Nginx
Run in Docker
sudo docker pull nginx
sudo docker run --name my-nginx -p 8080:80 -v /some/content:/usr/share/nginx/html:ro -d nginx
sudo chmod -R 755 /some/content
Install Nginx on CentOS 8
1. Update the System:
First, update your system to ensure all packages are up to date.
sudo dnf update -y
2. Add the Nginx Repository
CentOS 8 doesn't include the latest Nginx packages in its default repositories. To get the latest version, add the official Nginx repository.
Create a repository file for Nginx:
sudo nano /etc/yum.repos.d/nginx.repo
Add the following content to the file:
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
The nginx-stable repository is enabled by default, while the nginx-mainline repository is not. You can enable the nginx-mainline repository by setting enabled=1 if you prefer to use the mainline version of Nginx.
3. Install Nginx:
Install Nginx using the dnf package manager.
sudo dnf install nginx -y
4. Start and Enable Nginx:
Once the installation is complete, start the Nginx service and enable it to start on boot.
sudo systemctl start nginx
sudo systemctl enable nginx
5. Verify Nginx Installation:
You can verify that Nginx is running by checking its status.
sudo systemctl status nginx
6. Adjust Firewall Settings:
If you have a firewall enabled, you'll need to allow traffic on HTTP (port 80) and HTTPS (port 443) ports.
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload
Configuration for static website based on framework
server {
listen 80;
server_name yourdomain.com;
root /var/www/angular-app;
index index.html;
location / {
try_files $uri /index.html;
}
error_page 404 /index.html;
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
}
Logs
sudo tail -f /var/log/nginx/error.log
Distribute Domains to Ports
server {
listen 80;
server_name domain1.com;
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
server_name domain2.com;
location / {
proxy_pass http://localhost:8081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Use map:
http {
map $host $backend {
default localhost:80;
domain1.com localhost:8080;
domain2.com localhost:8081;
}
server {
listen 80;
location / {
proxy_pass http://$backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
Certificate in Nginx
1. Obtain an SSL/TLS Certificate
You can obtain a certificate from a Certificate Authority (CA) like Let's Encrypt, which provides free SSL/TLS certificates. Using Certbot, you can automate the process of obtaining and renewing certificates
Install Certbot:
sudo dnf install certbot python3-certbot-nginx -y
Obtain a Certificate:
Replace your_domain.com with your actual domain name.
sudo certbot --nginx -d your_domain.com
Follow the prompts to complete the certificate issuance process. Certbot will automatically configure Nginx for SSL.
2. Manually Configuring Nginx with an SSL/TLS Certificate
If you have an existing certificate or need to configure it manually, follow these steps:
Create a Configuration File for Your Site:
sudo nano /etc/nginx/conf.d/your_domain.conf
Add SSL Configuration:
Replace your_domain.com with your actual domain name and specify the paths to your certificate and key files.
server {
listen 80;
server_name your_domain.com;
return 301 https://$host$request_uri; # Redirect HTTP to HTTPS
}
server {
listen 443 ssl;
server_name your_domain.com;
ssl_certificate /etc/letsencrypt/live/your_domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your_domain.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
location / {
proxy_pass http://backend_server; # Change to your backend application address
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
3. Configure Firewall
Ensure your firewall allows HTTPS traffic:
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload
4. Test and Reload Nginx
Test Nginx Configuration:
sudo nginx -t
Reload Nginx to Apply Changes:
sudo systemctl reload nginx
Q&A
Error about socket 80
nginx: [emerg] socket() [::]:80 failed (97: Unknown error)
Nginx try to listen the IPV6 [::]:80. Comment below line from the configuration /etc/nginx/sites-available/default.
# listen [::]:80 default_server;
Permission denied
Let www-data user have the permission to read the folder.
sudo chown -R www-data:www-data /your/site
sudo chmod 755 /your/site
If you still have same error, maybe your path under some user home folder. You should change the home folder permission.
sudo chown -R username:www-data /home/username
sudo chmod -R 750 /home/username
sudo chmod -R 755 /home/username/public_html