Nginx

sudo systemctl status nginx
to check the status of nginx

/etc/nginx
configuration files

all configurations to be deployed in conf.d which is an empty folder.
Usually people make it in sites enabled and sites available.

Main:
Number of worker processes
username
process id (pid)
log location

Events

• Number of connections per worker process

Stream:

• TCP/UDP connection handling

HTTP:
Server block

• Can specify the location/path of the directory to be served when a request arrives
• include /etc/nginx/conf.d/.conf
  include /etc/nginx/sites-enabled/
• These 2 lines are included in the http block of nginx.conf

Upstream:

• used to create proxy

To create a server conf file, go to /etc/nginx/conf.d

• Create a .conf file with its name as the domain name
  <filename>.conf
• Create a server block
• try_files, listen, server_name, etc is called a directive

server{
listen 80 default_server;
root /var/www/cafe;

server_name _;

index index.htm index.html;

location /{
try_files $uri $uri/ = 404;
}
}

• sudo nginx -t
• to test if there is any errors in the configuration files
• sudo systemctl nginx reload
• to reload nginx configuration changes

To create domain name configuration add A record in domain name provider

server{
listen 80 default_server;
root /var/www/cafe;

server_name jobs.surajg.tech;

index index.htm index.html;

location /{
try_files $uri $uri/ = 404;
}
}

You can have multiple domains too like this

server_name jobs.surajg.tech hello.surajg.tech www.surajg.tech;

To create multiple domain hosting

• Create another configuration file in conf.d with domain name (convention, not mandatory)
• portfolio.surajg.tech.conf

server{
listen 80;
root /var/www/portfolio;

server_name portfolio.surajg.tech;

index index.htm index.html;

location /{
try_files $uri $uri/ = 404;
}
}

• Note the following
  • default_server is removed from listen directive, because there can be only 1 default_server, which works if nothing else works.
  • server_name is changed to respective domain name
  • rest remains the same, almost.
  • sudo nginx -t: to test
  • sudo systemctl reload nginx: to reload nginx conf.
  • The new server block works now

Basic authentication using nginx

• Used if a domain is under construction and allowed to be seen only by limited or developers only.
• Make a new conf file, dev.surajg.tech.conf in conf.d folder
• To generate a password we can use openssl or a dedicated tool called apache2utils
• To generate password use the following command from openssl:

sudo sh -c "echo -n 'codersgyan:' >> /etc/nginx/.htpasswwd"

sudo sh -c "openssl passwd -apr1 >> /etc/nginx/.htpasswd"

• It'll ask you to enter the password and verify it.

server{
listen 80;
root /var/www/dev;

server_name dev.surajg.tech;
auth_basic "Under development site"
auth_basic_user_file /etc/nginx/.htpasswd;

index index.htm index.html;

location /{
try_files $uri $uri/ = 404;
}
}

• Now there will be username and password in the site

To create authentication only in admin panel, use the following method

• Create an admin folder to serve

server{
listen 80;
root /var/www/dev;

server_name dev.surajg.tech;
auth_basic "Under development site"
auth_basic_user_file /etc/nginx/.htpasswd;

index index.htm index.html;

location /{
auth_basic off;
try_files $uri $uri/ = 404;
}

location /admin {
try_files $uri $uri/ = 404;
}
}

• auth_basic is set to off in normal block.
• And in admin block it is not turned off, so now the authentication happens only in /admin.

sudo nginx -T : to print the whole configuration content

Reverse Proxy

• Create another endpoint in domain.
• Create a node server and run it on port 8000.
• sudo nginx -t
• sudo systemctl reload nginx
• Now you can access nodejs on the browser.

upstream backend{
server localhost:8000;
}

server{
listen 80;
server_name api.surajg.tech;
location /{
proxy_pass http://backend;
}
}

Load Balancing

• Create another server localhost:8001 in upstream block;
• Now when you refresh the browser, everytime, an alternative port is requested.
• This is used to tell the browser not to store any cache of the site.

add_header Cache-Control no-store;

upstream backend{
server localhost:8000;
server localhost:8001;
}

server{
listen 80;
server_name api.surajg.tech;
location /{
add_header Cache-Control no-store;
proxy_pass http://backend;
}
}

• You want to unequally load balance, as in, if you want a server to take 3 request and another server just 1 request. Then use weight.

server localhost:8000 weight=3;

upstream backend{
server localhost:8000 weight=3;
server localhost:8001 weight=2;
}

server{
listen 80;
server_name api.surajg.tech;
location /{
add_header Cache-Control no-store;
proxy_pass http://backend;
}
}

• To create a backup server, that is, if a server is down and not working, then nginx must use a backup server, to achieve that, use the following.

server localhost:8001 backup;

upstream backend{
server localhost:8000;
server localhost:8001 backup;
}

server{
listen 80;
server_name api.surajg.tech;
location /{
add_header Cache-Control no-store;
proxy_pass http://backend;
}
}

• Now all the requests will be taken by 8000, until it is down.
• And to wantedly bring down a server, use the following command.

server localhost:8000 down;