nginx

Nginx (engine x) is is a HTTP and reverse proxy server.

Installation

Debian

A recent version of nginx is prepackaged on nginx.org for Debian 6.0 Squeeze:

Squeeze :

deb http://nginx.org/packages/debian/ squeeze nginx
deb-src http://nginx.org/packages/debian/ squeeze nginx

Ubuntu

The latest stable version of nginx is prepackaged on nginx.org for Ubuntu 10.04 LTS:

deb http://nginx.org/packages/ubuntu/ lucid nginx
deb-src http://nginx.org/packages/ubuntu/ lucid nginx

On Ubuntu 12.04 LTS a recent version is found in the repository:

# sudo apt-get update
# sudo apt-get install nginx

Configuration

The nginx configuration is located at /etc/nginx/ under Debian/Ubuntu. It is recommended to add for each website a separate configuration file under /etc/nginx/site-available/ (like Apache2). To enable a certain website (or configuration file), a symbolic link must created:

# ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/exmaple.com

Afterwards nginx must be reloaded:

Debian:

# /etc/init.d/nginx reload

Ubuntu:

# service nginx reload

Name-based virtual servers

server {
    listen       80;
    server_name  nginx.org  www.nginx.org;
    ...
}

server {
    listen       80;
    server_name  nginx.net  www.nginx.net;
    ...
}

server {
    listen       80;
    server_name  nginx.com  www.nginx.com;
    ...
}

IP-based virtual servers

server {
    listen       10.0.0.1:80;
    ...
}

server {
    listen       10.0.0.2:80;
    ...
}

HTTPS (SSL) virtual servers

server {
    listen       443 default ssl;

    ssl_certificate /path/to/certificate.crt;
    ssl_certificate_key /path/to/certificate.key;

    ssl_session_timeout 5m;
    ssl_protocols SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_prefer_server_ciphers on;

    # Use HTTP Strict Transport Security to force client to use secure connections only
    add_header Strict-Transport-Security "max-age=2592000; includeSubdomains";
    ...
}

Nginx allows to use the same configuration for HTTP and HTTPS virtual server. The web server differentiate the SSL and the non-SSL port via the default ssl option:

server {
    listen       80;
    listen       443 default ssl;
    ...
}

See Also

External Links

published on 09 May 2012

written by Martin Hauser

contact
about me

I'm a system engineer and developer from Vienna, Austria.