ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Install Nginx as a Reverse Proxy on Fedora 27

    Scheduled Pinned Locked Moved IT Discussion
    nginxfedoracertbotfedora 27reverse proxyguidesreal instructionshow to
    107 Posts 16 Posters 30.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Alex Sage @wirestyle22
      last edited by

      @wirestyle22 You learn something new everyday! This is what I learned 🙂

      wirestyle22W 1 Reply Last reply Reply Quote 0
      • wirestyle22W
        wirestyle22 @Alex Sage
        last edited by wirestyle22

        @aaronstuder Can you paste the edit to the server block? I'd like to see what it looks like after --redirect is run

        A 1 Reply Last reply Reply Quote 0
        • A
          Alex Sage @wirestyle22
          last edited by

          @wirestyle22

          server {
                  client_max_body_size 40M;
                  server_name domain.com;
          
                  location / {
                          proxy_set_header X-Real-IP $remote_addr;
                          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                          proxy_set_header Host $http_host;
                          proxy_set_header X-NginX-Proxy true;
                          proxy_pass http://10.157.95.208:80;
                          proxy_redirect off;
                  }
          
              listen 443 ssl; # managed by Certbot
              ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; # m$
              ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; #$
              include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
              ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
          
          server {
              if ($host = domain.com) {
                  return 301 https://$host$request_uri;
              } # managed by Certbot
          
          
                  listen 80;
                  server_name domain.com;
              return 404; # managed by Certbot
          
          
          }
          
          
          ObsolesceO 1 Reply Last reply Reply Quote 1
          • ObsolesceO
            Obsolesce @Alex Sage
            last edited by

            @aaronstuder Hmm, looks like mine but I didn't use the --redirect.

            A 1 Reply Last reply Reply Quote 0
            • A
              Alex Sage @Obsolesce
              last edited by

              @obsolesce Maybe you adding it manually?

              1 Reply Last reply Reply Quote 0
              • wirestyle22W
                wirestyle22
                last edited by

                It's standard. Only part you shouldn't have is the commented out parts.

                1 Reply Last reply Reply Quote 0
                • JaredBuschJ
                  JaredBusch @wirestyle22
                  last edited by

                  @wirestyle22 said in Install Nginx as a Reverse Proxy on Fedora 27:

                  @JaredBusch This is from the Nginx website under pitfalls and common mistakes. I read that return's are much faster than rewrites due to not needing to evaluate RegEx(?) which is why you see return listed as a better option. I know you use rewrite and there's a lot you know that I don't so I was just wondering why that is your preference

                  0_1536070111587_Capture.PNG

                  I updated the OP to reflect this.

                  Using the return 301 https://$host$request_uri; style.

                  1 Reply Last reply Reply Quote 5
                  • brandon220B
                    brandon220
                    last edited by

                    What is a good "size" for a VM that is strictly a reverse proxy? Would 20Gb be sufficient as it is not storing any data other than log files?

                    wirestyle22W scottalanmillerS 2 Replies Last reply Reply Quote 0
                    • wirestyle22W
                      wirestyle22 @brandon220
                      last edited by wirestyle22

                      @brandon220 said in Install Nginx as a Reverse Proxy on Fedora 27:

                      What is a good "size" for a VM that is strictly a reverse proxy? Would 20Gb be sufficient as it is not storing any data other than log files?

                      Yes. 15-20 GB is enough to run with a minimal install.

                      1 Reply Last reply Reply Quote 1
                      • scottalanmillerS
                        scottalanmiller @brandon220
                        last edited by

                        @brandon220 said in Install Nginx as a Reverse Proxy on Fedora 27:

                        What is a good "size" for a VM that is strictly a reverse proxy? Would 20Gb be sufficient as it is not storing any data other than log files?

                        Likely just fine. I use 24GB for small servers like this. And 32GB for the big ones.

                        1 Reply Last reply Reply Quote 1
                        • scottalanmillerS
                          scottalanmiller
                          last edited by

                          I thin provision, so a little extra is no problem for me.

                          wirestyle22W 1 Reply Last reply Reply Quote 1
                          • wirestyle22W
                            wirestyle22 @scottalanmiller
                            last edited by

                            @scottalanmiller Yeah, thin provisioning makes sense for something like this for sure

                            coliverC 1 Reply Last reply Reply Quote 0
                            • coliverC
                              coliver @wirestyle22
                              last edited by

                              @wirestyle22 said in Install Nginx as a Reverse Proxy on Fedora 27:

                              @scottalanmiller Yeah, thin provisioning makes sense for something like this for sure

                              For almost everything thin provisioning makes sense. I'm sure there is an exception to the rule but I can't think of one off the top of my head.

