Difference between revisions of "Nginx"
From wiki
(Created page with "{{Debian}}Nginx is a fast and powerful web server. == Install == <syntaxhighlight lang="shell"> apt install nginx-extras </syntaxhighlight> == Configure == === conf.d === T...") |
(Add gzip config) |
||
| Line 12: | Line 12: | ||
Create the following files: | Create the following files: | ||
| − | * /etc/nginx/conf.d/dns.conf<syntaxhighlight lang="nginx"> | + | * /etc/nginx/conf.d/dns.conf<syntaxhighlight lang="nginx" line="1"> |
# DNS resolver | # DNS resolver | ||
# It is required for OCSP Stapling. It might also be used if you use a hostname for upstream servers | # It is required for OCSP Stapling. It might also be used if you use a hostname for upstream servers | ||
| Line 19: | Line 19: | ||
#resolver 8.8.8.8 8.8.4.4; | #resolver 8.8.8.8 8.8.4.4; | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| − | * /etc/nginx/conf.d/ssl.conf<syntaxhighlight lang="nginx"> | + | */etc/nginx/conf.d/gzip.conf<syntaxhighlight lang="nginx" line="1"> |
| + | # Insert header "Vary: Accept-Encoding" in responses | ||
| + | # https://www.maxcdn.com/blog/accept-encoding-its-vary-important/ | ||
| + | gzip_vary on; | ||
| + | |||
| + | gzip_comp_level 6; | ||
| + | |||
| + | gzip_proxied any; | ||
| + | |||
| + | gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml; | ||
| + | </syntaxhighlight> | ||
| + | * /etc/nginx/conf.d/ssl.conf<syntaxhighlight lang="nginx" line="1"> | ||
These two settings are now included by default in nginx.conf | These two settings are now included by default in nginx.conf | ||
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | #ssl_protocols TLSv1 TLSv1.1 TLSv1.2; | ||
Revision as of 00:55, 31 December 2015
 Warning: | These instructions were only tested on Debian. It will probably work for other Linux distributions, but you might need to adapt the provided instructions. |
Nginx is a fast and powerful web server.
Install
apt install nginx-extras
Configure
conf.d
The conf.d folder stores shared configuration shared between all the sites hosted on your server.
Create the following files:
- /etc/nginx/conf.d/dns.conf
1# DNS resolver 2# It is required for OCSP Stapling. It might also be used if you use a hostname for upstream servers 3resolver 127.0.0.1; 4# If you don't have a DNS resolver on your machine you can use google public ones instead 5#resolver 8.8.8.8 8.8.4.4;
- /etc/nginx/conf.d/gzip.conf
1# Insert header "Vary: Accept-Encoding" in responses 2# https://www.maxcdn.com/blog/accept-encoding-its-vary-important/ 3gzip_vary on; 4 5gzip_comp_level 6; 6 7gzip_proxied any; 8 9gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;
- /etc/nginx/conf.d/ssl.conf
1These two settings are now included by default in nginx.conf 2#ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 3#ssl_prefer_server_ciphers on; 4 5ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES256-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!CAMELLIA:!SEED"; 6 7# Parameters for Diffie-Hellman handshake 8# Generate the file with the command: 9# openssl dhparam 2048 -out /etc/nginx/dh2048.pem 10ssl_dhparam /etc/nginx/dh2048.pem; 11 12# Support OSCP Stapling. Check that resolver from in dns.conf is working 13ssl_stapling on; 14ssl_stapling_verify on; 15ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt; 16 17# Support SSL session cache 18ssl_session_cache shared:NginxCache:50m; 19ssl_session_tickets off; # https://timtaubert.de/blog/2014/11/the-sad-state-of-server-side-tls-session-resumption-implementations/
Adding PHP
apt install php5-cli php5-fpm php5-apcu
