Nginx: Difference between revisions
m (→FAQ) |
|||
Line 79: | Line 79: | ||
=FAQ= | =FAQ= | ||
==nginx serving wrong page== | |||
Forgot to tell it to listen on ipv6? | |||
Like | |||
listen [::]:443 ssl;l | |||
==Conflicting server name XXX on 0.0.0.0:80== | ==Conflicting server name XXX on 0.0.0.0:80== | ||
Revision as of 11:23, 2 February 2024
HTTP server, proxy, reverse proxy etc
Links
Documentation
Nginx and php-fpm
Monitoring php-fpm under nginx
Create /etc/nginx/site-enabled/fpmstatus
server { listen 89; listen [::]:89; server_name localhost; location = /fpm-status { access_log off;
allow 127.0.0.1; deny all;
fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; include fastcgi_params; fastcgi_pass unix:/run/php/php-fpm.sock; # fastcgi_pass 127.0.0.1:9001; } location = /fpm-ping { access_log off;
allow 127.0.0.1; deny all;
fastcgi_param SCRIPT_FILENAME $fastcgi_script_name; include fastcgi_params; fastcgi_pass unix:/run/php/php-fpm.sock; } }
TODO find out why monitoring via tcp socket 127.0.0.1:9001 doesn't work
Notes
SSL certificates
The host.crt goes first in the bundle
server { listen 443; ssl on; ssl_certificate /etc/ssl/your_domain_name.pem; (or bundle.crt) ssl_certificate_key /etc/ssl/your_domain_name.key; server_name your.domain.com; access_log /var/log/nginx/nginx.vhost.access.log; error_log /var/log/nginx/nginx.vhost.error.log; location / { root /home/www/public_html/your.domain.com/public/; index index.html; } }
HOWTO
Get configuration items
getconf PAGESIZE
Redirecting in nginx
https://www.liquidweb.com/kb/redirecting-urls-using-nginx/
enable ipv6
In server section add
listen [::]:443;
Configure buffer sizes
See https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size
Rate limiting
FAQ
nginx serving wrong page
Forgot to tell it to listen on ipv6? Like
listen [::]:443 ssl;l
Conflicting server name XXX on 0.0.0.0:80
FastCGI sent in stderr: "Primary script unknown"
Usually means the php script just isn't there
Error messages
no live upstreams while connecting to upstream
can't connect to whatever backend?
upstream sent too big header while reading response header from upstream
an upstream response is buffered to a temporary file
Usually just a bad client or a scan.
cannot load certificate "/etc/ssl/certs/ssl-cert-snakeoil.pem
Probably ubuntu?
apt install ssl-cert
access forbidden by rule
look for allow or deny lines
a client request body is buffered to a temporary file
PLay some with
client_body_buffer_size 10M; client_max_body_size 10M;
TODO check, this doesn't seem to apply If all else fails just set:
proxy_max_temp_file_size 0;
and see if you get some feedback :)
upstream timed out
Look for proxy_pass
Logging
Log level
Doesn't seem to be documented, defaults to log all?