                              black3dynamiteB 1 Reply Last reply Reply Quote 0
                              • black3dynamiteB
                                black3dynamite @coliver
                                last edited by

                                @coliver said in Install Nginx as a Reverse Proxy on Fedora 27:

                                @wirestyle22 said in Install Nginx as a Reverse Proxy on Fedora 27:

                                @scottalanmiller Yeah, thin provisioning makes sense for something like this for sure

                                For almost everything thin provisioning makes sense. I'm sure there is an exception to the rule but I can't think of one off the top of my head.

                                Databases?

                                scottalanmillerS 1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @black3dynamite
                                  last edited by

                                  @black3dynamite said in Install Nginx as a Reverse Proxy on Fedora 27:

                                  @coliver said in Install Nginx as a Reverse Proxy on Fedora 27:

                                  @wirestyle22 said in Install Nginx as a Reverse Proxy on Fedora 27:

                                  @scottalanmiller Yeah, thin provisioning makes sense for something like this for sure

                                  For almost everything thin provisioning makes sense. I'm sure there is an exception to the rule but I can't think of one off the top of my head.

                                  Databases?

                                  That would generally be it. HOWEVER, I normally put my DB on thin provisioning and have a separate, dedicated storage just for the data (DB files) which is thick provisioned.

                                  Or if on Scale, the main storage gets a low HEAT score and the dedicated DB files gets set to 11.

                                  coliverC JaredBuschJ 2 Replies Last reply Reply Quote 0
                                  • coliverC
                                    coliver @scottalanmiller
                                    last edited by

                                    @scottalanmiller said in Install Nginx as a Reverse Proxy on Fedora 27:

                                    Or if on Scale, the main storage gets a low HEAT score and the dedicated DB files gets set to 11.

                                    0_1541091341008_36604316-34ff-4509-bead-9c9b3533d798-image.png

                                    1 Reply Last reply Reply Quote 1
                                    • JaredBuschJ
                                      JaredBusch @scottalanmiller
                                      last edited by

                                      @scottalanmiller said in Install Nginx as a Reverse Proxy on Fedora 27:

                                      @black3dynamite said in Install Nginx as a Reverse Proxy on Fedora 27:

                                      @coliver said in Install Nginx as a Reverse Proxy on Fedora 27:

                                      @wirestyle22 said in Install Nginx as a Reverse Proxy on Fedora 27:

                                      @scottalanmiller Yeah, thin provisioning makes sense for something like this for sure

                                      For almost everything thin provisioning makes sense. I'm sure there is an exception to the rule but I can't think of one off the top of my head.

                                      Databases?

                                      That would generally be it. HOWEVER, I normally put my DB on thin provisioning and have a separate, dedicated storage just for the data (DB files) which is thick provisioned.

                                      Or if on Scale, the main storage gets a low HEAT score and the dedicated DB files gets set to 11.

                                      It depends on how much your database grows. Then provisioning is still just fine if the database size is fairly stable

                                      1 Reply Last reply Reply Quote 1
                                      • DonahueD
                                        Donahue @JaredBusch
                                        last edited by Donahue

                                        @JaredBusch said in Install Nginx as a Reverse Proxy on Fedora 27:

                                        Before you can request your SSL certificate, you have to have a valid configuration file in place listening on port 80.
                                        Nginx stores the configuration files in /etc/nginx/conf.d/, so let's make our nextcloud.conf.
                                        I am not going to go aver all the pieces here. If you want ot know more about what all these settings mean, go look them up.
                                        Finally, this is a sample base don Nextcloud. Change it to fit your application needs.
                                        The structure may look strange at first, but there is a method to my madness. It is based on how certbot --nginx works.

