May 052012
 

Nginx is an emerging Web server (it claims to power around 12% of the website) and is known for its high performance, stability, rich feature set, simple configuration, and low resource consumption.

Personally I’m using it from 2010 and so far so good, no particular problems, it does perfectly his work and is frequently updated by the developers, I’m really happy of how is performing on my VPS and in this time I’ve learnt some small tricks and tips that perhaps could save you some time in the future.




1)

Enable phpmyadmin with https protocol on a non standard port on Nginx

it could be useful to have phpmyadmin installed to manage your DB, but it’s a good idea to have a dedicated Virtualhost on a dedicated (non standard port), so for example have it on https://linuxaria.com:111/phpmyadmin

If you use php5-fpm on standard port than your Nginx configuration to achieve this should be something like this one:

server {
    listen       111;
    error_page 497 = https://$host:111$request_uri;
    ssl                  on;
    ssl_certificate      /etc/myca/server.crt;
    ssl_certificate_key  /etc/myca/server.key;
    ssl_protocols        SSLv3 TLSv1;
    ssl_ciphers          HIGH:!aNULL:!MD5;
    root   /var/www/phpmyadmin;
    access_log /var/log/nginx/phpmyadmin-access.log;
    error_log /var/log/nginx/phpmyadmin-error.log;
 
 
    location / {
        index  index.html index.htm index.php;
    }
    location ~ \.php$ {
                include /opt/nginx/conf/fastcgi_params;
                fastcgi_pass  127.0.0.1:9000;
                fastcgi_index index.php;
                fastcgi_param  SCRIPT_FILENAME  /srv/wordpress/adminit/$fastcgi_script_name;
        }

The key directives are:

Listen 111 -> We tell to Nginx to listen on a particular port
ssl on; -> we turn on the secure channel (https)
error_page 497 = https://$host:111$request_uri; -> This is a good solution (IMO), if you reach this page with the http protocol, instead of getting an error page saying you are trying to use http on a https site you’ll be automatically redirected to the https site.

2)

Redirect url with www to non-www with Nginx

Some sites use www and others don’t use it, in both cases a good thing is to have something that redirect all the traffic of a type toward the other, so to forward all the non-www traffic to a www. url for linuxaria i could add these lines in my server configuration:

# Replace linuxaria.com with your domain
if ($host = linuxaria.com) {
rewrite ^/(.*)$ http://www.linuxaria.com/$1 permanent;
}

Or do the opposite if i want to remove the www.

if ($host = www.linuxaria.com) {
rewrite ^/(.*)$ http://linuxaria.com/$1 permanent;
}


3)

Hotlinking protection with Nginx

Hotlinking can be annoying, but if you want is easy to prevent it with Nginx.
Just remember that you’ll block also some search engine, like google Image, a thing that could be not so positive for your website.
In this example Nginx will returns a 403 when any hotlinking is detected.

location ~* (\.jpg|\.png|\.gif|\.jpeg)$ {
     valid_referers blocked www.linuxaria.com linuxaria.com;
     if ($invalid_referer) {
        return 403;
     }

Add this location inside your server block.

This directive use the Nginx HttpRefererModule, the directive valid_referers assigns a value of 0 or 1 to the variable $invalid_referer based on the contents of the referer header.

You can use this to help reduce deep-linking from outside sites. If Referer header is not accounted for in the list of valid_referers, then $invalid_referer will be set to 1, I’ve put as valid referer linuxaria.com and the special word blocked that means masked Referer header by firewall, for example, “Referer: XXXXXXX”.

4)

Send all pages to a maintenance page with Nginx

Perhaps you have to do some planned works on your CMS, or in general on your site, and you want that all your pages give a maintenance page with a message to the visitors, with these rules in your server you can achieve it:

error_page 503 @maintenance;

location /
{
if (-f $document_root/mymaintenance.html)
{
return 503;
}

try_files $uri /index.php?$args;
}

location @maintenance
{
rewrite ^ /mymaintenance.html break;
}

When you want to go on maintenance mode just create the file $document_root/mymaintenance.html with a message for your users.

Popular Posts:

Flattr this!

  3 Responses to “Tips and Tricks for Nginx”

  1. Undeniably imagine that that you said. Yoour favourite justification appeared to be on the web the easiest
    thing to bear in mind of. I say too you, I certainly get irked while people consider concern that they plainly do not realize about.
    You controlled to hit thhe nail upon thhe top and outlined out the whole thing without hhaving side-effects ,
    other people can take a signal. Will likely be back to get
    more. Thanks!

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

*