User Tools

Site Tools


adm:nginx

NGINX as a Proxy

Nginx enables us to serve various web applications on subdomains. This is for two reasons: Firstly, it means all applications can be served on “standard” web ports (80- not recommended) and 443 for ssl.

Secondly it means that all ssl is configured in a single place and we do not have to configure individually on the applications.

Setup sub domains

Setup sub domains via your DNS provider so that each application can be configured easily in NGINX.

Currently we use:

appzibawa device manager
dashboardgrafana dashboards
rmqrabbitmq control panel
ldapphpldapadmin

Nginx Configuration

Change the user nginx runs under

sudo nano /etc/nginx/nginx.conf

Modify the line:

user www-data;

Obtain Certificates and Setup SSL on Nginx

Lets encrypt interactive will install cert, configure nginx and setup cronjob with single command. Cronjob is in /etc/cron.d folder. For more details see below.

Follow the digital ocean tutorial here to setup lets encrypt certificates and configure Nginx for SSL

Basic SSL

server {
    listen 80;
    listen [::]:80;
    server_name zibawa.com;
    root /var/www/html;
    index index.html index.htm;

    location ~ /.well-known {
                allow all;
                root /var/www/html;

    }

}


server {
    listen [::]:443 ssl;
    listen 443 ssl;

    server_name zibawa.com;
    include snippets/ssl-zibawa.com.conf;
    include snippets/ssl-params.conf;
    # Maximum file upload size is 4MB - change accordingly if needed
    client_max_body_size 4M;
    client_body_buffer_size 128k;

    root /var/www/html;
    index index.html index.htm;


    location ~ /.well-known {
                allow all;
                root /var/www/html;

    }
}

LDAP with phpLDAPadmin

Important! PhpLDAP expects NGINX to be running as user www-data. Otherwize you will have to locate all phpLDAPadmin files with group www-data and change to nginx.

We need to setup a virtual server for the phpLDAPadmin interface with SSL.

LDAP with SSL

  server {
    listen               80;
    listen                   [::]:80;
    server_name          ldap.zibawa.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen [::]:443 ssl;
    listen 443 ssl;

    server_name ldap.zibawa.com;
    include snippets/ssl-zibawa.com.conf;
    include snippets/ssl-params.conf;
    # Maximum file upload size is 4MB - change accordingly if needed
    client_max_body_size 4M;
    client_body_buffer_size 128k;
    root /usr/share/phpldapadmin/htdocs;
    index  index.php index.html index.htm;
        
   location ~ \.php$ {
        try_files $uri $uri/ /index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param REDIRECT_STATUS 200;
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;

    }
    #this is to allow letsencrypt to verify ssl certs
    location ~ /.well-known {
                allow all;
                root /var/www/html;

    }

}
adm/nginx.txt · Last modified: 2018/04/13 11:37 by matt