                                        cat > /etc/nginx/conf.d/nextcloud.conf <<EOF
                                        server {
                                            client_max_body_size 40M;
                                            server_name nc.domain.com;
                                            proxy_set_header X-Real-IP $remote_addr;
                                            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                                            proxy_set_header Host $http_host;
                                            proxy_set_header X-NginX-Proxy true;
                                            proxy_redirect off;
                                            location / {
                                                proxy_set_header X-Real-IP $remote_addr;
                                                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                                                proxy_set_header Host $http_host;
                                                proxy_set_header X-NginX-Proxy true;
                                                proxy_pass http://10.150.0.17;
                                                proxy_redirect off;
                                                # Socket.IO Support
                                                proxy_http_version 1.1;
                                                proxy_set_header Upgrade $http_upgrade;
                                                proxy_set_header Connection "upgrade";
                                            }
                                        ##    ssl_stapling on;
                                        ##    ssl_stapling_verify on;
                                        ##    ssl_session_cache shared:SSL:10m;
                                        ##    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
                                            listen 80;
                                        }
                                        ##server {
                                        ##    client_max_body_size 40M;
                                        #    listen 80;
                                        ##    server_name nc.domain.com;
                                        ##    return 301 https://$host$request_uri;
                                        ##}
                                        EOF
                                        

                                        NOTE: This is on purpose only one # while the others have two, # listen 80;.

                                        Test the config

                                        nginx -t
                                        

                                        When I run this step, I get an error.

                                        [root@nginx ~]# nginx -t
                                        nginx: [emerg] invalid number of arguments in "proxy_set_header" directive in /etc/nginx/conf.d/nextcloud.conf:4
                                        nginx: configuration file /etc/nginx/nginx.conf test failed
                                        
                                        travisdh1T 1 Reply Last reply Reply Quote 0
                                        • travisdh1T
                                          travisdh1 @Donahue
                                          last edited by

                                          @Donahue said in Install Nginx as a Reverse Proxy on Fedora 27:

                                          @JaredBusch said in Install Nginx as a Reverse Proxy on Fedora 27:

                                          Before you can request your SSL certificate, you have to have a valid configuration file in place listening on port 80.
                                          Nginx stores the configuration files in /etc/nginx/conf.d/, so let's make our nextcloud.conf.
                                          I am not going to go aver all the pieces here. If you want ot know more about what all these settings mean, go look them up.
                                          Finally, this is a sample base don Nextcloud. Change it to fit your application needs.
                                          The structure may look strange at first, but there is a method to my madness. It is based on how certbot --nginx works.

                                          cat > /etc/nginx/conf.d/nextcloud.conf <<EOF
                                          server {
                                              client_max_body_size 40M;
                                              server_name nc.domain.com;
                                              proxy_set_header X-Real-IP $remote_addr;
                                              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                                              proxy_set_header Host $http_host;
                                              proxy_set_header X-NginX-Proxy true;
                                              proxy_redirect off;
                                              location / {
                                                  proxy_set_header X-Real-IP $remote_addr;
                                                  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                                                  proxy_set_header Host $http_host;
                                                  proxy_set_header X-NginX-Proxy true;
                                                  proxy_pass http://10.150.0.17;
                                                  proxy_redirect off;
                                                  # Socket.IO Support
                                                  proxy_http_version 1.1;
                                                  proxy_set_header Upgrade $http_upgrade;
                                                  proxy_set_header Connection "upgrade";
                                              }
                                          ##    ssl_stapling on;
                                          ##    ssl_stapling_verify on;
                                          ##    ssl_session_cache shared:SSL:10m;
                                          ##    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
                                              listen 80;
                                          }
                                          ##server {
                                          ##    client_max_body_size 40M;
                                          #    listen 80;
                                          ##    server_name nc.domain.com;
                                          ##    return 301 https://$host$request_uri;
                                          ##}
                                          EOF
                                          

                                          NOTE: This is on purpose only one # while the others have two, # listen 80;.

                                          Test the config

                                          nginx -t
                                          

                                          When I run this step, I get an error.

                                          [root@nginx ~]# nginx -t
                                          nginx: [emerg] invalid number of arguments in "proxy_set_header" directive in /etc/nginx/conf.d/nextcloud.conf:4
                                          nginx: configuration file /etc/nginx/nginx.conf test failed
                                          

                                          You've got the same thing in both the server { and location / { sections. If that's not a copy/paste error, remove them from the server { section.

                                          DonahueD 1 Reply Last reply Reply Quote 0
                                          • DonahueD
                                            Donahue
                                            last edited by

                                            I figured out that step. Somehow it only pasted some of the arguments in there. I am still waiting on the DNS A record before I can move on

                                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 4 / 6
                                            • First post
                                              Last post