Nginx

  • Nginx
    Linux,  Nginx,  OS Tools

    Nginx tips

    30/08/2022 /

    Table of contents

    Redirect rules

    Setting up maintenance page based on file presence

    First of all, determine which configuration file is being used by checking the main nginx configuration file.

    This can be retrieved by looking into nginx service startup arguments. Typically: /etc/nginx/nginx.conf

    Extract from nginx.conf:

    . . .
include /etc/nginx/sites-enabled/*;
. . .

    Based on the configuration statement above, we need to look into all files into folder /etc/nginx/sites-enabled

    Sample configuration file:

    ...
server {
    listen   10.64.4.7:443 ssl;
    client_max_body_size 1024M;
    server_name test.demo test;
    root /opt/customer/test/apps/angular/angular;

    if (-f $document_root/themes/components/login/maintenance.html) {
        return 503;
    }
    error_page 503 @maintenance;

    expires 168h;
    add_header Content-Security-Policy "frame-ancestors 'self'";
    add_header Cache-Control "no-cache";
    add_header X-Frame-Options SAMEORIGIN;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header Referrer-Policy "same-origin";
    index index.html index.htm;
    ssl_certificate           /etc/nginx/cert/test.crt;
    ssl_certificate_key       /etc/nginx/cert/test.key;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols TLSv1.2;
    ssl_ciphers " ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256 ";
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    access_log /var/log/nginx/access.log main;
    error_log /var/log/nginx/error.log;
    rewrite   ^/$  /webconnect;

    location @maintenance {
        rewrite ^(.*)$ /themes/components/login/maintenance.html break;
    }
...

    Sections on lines 8 – 11 and 33 – 35 state what must be done whenever a given file on a path is available or not. If positive, nginx will redirect all requests to the @maintenance location (a maintenance page).

    Logging

    Log rotation settings

    Configuration file: /etc/logrotate.d/nginx

    Sample configuration (keeps last 30 days):

    /var/log/nginx/*log {
    daily        <--- rotates on a daily basis
    rotate 30    <--- last 30 logs
    missingok
    notifempty
    compress
    sharedscripts
    postrotate
        /bin/kill -USR1 $(cat /var/run/nginx.pid 2>/dev/null) 2>/dev/null || :
    endscript
}
    read more

    You May Also Like

    GNU

    screen (Linux OS utility)

    27/08/2022
    kubernetes

    Kubernetes multi-node cluster deployment from scratch

    14/01/2023
    webdav

    Accessing a webdav drive from Linux shell

    07/09/2022