Category: Nginx

Add Nginx Website to Debian/Nginx Server

October 26, 2022 The Geek Decoder No Comments Nginx

Add the server Block

sudo nano /etc/nginx/sites-available/your_domain

Add the following configuration block, which is similar to the default, but updated for your new directory and domain name:


server {
        listen 80;
        listen [::]:80;

        root /var/www/your_domain/html;
        index index.html index.htm index.nginx-debian.html;

        server_name your_domain www.your_domain;

        location / {
                try_files $uri $uri/ =404;
        }
}

Enable this server block by creating a symbolic link to your custom configuration file inside the sites-enabled directory, which Nginx reads from during startup:

sudo ln -s /etc/nginx/sites-available/your_domain /etc/nginx/sites-enabled

Remove Nginx

November 17, 2021 The Geek Decoder No Comments Nginx

Removes all but config files:

$ sudo apt-get remove nginx nginx-common

or remove everything:

$ sudo apt-get purge nginx nginx-common

After using any of the above commands, use this in order to remove dependencies used by nginx which are no longer required:

$ sudo apt-get autoremove

Install MySQL, Nginx and Zabbix on Debian 11

November 17, 2021 The Geek Decoder No Comments MySQL, Nginx, Zabbix

At first, let’s update the packages:

# apt update

Next, download MySQL from the offical page or use wget command: Get the repo package

wget https://dev.mysql.com/get/mysql-apt-config_0.8.20-1_all.deb

dpkg -i mysql-apt-config_0.8.20-1_all.deb

apt install  gnupg

dpkg -i mysql-apt-config_0.8.20-1_all.deb

When you attempt to install the package, it will ask you what product and version you want to install. Here you can select The MySQL version, Tools, Connectors (like MySQL Workbench), and preview packages. To select the version, hit the first option:

Select the version you will use. Once selected, it will bring you to the previous menu — press Ok button:

apt-get update

Install the MySQL Server using the command:

sudo apt-get install mysql-community-server

When apt finishes downloading, the installer will ask for a root password:

You have two options:

  1. Leave the password blank: the server will use unix sockets authentication. It means you can only access the server as a root user or as a user with sudo
  2. Set a password: the authentication method will be the same for other users.

If you set a password, the installer will ask which authentication plugin to use, strongly encrypted password (MySQL 8.x), or legacy method (MySQL 7.x and earlier).

Now, check the service status with systemctl:

systemctl status mysql.service
# systemctl status mysql.service
● mysql.service - MySQL Community Server
     Loaded: loaded (/lib/systemd/system/mysql.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2021-11-17 09:57:21 CST; 38s ago
       Docs: man:mysqld(8)
             http://dev.mysql.com/doc/refman/en/using-systemd.html
    Process: 4290 ExecStartPre=/usr/share/mysql-8.0/mysql-systemd-start pre (code=exited, status=0/SUCCESS)
   Main PID: 4325 (mysqld)
     Status: "Server is operational"
      Tasks: 38 (limit: 2341)
     Memory: 358.6M
        CPU: 736ms
     CGroup: /system.slice/mysql.service
             └─4325 /usr/sbin/mysqld

Nov 17 09:57:19 redis-004 systemd[1]: Starting MySQL Community Server...
Nov 17 09:57:21 redis-004 systemd[1]: Started MySQL Community Server.

Next, run the command as a root user to safely configure the SQL service:

mysql_secure_installation

Output:

Securing the MySQL server deployment.
Enter password for user root:

VALIDATE PASSWORD COMPONENT can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD component?

Press y|Y for Yes, any other key for No:
Using existing password for root.
Change the password for root ? ((Press y|Y for Yes, any other key for No) :

 ... skipping.
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Success.

Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Success.

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.

Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
 - Dropping test database...
Success.

 - Removing privileges on test database...
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.

All done!

