Wiki_Nginx - inoueshinichi/Wiki_Web GitHub Wiki

Nginx webサーバーの基本

URL

Q&A

nginx.conf テンプレート

  • /etc/nginx/nginx.conf
  • CertbotによるLet's Encript(CA)のSSL証明書付き設定
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;

    include             /etc/nginx/mime.types;
    default_type        applicaiton/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        server_name <IP> [<DOMAIN>];
        root        /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;
 
        listen [::]:443 ssl ipv6only=on; # managed by Certbot
        listen 443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/<DOMAIN>/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live<DOMAIN>/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparam.pem; # managed by Certbot

        location /static {
          alias /usr/share/nginx/html/static;
        }

        location /media {
          alias /usr/share/nginx/html/media;
        }

        location / {
          proxy_set_header Host $http_host;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Photo $scheme;
          
          proxy_pass http://127.0.0.1:<PORT>;
        }

        # Let's Encripto for issuring SSL certificate and private key
        location /.well-known/acme-challenge {
          root /usr/share/nginx/html;
        }

        error_page 404 /404.html;
        location = /404.html {
        }
        
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    }

    server {
        if ($host = <DOMAIN>) {
            return 301 https://$host$request_uri;
        } # managed by Certbot

        listen     80;
        listen     [::]:80;
        server_name <IP> <DOMAIN>;
        return 404; # managed by Certbot
    }
}
⚠️ **GitHub.com Fallback** ⚠️