2024-03-17 22:08:51 +00:00
|
|
|
# Nginx
|
|
|
|
|
2024-03-18 05:09:39 +00:00
|
|
|
This is a base Nginx service that terminates TLS, and can be used as a reverse
|
2024-03-17 22:08:51 +00:00
|
|
|
proxy for arbitrary services by adding new entries in `/root/nginx/conf.d` and
|
2024-03-18 16:15:02 +00:00
|
|
|
`sudo systemctl reload nginx`.
|
2024-03-17 22:08:51 +00:00
|
|
|
|
|
|
|
## Installation
|
|
|
|
|
2024-03-18 08:00:07 +00:00
|
|
|
Copy the service definition
|
|
|
|
|
|
|
|
```sh
|
|
|
|
scp services/nginx/nginx.service <instance>:
|
|
|
|
|
|
|
|
sudo mv nginx.service /etc/systemd/system/nginx.service
|
|
|
|
```
|
|
|
|
|
2024-03-17 22:08:51 +00:00
|
|
|
Create a directory to house service specific configuration
|
|
|
|
|
2024-03-18 16:04:24 +00:00
|
|
|
```sh
|
|
|
|
sudo mkdir -p /root/nginx/conf.d
|
|
|
|
```
|
2024-03-17 22:08:51 +00:00
|
|
|
|
|
|
|
Add the SSL certificate provided by Cloudflare
|
|
|
|
|
2024-03-18 16:04:24 +00:00
|
|
|
```sh
|
|
|
|
sudo tee /root/nginx/cert.pem
|
|
|
|
sudo tee /root/nginx/key.pem
|
|
|
|
```
|
2024-03-17 22:08:51 +00:00
|
|
|
|
2024-03-18 05:09:39 +00:00
|
|
|
Tell systemd to pick up new service definition, enable it (so that it
|
|
|
|
automatically starts on boot going forward), and start it.
|
|
|
|
|
|
|
|
```sh
|
|
|
|
sudo systemctl daemon-reload
|
|
|
|
sudo systemctl enable --now nginx
|
|
|
|
```
|
|
|
|
|
2024-03-17 22:08:51 +00:00
|
|
|
## Adding a service
|
|
|
|
|
2024-03-18 05:09:39 +00:00
|
|
|
When adding new services that sit behind Nginx,
|
|
|
|
|
|
|
|
1. Add its nginx conf file to `/root/nginx/conf.d`
|
|
|
|
|
2024-03-18 16:15:02 +00:00
|
|
|
2. Restart nginx (`sudo systemctl reload nginx`)
|
2024-03-18 10:14:00 +00:00
|
|
|
|
|
|
|
## Configuration files
|
|
|
|
|
|
|
|
All the files we put into `/root/nginx/conf.d` get included in an `http` block.
|
|
|
|
We can see this in the default configuration of nginx:
|
|
|
|
|
|
|
|
http {
|
|
|
|
...
|
|
|
|
include /etc/nginx/conf.d/*.conf;
|
|
|
|
}
|
|
|
|
|
|
|
|
> To view the default configuration, run the following command against the
|
|
|
|
> [official Docker image for Nginx](https://hub.docker.com/_/nginx), which is
|
|
|
|
> also what we use:
|
|
|
|
>
|
|
|
|
> docker run --rm --entrypoint=cat nginx /etc/nginx/nginx.conf > /tmp/nginx.conf
|
|
|
|
|
|
|
|
This is a [handy tool](https://nginx-playground.wizardzines.com) to check the
|
2024-03-18 16:15:02 +00:00
|
|
|
syntax of the configuration files. Alternatively, you can run `docker exec nginx
|
|
|
|
nginx -t` on the instance to ask nginx to check the configuration.
|
2024-04-04 07:00:56 +00:00
|
|
|
|
|
|
|
## Updating configuration
|
|
|
|
|
|
|
|
Nginx configuration files can be changed without needing to restart anything.
|
|
|
|
|
|
|
|
1. Update the configuration file at `/root/nginx/conf.d/museum.conf`
|
|
|
|
2. Verify that there are no errors in the configuration by using `sudo docker
|
|
|
|
exec nginx nginx -t`.
|
|
|
|
3. Ask nginx to reload the configuration `sudo systemctl reload nginx`.
|