General configuration

Managing server entries

It is possible to put different server blocks in different files. This allows you to easily enable or disable certain sites.

1
2

# mkdir /etc/nginx/sites-available
# mkdir /etc/nginx/sites-enabled

Create a file inside the sites-available directory that contains one or more server blocks:

1
2
3
4

/etc/nginx/sites-available/example
server {
    ..
}

Append the following line at the end of the http block in /etc/nginx/nginx.conf:

1

include sites-enabled/*;

To enable a server block, simple create a symlink:

1

# ln -s /etc/nginx/sites-available/example /etc/nginx/sites-enabled/example

To remove a server:

1

# unlink /etc/nginx/sites-enabled/example

Reload/restart nginx.service to enable the new configuration.

TLS/SSL

Configuration example

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74

upstream sample-backend {
    server 192.168.24.43:8000 fail_timeout=0 weight=2;
    server 127.0.0.1:8000 fail_timeout=0 weight=2;
}


server {

    location /images/ {
        root /data;
    }
    
    location /portal/ {
        proxy_set_header X-Forwarded-Proto      $http_x_forwarded_proto;
        proxy_set_header X-Forwarded-Port      $http_x_forwarded_port;
        proxy_set_header X-Forwarded-For      $http_x_forwarded_for;
        
        # newrelic-specific header records the time when nginx handles a request.
        proxy_set_header X-Queue-Start "t={msec}";
        
        proxy_redirect off;
        proxy_pass http://192.168.3.104:18381;
    }
    
    location /subportal/ {
        proxy_set_header X-Forwarded-Proto      $http_x_forwarded_proto;
        proxy_set_header X-Forwarded-Port      $http_x_forwarded_port;
        proxy_set_header X-Forwarded-For      $http_x_forwarded_for;
        
        # newrelic-specific header records the time when nginx handles a request.
        proxy_set_header X-Queue-Start "t={msec}";
        
        proxy_redirect off;
        proxy_pass http://159.138.1.223:8080;
    }
    
    location /catalog/ {
	    proxy_set_header X-Forwarded-Proto      $http_x_forwarded_proto;
            proxy_set_header X-Forwarded-Port      $http_x_forwarded_port;
            proxy_set_header X-Forwarded-For      $http_x_forwarded_for;

            # newrelic-specific header records the time when nginx handles a request.
            proxy_set_header X-Queue-Start "t={msec}";

            proxy_redirect off;
            #notice append backslash will no include catalog
            proxy_pass http://localhost:18381/;  
    }
    
    location @proxy_to_sample_app {
        proxy_set_header X-Forwarded-Proto      $http_x_forwarded_proto;
        proxy_set_header X-Forwarded-Port      $http_x_forwarded_port;
        proxy_set_header X-Forwarded-For      $http_x_forwarded_for;
        
        # newrelic-specific header records the time when nginx handles a request.
        proxy_set_header X-Queue-Start "t={msec}";
        
        proxy_redirect off;
        # distribute requests among worker processes in sample-backend.
        proxy_pass http://sample-backend;
    }
    
    location / {
        try_files $uri @proxy_to_sample_app;
    }
    
    location ~^/media/(?<file>.*) {
        root /path/to/media;
        try_files /$file=404;
        add_header Access-Control-Allow-Origin *;
        expires 130924304s;
    }
    
}