Difference between revisions of "Nginx"
Jump to navigation
Jump to search
Line 23: | Line 23: | ||
} | } | ||
− | ==Force clients to use https== | + | ==Force clients to use https (HSTS)== |
Add to ./conf.d/myconfig.conf | Add to ./conf.d/myconfig.conf | ||
:<code>add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;</code> | :<code>add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;</code> | ||
+ | |||
+ | Wipe browser history for the HSTS websites if HSTS settings were disabled but the max-age has not passed yet for your browser (31536000 seconds is 1 year). | ||
=Issues and fixes= | =Issues and fixes= |
Latest revision as of 14:36, 2 October 2022
Nginx is a webserver working very well on small systems
- nginx -t
- Test configuration
- nginx -V
- Print version, compiler version and configured parameters
Tips
- Put al customizations in your site-definitions (in ./sites-available) or in .conf files in the ./conf.d subdir. This make it easier to migrate your configuration to another server.
PHP support
To enable php suppport in ./sites-available/xxx put this
location ~ \.php$ { #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php8.1-fpm.sock; fastcgi_intercept_errors on; fastcgi_param HTTPS on; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; }
Force clients to use https (HSTS)
Add to ./conf.d/myconfig.conf
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
Wipe browser history for the HSTS websites if HSTS settings were disabled but the max-age has not passed yet for your browser (31536000 seconds is 1 year).
Issues and fixes
- could not build server_names_hash, you should increase server_names_hash_bucket_size: 32
- Due to many servernames in a server definition. In a .conf file in /etc/nginx/conf.d put a line like
server_names_hash_bucket_size 64;
- Using listen [::]:80 ipv6only=on;
- The ipv6only parameter can be set only once. If you have several virtual host you should not use it.