Login and Check the version

# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 12
Server version: 8.0.27 MySQL Community Server - GPL

Copyright (c) 2000, 2021, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

Installing Nginx

sudo apt update
sudo apt install nginx
systemctl status nginx

Output:

nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2021-11-17 10:09:21 CST; 18s ago
       Docs: man:nginx(8)
    Process: 5735 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
    Process: 5736 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
   Main PID: 5951 (nginx)
      Tasks: 2 (limit: 2341)
     Memory: 5.9M
        CPU: 34ms
     CGroup: /system.slice/nginx.service
             ├─5951 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
             └─5954 nginx: worker process

Nov 17 10:09:21 redis-004 systemd[1]: Starting A high performance web server and a reverse proxy server...
Nov 17 10:09:21 redis-004 systemd[1]: nginx.service: Failed to parse PID from file /run/nginx.pid: Invalid argument
Nov 17 10:09:21 redis-004 systemd[1]: Started A high performance web server and a reverse proxy server.

Check Nginx by IP address – http://192.168.0.33

When using the Nginx web server, server blocks (similar to virtual hosts in Apache) can be used to encapsulate configuration details and host more than one domain on a single server. We will set up a domain called your_domain.

Install and configure Zabbix server for your platform
Install Zabbix repository

# wget https://repo.zabbix.com/zabbix/5.4/debian/pool/main/z/zabbix-release/zabbix-release_5.4-1+debian11_all.deb
# dpkg -i zabbix-release_5.4-1+debian11_all.deb
# apt update

Install Zabbix server, frontend, agent

# apt install zabbix-server-mysql zabbix-frontend-php zabbix-nginx-conf zabbix-sql-scripts zabbix-agent2

c. Create initial database
Run the following on your database host.

# mysql -uroot -p
password
mysql> create database zabbix character set utf8 collate utf8_bin;
mysql> create user zabbix@localhost identified by 'Stx12WsaB';
mysql> grant all privileges on zabbix.* to zabbix@localhost;
mysql> quit;

On Zabbix server host import initial schema and data. You will be prompted to enter your newly created password.

# zcat /usr/share/doc/zabbix-sql-scripts/mysql/create.sql.gz | mysql -uzabbix -p zabbix

Configure the database for Zabbix server. Edit file /etc/zabbix/zabbix_server.conf

DBPassword=Stx12WsaB

Configure PHP for Zabbix frontend
Edit file /etc/zabbix/nginx.conf, uncomment and set ‘listen’ and ‘server_name’ directives.

nano /etc/zabbix/nginx.conf
# listen 80;
# server_name example.com;

Start Zabbix server and agent processes and make it start at system boot.

# systemctl restart zabbix-server zabbix-agent2 nginx php7.4-fpm
# systemctl enable zabbix-server zabbix-agent2 nginx php7.4-fpm

Configure Zabbix frontend
Connect to your newly installed Zabbix frontend: http://server_ip_or_name

Set Up Lets Encrypt on Debian 10 with Nginx

June 28, 2021 The Geek Decoder No Comments Nginx

Update your package list

$ sudo apt update

Install the dependencies for the python3-certbot-nginx package, which include the python3-acme, python3-certbot, python3-mock, python3-openssl, python3-pkg-resources, python3-pyparsing, and python3-zope.interface packages:

$ sudo apt install python3-acme python3-certbot python3-mock python3-openssl python3-pkg-resources python3-pyparsing python3-zope.interface

Iinstall the python3-certbot-nginx package:

$ sudo apt install python3-certbot-nginx

Certbot needs to be able to find the correct server block in your Nginx configuration for it to be able to automatically configure SSL. Specifically, it does this by looking for a server_name directive that matches your requested domain.

You should have a server block for your domain at /etc/nginx/sites-available/default with the server_name directive already set appropriately.

To check, open the server block file for your domain using nano or your favorite text editor:

sudo nano /etc/nginx/sites-available/your_domain

Find the existing server_name line. It should look like this:

/etc/nginx/sites-available/default
...
server_name your_domain www.your_domain;
...

