Cancel

Nginx Cheatsheets

Nginx Cheatsheets

Its a web server, 2.5 times quicker than Apache. Apache uses a process-driven approach and creates a new thread for each request. Whereas NGINX uses an event-driven architecture to handle multiple requests within one thread. High Performance, High Concurrency, Low Resource Usage. Offical Docs

1
2
3
4
ls -l /etc/nginx/
nginx -h # get help
nginx -t # test site config
tail -n 1 /var/log/nginx/error.log # to see last line of error.log

Create a simple proxy server

Create a site call local.dev and paste following code init, enable local.dev site and restart nginx.

  1. sudo vim /etc/nginx/sites-available/local.dev
  2. sudo ln -sf /etc/nginx/sites-available/local.dev /etc/nginx/sites-enabled/
  3. sudo echo "127.0.0.1 local.dev" >> /etc/hosts
  4. nginx -t
  5. sudo systemctl restart nginx or nginx -s reload

code for local.dev

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
# 301 = Permanently, 302 = Temporarily
# redirect http to https
server {
	listen 80 default_server;
  listen [::]:80 default_server;
	server_name _; # This is just an invalid value which will never trigger on a real hostname.
  access_log /var/log/nginx/access.log;
  error_log /var/log/nginx/error.log;
  # return 302 https://$host$request_uri;
	return 503;
}

upstream local_dev {
  server 127.0.0.1:80;
}

server {
  listen [::]:443 ssl ipv6only=on;
  listen 443 ssl http2;
  server_name local.dev;

  root /var/www/html;
  index index.html index.nginx-debian.html;

  access_log /var/log/nginx/local.dev.access.log;
  error_log /var/log/nginx/local.dev.error.log;

  autoindex off;
  server_tokens off;

  add_header X-Frame-Options SAMEORIGIN;
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
  add_header X-Content-Type-Options nosniff;
  add_header X-XSS-Protection "1; mode=block";
  # add_header Referrer-Policy "no-referrer-when-downgrade";
  # add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'";

  # enable if letsencrypt
  # ssl_certificate /etc/letsencrypt/live/local.dev/fullchain.pem;
  # ssl_certificate_key /etc/letsencrypt/live/local.dev/privkey.pem;
  # include /etc/letsencrypt/options-ssl-nginx.conf;
  # ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

  # enable if mkcert for localhost
  # ssl_certificate /etc/nginx/ssl/local.dev/cert.pem;
  # ssl_certificate_key /etc/nginx/ssl/local.dev/key.pem;

  # enable if certbot verification were failed with other options
  # location /.well-known/acme-challenge/ {
  #   root /letsencrypt/;
  #   default_type "text/plain";
  #   # try_files $uri =404;
  #   # break;
  # }

  location / {
    try_files $uri $uri/ @app =404;
  }

  location @app {
    proxy_pass https://local_dev;
    proxy_hide_header X-Powered-By;
    proxy_set_header Host $http_host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
}