Recently, I add some useful settings for my nginx web server. I would like to take a note of some basic and useful settings of nginx.
http server
First of all, let’s set up the most basic set. Please open your nginx.conf , the basic settings of http server part would be as follows.
Set the port number you want to deploy your web server at listen . Set the domain name you bought from Google Domains, GoDaddy, or just localhost at server_name.The location / in the server block is to set where the root URL would go. The root is the path where you put your web bundle on your server.
https server
Let’s set up another basic setting. I think the most common and easiest way to get the ssl certificate is using Let’s Encript. Please see the details at https://medium.com/@xdxxxx4713/lets-encrypt-in-nginx-85866b848c8e.
The basic config of https should be as follows. Set the port number 443 and ssl at listen . Normally, the certificates would be located at some path like /etc/letsencrypt/live/your_domain_name. There are two .pem files here. Just set them as follows.
http redirect to https
To prevent user access by http, we need to modify the http server config a little bit. Remove the location setting we mention before, and set return 301 to your https server. Even user access your web by http, it would be redirected to https right now.
virtual host
In reality, it’s not quite possible only to deploy one web service on a server. Let’s talk about how to deploy multi web services on the same server.
Let’s make a directory called sites-available and another call sites-enabled under the path of nginx.
In sites-available , make a file just call your_domain_name . Then set the http and the https config as we mentioned before in this file.
If you want to put this web server online, make a link to nginx/sites-enabled .
In nginx.conf , set include sites-enabled/*; at the last of http block. Then nginx would apply all the settings from sites-enabled .
block direct access by ip
Once you put your website online, there would have many attacks every day. In my experience, most attacks are from bots. It just scans every IP and send the request. Even though most of them are harmless, they are still annoying.
We can block these requests by blocking direct access by IP. Users can only access your site by the domain name.
Just put the below settings to one of your web server config. Set default to listen to make this web server as your default server. Set server_name _; means direct access by IP. Finally, we return 403; . It would make the trick of blocking direct access by IP work.
solve refresh 404 issue
Another issue that should be solved is the refresh 404 problem. All the settings above are about the root URL. Therefore, once you refresh the non-root URL web page, nginx would return 404.
To solve this problem, just put try_files $uri $uri/ /index.html; at the last of location setting.
