Nginx

From wiki
Revision as of 00:55, 31 December 2015 by Vincent (talk | contribs) (Add gzip config)
Warning Warning: These instructions were only tested on Debian. It will probably work for other Linux distributions, but you might need to adapt the provided instructions.

Nginx is a fast and powerful web server.

Install

apt install nginx-extras

Configure

conf.d

The conf.d folder stores shared configuration shared between all the sites hosted on your server.

Create the following files:

  • /etc/nginx/conf.d/dns.conf
    1# DNS resolver
2# It is required for OCSP Stapling. It might also be used if you use a hostname for upstream servers
3resolver 127.0.0.1;
4# If you don't have a DNS resolver on your machine you can use google public ones instead
5#resolver 8.8.8.8 8.8.4.4;
  • /etc/nginx/conf.d/gzip.conf
    1# Insert header "Vary: Accept-Encoding" in responses
2# https://www.maxcdn.com/blog/accept-encoding-its-vary-important/
3gzip_vary on; 
4
5gzip_comp_level 6;
6
7gzip_proxied any;
8
9gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml;
  • /etc/nginx/conf.d/ssl.conf
     1These two settings are now included by default in nginx.conf
 2#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 3#ssl_prefer_server_ciphers on;
 4
 5ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES256-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!CAMELLIA:!SEED";
 6
 7# Parameters for Diffie-Hellman handshake
 8# Generate the file with the command:
 9#    openssl dhparam 2048 -out /etc/nginx/dh2048.pem
10ssl_dhparam /etc/nginx/dh2048.pem;
11
12# Support OSCP Stapling. Check that resolver from in dns.conf is working
13ssl_stapling on;
14ssl_stapling_verify on;
15ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt;
16
17# Support SSL session cache
18ssl_session_cache shared:NginxCache:50m;
19ssl_session_tickets off; # https://timtaubert.de/blog/2014/11/the-sad-state-of-server-side-tls-session-resumption-implementations/

Adding PHP

apt install php5-cli php5-fpm php5-apcu
Retrieved from ‘https://wiki.meurisse.org/index.php?title=Nginx&oldid=18