If it does, exit your editor and move on to the next step. If it doesn’t, update it to match. Then save the file, quit your editor, and verify the syntax of your configuration edits:

$ sudo nginx -t

If you get an error, reopen the server block file and check for any typos or missing characters. Once your configuration file syntax is correct, reload Nginx to load the new configuration:

$ sudo systemctl reload nginx

Certbot can now find the correct server block and update it.

Add a Cert.

$ sudo certbot --nginx -d your_domain -d www.your_domain

[/bash]

Host a Web Site with a Domain on IPFS

June 16, 2021 The Geek Decoder No Comments Nginx

This article describes how to host a web site on IPFS.

Requirements:
Access to a Registered Domain and DNS records.
Edit your DNS to point the A record to the IPFS server. We will need this to resolve in order to install a Let’s Encrypt Certificate.

Lets Start with an Update

# sudo apt update 
# sudo apt upgrade -y

Lets create a new user account to run IPFS and switch to it:

# adduser ipfs

Install sudo

# apt install sudo

Edit sudo and add the ipfs user

# visudo

Add the IPFS user below root

# User privilege specification
root    ALL=(ALL:ALL) ALL
ipfs    ALL=(ALL:ALL) ALL

change to the IPFS user.

# su ipfs

Install IPFS
Get the latest release at https://dist.ipfs.tech/#kubo

$ wget https://dist.ipfs.tech/kubo/v0.16.0/kubo_v0.16.0_linux-amd64.tar.gz
$ tar xfv kubo_v0.16.0_linux-amd64.tar.gz
$ cd kubo
./install.sh

Initialize IPFS:

$ ipfs init --profile=server

Switch to the root user:

$ exit

Allow the ipfs user to run long-running services by enabling user lingering for that user:

# loginctl enable-linger ipfs

Create the file /etc/systemd/system/ipfs.service with this content:

# nano /etc/systemd/system/ipfs.service

 

[Unit]
Description=IPFS Daemon
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=simple
ExecStart=/usr/local/bin/ipfs daemon --enable-namesys-pubsub
User=ipfs
[Install]
WantedBy=multi-user.target

Enable and start the service:

# systemctl enable ipfs
# systemctl start ipfs

IPFS should be up and running, and start when the server boots.

Check IPFS

$ su ipfs
$ ipfs swarm peers

Add Website Files

Create a folderfor your website files. Add this folder in the ipfs/home directory

$ cd ~
$ mkdir mysitefiles

Upload the site files to the directory. Now we can add these to IPFS with the following contect

$ ipfs add -r <path>

This adds all contents of the folder at to IPFS, recursively. You should see output similar to this:

$ ipfs add -r mysitefiles

Output:

 ipfs add -r mysitefiles/
added QmZrSe9TABdSsWL38FJTp4fW7TposFuzRLSBRYAEMVt1RE mysitefiles/about.html
added Qmdf1mYmCjivJWcXpGikf87PV5VkBo6DQugsjq6GdNZ1az mysitefiles/index.html
added QmW8U3NEHx3p73Nj9645sGnGa8XzR43rQh3Kd52UKncWMo mysitefiles/moon-logo.png
added QmQ91HDqAt1eE7X4DHuJ9r74U3KgKN3pDGidLM6sadK2q2 mysitefiles
 12.66 KiB / 12.66 KiB [==================================================================================================] 100.00%

Each of the long sequence of numbers is called a Content Identifier or CID. These are cryptographically hashed. We can now check to see if the site loads. You can check and use an active gateway here: https://ipfs.github.io/public-gateway-checker/

Add the main Content Identifier (CID) folder ID to the URL. How to link to content on IPFS.

https://ipfs.io/ipfs/<CID>
# e.g
https://ipfs.io/ipfs/QmQ91HDqAt1eE7X4DHuJ9r74U3KgKN3pDGidLM6sadK2q2

Now we can set up the DNS records. See: https://dnslink.io/#introduction

Login to manage your DNS. Add the following TXT Record:

dnslink=/ipfs/QmQ91HDqAt1eE7X4DHuJ9r74U3KgKN3pDGidLM6sadK2q2

Here is my Namecheap DNS

Install nginx with Let’s Encrypt SSL certs
Change to root

$ su root

 

