NGINX

Aug 17th, 2019

Setup reverse proxy with NGINX

Start by installing the NGINX HTTP server using

apt-get install nginx

Once NGINX is installed, create the following configuration file in /etc/nginx/sites-available/glassfish.conf:

vim /etc/nginx/sites-available/glassfish.conf

upstream glassfish { 
  server 127.0.0.1:8080 weight=100 max_fails=5 fail_timeout=5;
}

server {
  listen          80;
  server_name     domain.tld;
 
  location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://glassfish/appname/;
  }
}

Next, navigate to /etc/nginx/sites-enabled and create a symbolic link to the glassfish.conf configuration file you just created:

cd /etc/nginx/sites-enabled
ln -s /etc/nginx/sites-available/glassfish.conf

Now, check if Nginx configuration syntax is OK by running:

nginx -t

and restart and enable NGINX on your virtual server startup using:

service nginx restart
update-rc.d -f nginx enable

NGINX multiple server blocks

Create separately two files (you don’t have to, but it will be much clearer) in /etc/nginx/sites-available/www.example.com and /etc/nginx/sites-available/www.example.net.

As an example to redirect the second one to the first one

server {
  listen        80;
  server_name   www.example.net;
  return  301   http://www.example.com/;
}

SSL/TLS Certificate

Installing SSL/TLS Certificate

Install certbot

apt-get install python-certbot-nginx

Generate certificates with the NGINX plug‑in

sudo certbot --nginx -d example.com -d www.example.com

verify the syntax of the configuration and restart NGINX

nginx -t && nginx -s reload

Automatically Renew Certificates

Open the crontab file

crontab -e

Add the certbot command to run every day at noon. The command checks to see if the certificate on the server will expire within the next 30 days, and renews it if so. The –quiet directive tells certbot not to generate output.

0 12 * * * /usr/bin/certbot renew --quiet

Save and close the file. All installed certificates will be automatically renewed and reloaded.

Stop and Remove

#to stop
sudo service nginx stop
#to remove (removes all package files)
sudo apt-get remove nginx
#or (removes all package files and the configuration files that package had installed)
sudo apt-get purge nginx

Errors

413 Request Entity Too Large

Solution: Increase client_max_body_size. Default is 1M.

You can update this value by three different way

Set in http block which affects all server blocks (virtual hosts).

http {
    ...
    client_max_body_size 100M;
}

Set in server block, which affects a particular site/app.

server {
    ...
    client_max_body_size 100M;
}

Set in location block, which affects a particular directory (uploads) under a site/app.

location /uploads {
    ...
    client_max_body_size 100M;
}