nginx

Installation

sudo add-apt-repository ppa:nginx/stable
sudo aptitude update
sudo aptitude install nginx

Le service

sudo service nginx status
sudo service nginx configtest

Configuration d’un site

server {
    listen 80;

    root /home/sites/test/www;
    index index.php index.html index.htm;

    server_name test.domain.com;

    gzip              on;
    gzip_buffers      16 8k;
    gzip_comp_level   4;
    gzip_http_version 1.0;
    gzip_min_length   1280;
    gzip_types        text/plain text/css application/x-javascript application/javascript text/xml application/xml application/xml+rss text/javascript image/x-icon image/bmp;
    gzip_vary         on;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to index.html
        try_files $uri $uri/ /index.html;

        # Taille max d'un upload
        client_max_body_size 10M;

        # Hide the version number
        server_tokens off;
    }

    location /test {
        expires       0;
        add_header    Cache-Control  private;
    }
}

Support de PHP

sudo add-apt-repository ppa:brianmercer/php
sudo aptitude update && sudo aptitude install php5-fpm

Configuration de PHP FPM

Vérifier /etc/php5/fpm/pool.d/www.conf :

[www]
listen = 127.0.0.1:9000
user = www-data
group = www-data

Modifier la configuration du site

location ~ .php$ {
    fastcgi_pass 127.0.0.1:9000;
    include /etc/nginx/fastcgi_params;
    fastcgi_index index.php;
}

Authentification

http://wiki.nginx.org/HttpAuthBasicModule

location  /  {
    auth_basic            "Restricted";
    auth_basic_user_file  /path/to/htpasswd;
}

Rewrite

http://wiki.nginx.org/HttpRewriteModule
http://winginx.com/htaccess

location / {
    rewrite ^/$ /index.php break;
    if (!-e $request_filename){
        rewrite ^(.*)$ /index.php/$1 break;
    }
}

location = /index.php {
    rewrite ^(.*)$ /index.php;
}

Pour Wordpress

server {
    listen 80;

    root /home/sites/curation.neolao.com/www;
    server_name curation.neolao.com;
    index index.php;

    if (!-e $request_filename){
        rewrite ^(.*)$ /index.php/$1 break;
    }

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    # catch all
    error_page 404 /index.php;

    location ~ .php$ {
        fastcgi_pass 127.0.0.1:9000;
        include /etc/nginx/fastcgi_params;
        #fastcgi_param   SERVER_NAME             $server_name;
        #fastcgi_param   SERVER_NAME             curation.neolao.com;
        #fastcgi_param   HTTP_HOST               curation.neolao.com;
        #fastcgi_param   SCRIPT_FILENAME         $document_root$fastcgi_script_name;
        fastcgi_index index.php;
    }
}

Proxy

http://wiki.nginx.org/HttpProxyModule

location / {
    proxy_set_header    X-Real-IP  $remote_addr;
    proxy_set_header    X-Forwarded-For $remote_addr;
    proxy_set_header    Host $host;
    proxy_pass          http://localhost:8080;
    proxy_redirect      off;
}

# Example 1 - Specify a folder and it's content to serve everything under /css from Nginx-only
location /css { }

# Example 2 - Specify a RegEx pattern such as file extensions
# Serve certain files directly from Nginx
location ~* ^.+\.(jpg|jpeg|gif|png|css|zip|pdf|txt|js|flv|swf|html|htm)$
{
    # this will basically match any file of the above extensions
    # course if the file does not exist you'll see an Nginx error page as opposed
    # to apache's own error page. 
}

Autoriser le listing des dossiers

location / {
    autoindex on;
}

HTTPS

server {
    listen 443;
    server_name domain.com;

    # SSL
    ssl on;
    ssl_certificate         /etc/nginx/ssl/domain.com-public.crt;
    ssl_certificate_key     /etc/nginx/ssl/domain.com-private.key;

    # Remember this setting for 365 days
    add_header Strict-Transport-Security max-age=31536000;

    # Deny the content to be framed
    add_header X-Frame-Options DENY;

    location / {
        root    /home/www/;
        index   index.php index.html index.htm;
    }
}

Forcer le HTTPS

server {
    listen 80;

    root /path/to/root;
    server_name domain.com;

    rewrite ^(.*) https://$host$1 permanent;
}
server {
    listen 443 ssl;

    root /path/to/root;
    server_name domain.com;

    ...
}

Combiner le certificat public avec celui du fournisseur

cat domain.com-public.crt gandi.crt >> domain.com-chained.crt

Load balancer avec failover

upstream toto {
    server localhost:1337;
    server 123.123.123.123:80 backup;
}

server {
    listen 80;

    server_name plop.com;

    gzip on;

    location / {
        proxy_set_header        X-Real-IP  $remote_addr;
        proxy_set_header        X-Forwarded-For $remote_addr;
        proxy_set_header        Host $host;
        proxy_pass              http://toto;
    }
}

autoindex

autoindex on;
autoindex_exact_size off;
autoindex_localtime on;

Créer une page de maintenance

Capturer le 502 Bad Gateway quand l’application est indisponible via proxy pass

location / {
    proxy_pass   http://localhost:1337;
    error_page   502 =200 @maintenance;
}
location @maintenance {
    root /path/to/files/maintenance;
    try_files $uri /index.html =503;
}

Forcer le téléchargement

location ~ ^.*/(?P<request_basename>[^/]+\.(avi))$ {
    add_header Content-Disposition 'attachment; filename="$request_basename"';
}

Forcer le content type

location ~ \.log$ {
    default_type text/plain;
}

UTF-8

Dans /etc/nginx/nginx.conf, ajouter dans http :

charset UTF-8;

Erreur “upstream sent too big header while reading response header from upstream”

Le Buffer du FastCGI n’est pas assez grand, il faut mettre :

fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;

Affichage d’un fichier en local ou distant

location ~ ^/images/(.*)$ {
    try_files $uri /app_dev.php/images/$1 @remote;
}
location @remote {
    proxy_pass https://my.website.com;
}