fastcgi_param HTTP_PROXY "";
                        fastcgi_param PATH_INFO       $fastcgi_path_info;
                        fastcgi_param PATH_TRANSLATED    $request_filename;
                        #       fastcgi_param SCRIPT_FILENAME    $request_filename;
                        fastcgi_pass php-handler;

                location ~ ^/$ {
                        try_files $uri $uri/ index.html;

Open in new window

     upstream lh9090 { server; }

     server {
         listen 80; 
         server_name domainname;

         location ~ ^/service {
              # Forward WebSocket, if needed......
              proxy_http_version 1.1;
              proxy_set_header Upgrade $http_upgrade;
              proxy_set_header Connection $connection_upgrade;
              # forward request
              proxy_set_header Host $host;
              proxy_pass http://lh9090;

           location ~ ^/owncloud {
# see owncloud for settings, they may depend on version and the presented config may interfere with other settings within a host.... and are far more complex.
# may i suggest using a different hostname for that....

            location ~ ^/othersite {
                root /var/www/domainname/othersite;

Open in new window

LVL 40

Expert Comment

ID: 41808380
it works, nothing heard back though.
Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A customer recently asked me about anti-malware and the different deployment options available for his business. Daily news about cyberattacks, zero-day vulnerabilities, and companies that suffered a security breach made him wonder if the endpoint …
When it comes to security, close monitoring is a must. According to WhiteHat Security annual report, a substantial number of all web applications are vulnerable always. Monitis offers a new product - fully-featured Website security monitoring and pr…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question