Configure Nginx in 2024

First, read the old blog post that I wrote 10 years ago: https://mar2ndx.github.io/2015/04/30/unclemartian-nginx-tutorial/index.html

Config on CentOS 7

1
2
3
systemctl status nginx
sudo systemctl restart nginx
sudo systemctl enable nginx

1. nginx.conf 必备配置

1
sudo vi /etc/nginx/nginx.conf

Look out for the 2 lines of include, and the server block. Those are the only important parts.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;

server {
    listen       80;
    listen       [::]:80;
    server_name  _;
    root         /usr/share/nginx/html;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    error_page 404 /404.html;
    location = /404.html {
    }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    }
}
  1. Currently, my /etc/nginx/conf.d/ is empty.
  2. Put a config for each website under /etc/nginx/sites-enabled/, which contains symlinks to /etc/nginx/sites-available/.
  3. listen 80 is for http, and listen [::]:80 is for IPv6 http.
  4. server_name _ means match all hosts. This is the fallback server, in case no other server matches.

2. sites-available 文件夹

Now let’s look at /etc/nginx/sites-available/. Please note that the .conf extension is just for convention, not required.

resilio.conf:

1
2
3
4
5
6
7
8
9
10
11
12
server {
    listen 80;
    server_name resilio.website.com;

    location / {
        proxy_pass http://127.0.0.1:8888;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

metaagent.conf:

1
2
3
4
5
6
7
8
9
10
11
12
server {
    listen 80;
    server_name metaagent.website.com;

    location / {
        proxy_pass http://<your_server_ip>:3459;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

3. sites-enabled 文件夹

This is the list of websites that are enabled:

1
ls -l /etc/nginx/sites-enabled/

To symlink:

1
sudo ln -s /etc/nginx/sites-available/some_config.conf /etc/nginx/sites-enabled/some_config.conf

Test that it works:

1
sudo nginx -t

Debugging 遇到问题

If error, check:

1
sudo tail -f /var/log/nginx/error.log

Or just

1
2
cat /var/log/nginx/error.log
cat /var/log/nginx/access.log

For example, I found the error in error.log:

1
2024/11/27 03:14:27 [crit] 24614#24614: *15 connect() to xxx failed (13: Permission denied) while connecting to upstream, client: 162.158.106.217, server: xxxxx.345321.xyz, request: "GET / HTTP/1.1", upstream: "xxxxxxx", host: "xxxxxxx"

This is due to SELinux, a Linxu security module that blocks Nginx from connecting to my python server.

To fix, run:

1
2
3
sudo setenforce 0
sudo setenforce 1
sudo setsebool httpd_can_network_connect on -P

Or this error:

1
connect() failed (111: Connection refused) suggests that when Nginx tries to access the Resilio Sync service at http://142.171.174.241:8888, it's unable to establish a connection

This is most likely due to Resilio not allowing access from 0.0.0.0, or it’s re-directing to https instead of http.