Fork 0
Our blog as a set of static pages. http://zero-knowledge.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

129 lines
4.3 KiB

title = "minimal nginx configuration"
date = "2015-03-25T22:11:20+00:00"
author = "Gibheer"
draft = false
As I was asked today, how I manage the nginx setup, I thought I write it down.
The configuration was inpsired by the [blog entry of Zach Orr](http://blog.zachorr.com/nginx-setup/)
(looks like the blog post is gone since 2014).
The setup consists of one main configuration and multiple domain specific
configuration files which get sourced in the main config.
If a domain is using certificates, these are pulled in in their respective files.
I will leave out the performance stuff to make the config more readable. As the
location of the config files differs per platform, I will use $CONF_DIR as a
## main configuration
The main configuration `$CONF_DIR/nginx.conf` first sets some global stuff.
# global settings
user www www;
pid /var/run/nginx.pid;
This will take care of dropping the privileges after the start to the *www* user
Next is the http section, which sets the defaults for all server parts.
http {
include mime.types;
default_type application/octet-stream;
charset UTF-8;
# activate some modules
gzip on;
# set some defaults for modules
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
include sites/*.conf;
This part sets some default options for all server sections and helps to make the
separate configuration easier.
In this example the mime types are included (a large file with mime type definitions),
the default charset and mime type is set.
In this section we can also active modules like gzip ([see gzip on nginx](http://nginx.org/en/docs/http/ngx_http_gzip_module.html)) or set some options for modules like ssl ([see ssl on nginx](http://nginx.org/en/docs/http/ngx_http_ssl_module.html)).
The last option is to include more config files from the sites directory. This is
the directive which makes it possible to split up the configs.
## server section config
The server section config may look different for each purpose. Here are some
smaller config files just to show, what is possible.
### static website
For example the file *$CONF_DIR/sites/static.zero-knowledge.org.conf* looks like this:
server {
listen 80;
server_name static.zero-knowledge.org;
location / {
root /var/srv/static.zero-knowledge.org/htdocs;
index index.html;
In this case a domain is configured delivering static content from the directory
`/var/src/static.zero-knowledge.org/htdocs` on port 80 for the domain *static.zero-knowledge.org`.
If the root path is called in the browser, nginx will look for the *index.html* to show.
### reverse proxy site
For a reverse proxy setup, the config *$CONF_DIR/sites/zero-knowledge.org.conf* might look like this.
server {
listen 80;
server_name zero-knowledge.org;
location / {
proxy_pass http://unix:/tmp/reverse.sock;
include proxy_params;
In this case, nginx will also listen on port 80, but for the host zero-knowledge.org.
All incoming requests will be forwarded to the local unix socket */tmp/reverse.sock*.
You can also define IPs and ports here, but for an easy setup, unix sockets might be
The parameter `include proxy_params;` includes the config file proxy_params to
set some headers when forwarding the request, for example *Host* or *X-Forwarded-For*.
There should be a number of config files already included with the nginx package,
so best is to tkae a look in $CONF_DIR.
### uwsgi setup
As I got my graphite setup running some days ago, I can also provide a very bare
uwsgi config, which actually looks like the reverse proxy config.
server {
listen 80;
server_name uwsgi.zero-knowledge.org;
location / {
uwsgi_pass uwsgi://unix:/tmp/uwsgi_graphite.sock;
include uwsgi_params;
So instead of `proxy_pass` `uwsgi_pass` is used to tell nginx, that it has to use
the uwsgi format. Nginx will also include the uwsgi parameters, which is like the
proxy_params file a collection of headers to set.
## conclusion
So this is my pretty minimal configuration for nginx. It helped me automate the
configuration, as I just have to drop new config files in the directory and
reload the server.
I hope you liked it and have fun.