Nginx web server configuration with SSL

About

Nginx is an HTTP server as well as a Proxy (IMAP/POP3 and reverse) written to address the C10K problem and handle more efficiently client requests. Nginx doesn't rely on threads to handle requests. Instead it uses a much more scalable event-driven (asynchronous) architecture. This architecture uses small, but more importantly, predictable amounts of memory under load.

Installation

sudo apt-get install nginx
ifconfig eth0 | grep inet | awk '{ print $2 }'
sudo service nginx start
update-rc.d nginx defaults

General conf: All Nginx configuration files are located in the /etc/nginx/ directory. The primary configuration file is /etc/nginx/nginx.conf.

Serving

You can find the default nginx serving directory under:

/srv/www/example.com/public_html/index.html

Using Nginx as a Proxy

server {
    # Catch all the requests comming to db01.example.com"
    server_name db01.example.com "";
    listen 109.200.XX.XXX:4040;

    gzip             on;
        gzip_min_length  2000;
        gzip_proxied     any;
        gzip_types       text/html application/json;

        proxy_read_timeout 60s;
        client_max_body_size 64M;


    
        ################################
        # Panagiotis Auth Config Rules #
        ################################
        allow 109.200.XX.XXX; #example.com
        deny all;

        # try serving static files directly
        location ~ /\+f/ {
            error_page 418 = @proxy_to_app;
            if ($request_method != GET) {
                return 418;
            }
            expires max;
            try_files /+files$uri @proxy_to_app;
        }
        # try serving docs directly
        location ~ /\+doc/ {
            try_files $uri @proxy_to_app;
        }
        location / {
            error_page 418 = @proxy_to_app;
            return 418;
        }
        location @proxy_to_app {
        

                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.

        # try_files $uri $uri/ /index.html;
        proxy_pass http://localhost:4040;

                # Uncomment to enable naxsi on this location
                # include /etc/nginx/naxsi.rules

        proxy_set_header X-outside-url $scheme://$host:$server_port;
            proxy_set_header X-Real-IP $remote_addr;
            expires -1;  # no-cache
        }

    #location / {
        #   proxy_pass http://localhost:8080/;
        #}
    }

Enable directory Listing

Enabling directory listing in a folder in nginx is simple enough with just an autoindex on;directive inside the location directive. You can also enable sitewide directory listing by putting it in the server block or even enable directory access for all sites by putting it in the http block.

server {
    server_name db01.example.com "";
    listen 4141;
    gzip             on;
        gzip_min_length  2000;
        gzip_proxied     any;
        gzip_types       text/html application/json;

        proxy_read_timeout 60s;
        client_max_body_size 64M;

    #Path to requirement files
        root   /usr/share/nginx/devpi-requirements/;

    ################################
    # panagiotis Auth Config Rules #
    ################################
    allow all;

    location / {
               #index  index.php index.html index.htm;
           try_files $uri $uri/ /index.html index.php;
           autoindex on;
        }
        #location /somedir {
        #       autoindex on;
        #}
    }

How To Create a self-signed SSL Certificate on Nginx

TLS, or transport layer security, and its predecessor SSL, which stands for secure sockets layer, are web protocols used to wrap normal traffic in a protected, encrypted wrapper. A self-signed certificate will not validate the identity of your server for your users since it is not signed by one of their web browser's trusted certificate authorities, but it will allow you to encrypt communications with your web clients. We can start off by creating a directory that will be used to hold all of our SSL information. We should create this under the Nginx configuration directory:

sudo mkdir /etc/nginx/ssl

Now that we have a location to place our files, we can create the SSL key and certificate files in one motion by typing:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

The command output will look something like this:

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:New York City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Bouncy Castles, Inc.
Organizational Unit Name (eg, section) []:Ministry of Water Slides
Common Name (e.g. server FQDN or YOUR name) []:your_domain.com
Email Address []:admin@your_domain.com
Both of the files you created will be placed in the /etc/nginx/ssl directory.

Adding extra nginx configuration

The only thing we would need to do to get SSL working on this same server block, while still allowing regular HTTP connections, is add a these lines in the nginx configuration file:

listen 443 ssl;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
sudo service nginx restart

This should reload your site configuration, now allowing it to respond to both HTTP and HTTPS (SSL) requests.

Your site should now have SSL functionality. To test both HTTP and HTTPS functionality open a web browser and visit your server's domain name or IP address:

http://server_domain_or_IP
https://server_domain_or_IP
https://server_domain_or_IP:443

References

https://www.linode.com/docs/websites/nginx/basic-nginx-configuration

https://www.digitalocean.com/community/tutorials/how-to-create-an-ssl-certificate-on-nginx-for-ubuntu-14-04

Got more questions or comments? Drop me a private message.