HTTP server, proxy, reverse proxy etc

Links

• Homepage
• Varnish vs nginx

Documentation

• Getting started

Nginx and php-fpm

• How To Host Multiple Websites Securely With Nginx And Php-fpm On Ubuntu 14.04

Notes

SSL certificates

The host.crt goes first in the bundle

server {
 listen   443;
 ssl    on;
 ssl_certificate    /etc/ssl/your_domain_name.pem; (or bundle.crt)
 ssl_certificate_key    /etc/ssl/your_domain_name.key;
 server_name your.domain.com;
 access_log /var/log/nginx/nginx.vhost.access.log;
 error_log /var/log/nginx/nginx.vhost.error.log;
 location / {
  root   /home/www/public_html/your.domain.com/public/;
  index  index.html;
 }
}

HOWTO

Get configuration items

getconf PAGESIZE

Redirecting in nginx

https://www.liquidweb.com/kb/redirecting-urls-using-nginx/

enable ipv6

In server section add

listen [::]:443;

Configure buffer sizes

See https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffer_size

Rate limiting

• NGINX Rate limiting

FAQ

FastCGI sent in stderr: "Primary script unknown"

Usually means the php script just isn't there

Error messages

no live upstreams while connecting to upstream

can't connect to whatever backend?

upstream sent too big header while reading response header from upstream

• Upstream sent too big header
• Tuning proxy_buffer_size in NGINX

an upstream response is buffered to a temporary file

(SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking

Usually just a bad client or a scan.

cannot load certificate "/etc/ssl/certs/ssl-cert-snakeoil.pem

Probably ubuntu?

apt install ssl-cert

access forbidden by rule

look for allow or deny lines

a client request body is buffered to a temporary file

PLay some with

client_body_buffer_size 10M;
client_max_body_size 10M;

TODO check, this doesn't seem to apply If all else fails just set:

   proxy_max_temp_file_size 0;

and see if you get some feedback :)

Logging

Log level

Doesn't seem to be documented, defaults to log all?