# apt-get update
# apt-get install nginx

Check status to make sure it started and is not throwing any errors:

$ systemctl status nginx

Results

● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: en
   Active: active (running) since Wed 2021-06-16 22:59:51 UTC; 1min 44s ago
     Docs: man:nginx(8)
  Process: 13062 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process
  Process: 13063 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (cod
 Main PID: 13064 (nginx)
    Tasks: 2 (limit: 1163)
   Memory: 5.3M
   CGroup: /system.slice/nginx.service
           ├─13064 nginx: master process /usr/sbin/nginx -g daemon on; master_pr
           └─13065 nginx: worker process

Jun 16 22:59:51 ip-10-0-1-209 systemd[1]: Starting A high performance web server
Jun 16 22:59:51 ip-10-0-1-209 systemd[1]: nginx.service: Failed to parse PID fro
Jun 16 22:59:51 ip-10-0-1-209 systemd[1]: Started A high performance web server
lines 1-16/16 (END)

Get your IP and open it with browser to make sure Nginx is serving its default page:

$ curl -s domain.com
$ curl -s Ip_address

Now browse to http://your-ip-here and you should see the Nginx default page “Welcome to Nginx”.

Set Up your nginx configs:

$ sudo mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default_back
# sudo nano /etc/nginx/sites-available/default

Copy and paste this config (change example.com to your domain)


server {
    server_name example.com www.example.com;
    server_tokens off;

    listen 80;
    listen [::]:80;
    listen 443 ssl;
    listen [::]:443 ssl;

    location / {
        proxy_pass http://localhost:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

Test that new config syntax and make sure it is ok:

$ sudo nginx -t

If all good reload:

$ sudo systemctl reload nginx

Add Lets Encrypt according to this article – https://www.geekdecoder.com/set-up-lets-encrypt-on-debian-10/

The final config should resemble this:

server {
    server_name example.com www.example.com;
    server_tokens off;

    location / {
        proxy_pass http://localhost:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = www.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    server_name example.com www.example.com;

    listen 80;
    listen [::]:80;
    return 404; # managed by Certbot
}

The site should now be available.

Nginx fails to start when Centos/Plesk migrated to Azure

June 15, 2018 The Geek Decoder No Comments Nginx, Azure

There is a small issue where a Plesk/CentOS 7 system is migrated to Azure and nginx fails to start.
This is the error in the nginx log


# cat /var/log/nginx/error.log
2018/06/14 22:11:41 [emerg] 9341#0: bind() to 10.144.114.11:443 failed (99: Cannot assign requested address)

If so then to edit:


# /etc/sysctl.conf

And add:


# net.ipv4.ip_nonlocal_bind = 1

Then Run:


# sysctl -p /etc/sysctl.conf

start Nginx:


#service nginx start

Nginx Error bind() to [::]:80 failed (98: Address already in use)

September 11, 2015 The Geek Decoder No Comments Nginx

Site is being load balanced and you get this error is different locations:

It works!

This is the default web page for this server.

The web server software is running but no content has been added, yet.

This is using apache vs Nginx.

Restart nginx fails:

root@web2:/var/log/nginx# tail -f error.log
2015/09/11 01:00:13 [emerg] 5190#5190: bind() to [::]:80 failed (98: Address already in use)
2015/09/11 01:00:13 [emerg] 5190#5190: bind() to 0.0.0.0:80 failed (98: Address already in use)

Then it means nginx or some other process is already using port 80.

You can kill it using:


# sudo fuser -k 80/tcp

And then try restarting nginx again:


# service nginx start

502 Errors on Plesk

May 4, 2015 The Geek Decoder No Comments Nginx, Plesk

Getting 502 Errors on plesk

Try and disable nginx and re-configure your apache configuration to see if it will correct the errors nginx is showing.

To disable nginx, issue : 


# /usr/local/psa/admin/bin/nginxmng -d

To reconfigure your apache configuration issue : 


# /usr/local/psa/admin/bin/httpdmng --reconfigure-all