Easy to install
sudo apt-get install nginx-extrasEasy to run
sudo service nginx startAnd easy to configure (once you know how). The default config file you will change the most is in /etc/nginx/sites-enabled/default. My configuration will only have one virtual host, www.domain.com. I plan to separate individual apps and webpages through subdomains. like /subsonic, /opds, etc. Also, I only plan to use https for my server. This is because one of the web-apps (opds), can only authenticate through Basic HTTP Authentication. I do not want the eventual LDAP credentials to be sent plain text, so SSL it is. I ended up getting an SSL Certificate through the PositiveSSL service with Namecheap/Comodo for around $5-$6 a year.
You can reference kbeezie's blog here for a start to getting the cert ready for nginx. Only difference is that I concatenated the certificates from Comodo into a bundle. This will be needed later for some clients, and the LDAP server we'll build later.
cat domain.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt > serverall.crtHere is my initial nginx configuration file
server {I also want to redirect any unencrypted requests on port 80 to use SSL on port 443, so I added the below.
listen [::]:443;
server_name www.domain.com;
#root /var/www;
#index index.php index.html index.htm;
ssl on;
ssl_certificate /etc/nginx/certs/serverall.crt;
ssl_certificate_key /etc/nginx/certs/server.key;
ssl_session_timeout 5m;
access_log /var/log/nginx/server.access.log;
error_log /var/log/nginx/server.error.log;
root /usr/share/nginx/www;
index index.html index.htm;
location / {
try_files $uri $uri/ /index.html;
}
}
server
{
listen 80;
server_name www.domain.com;
rewrite ^ https://$server_name$request_uri? permanent; # enforce https
}
No comments:
Post a Comment