Nginx

From HackerNet
Revision as of 14:26, 21 December 2014 by Apache (talk | contribs)
Jump to: navigation, search

nginx är en lättviktig webbserver och proxy.

Installation 

sudo add-apt-repository ppa:nginx/stable && sudo apt-get update && sudo apt-get install nginx

Reverse Proxy

Nginx fungerar utmärkt som en reverse proxy för webbtrafik.

Exempel 

 server {
 listen 80;
 server_name sub.domän.se;
 location / {
 proxy_pass http://10.0.0.10:3000;
 include /etc/nginx/proxy_params;
 }
 }

HTTPS

Konfigurationsexempel med säkerhet i fokus 

 server {
 listen 443 ssl;
 server_name secure.domän.se;
 add_header Strict-Transport-Security max-age=15768000;
 add_header X-Frame-Options DENY;
 add_header X-Content-Type-Options nosniff;
 ssl_certificate         /path/to/cert.crt;
 ssl_certificate_key     /path/to/key.pem;
 ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!DSS:!RC4';
 ssl_prefer_server_ciphers on;
 ssl_dhparam /path/to/dhparam.pem;
 ...
 }

Redirect HTTP till HTTPS 

 server {
 listen      80;
 server_name domän.se;
 
 # 301 = permanent redirect, 302 = temporary redirect
 return 301  https://domän.se$request_uri;
 }

Redirect HTTP till HTTPS, ej standardport

Nginx har en egen HTTP-statuskod för detta. 

 server {
 listen      1234 ssl;
 server_name sub.domän.se;
 ...
 error_page  497 https://$host:1234$request_uri;
 ...
 }
Retrieved from "https://hackernet.se/index.php?title=Nginx&oldid=30"