Category: Nginx

Remove Nginx

November 17, 2021 The Geek Decoder Leave a comment Nginx

Removes all but config files:

$ sudo apt-get remove nginx nginx-common

or remove everything:

$ sudo apt-get purge nginx nginx-common

After using any of the above commands, use this in order to remove dependencies used by nginx which are no longer required:

$ sudo apt-get autoremove

Install MySQL, Nginx and Zabbix on Debian 11

November 17, 2021 The Geek Decoder Leave a comment MySQL, Nginx, Zabbix

At first, let’s update the packages:

# apt update

Next, download MySQL from the offical page or use wget command: Get the repo package

wget https://dev.mysql.com/get/mysql-apt-config_0.8.20-1_all.deb

dpkg -i mysql-apt-config_0.8.20-1_all.deb

apt install  gnupg

dpkg -i mysql-apt-config_0.8.20-1_all.deb

When you attempt to install the package, it will ask you what product and version you want to install. Here you can select The MySQL version, Tools, Connectors (like MySQL Workbench), and preview packages. To select the version, hit the first option:

Select the version you will use. Once selected, it will bring you to the previous menu — press Ok button:

apt-get update

Install the MySQL Server using the command:

sudo apt-get install mysql-community-server

When apt finishes downloading, the installer will ask for a root password:

You have two options:

  1. Leave the password blank: the server will use unix sockets authentication. It means you can only access the server as a root user or as a user with sudo
  2. Set a password: the authentication method will be the same for other users.

If you set a password, the installer will ask which authentication plugin to use, strongly encrypted password (MySQL 8.x), or legacy method (MySQL 7.x and earlier).

Now, check the service status with systemctl:

systemctl status mysql.service
# systemctl status mysql.service
● mysql.service - MySQL Community Server
     Loaded: loaded (/lib/systemd/system/mysql.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2021-11-17 09:57:21 CST; 38s ago
       Docs: man:mysqld(8)
             http://dev.mysql.com/doc/refman/en/using-systemd.html
    Process: 4290 ExecStartPre=/usr/share/mysql-8.0/mysql-systemd-start pre (code=exited, status=0/SUCCESS)
   Main PID: 4325 (mysqld)
     Status: "Server is operational"
      Tasks: 38 (limit: 2341)
     Memory: 358.6M
        CPU: 736ms
     CGroup: /system.slice/mysql.service
             └─4325 /usr/sbin/mysqld

Nov 17 09:57:19 redis-004 systemd[1]: Starting MySQL Community Server...
Nov 17 09:57:21 redis-004 systemd[1]: Started MySQL Community Server.

Next, run the command as a root user to safely configure the SQL service:

mysql_secure_installation

Output:

Securing the MySQL server deployment.
Enter password for user root:

VALIDATE PASSWORD COMPONENT can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD component?

Press y|Y for Yes, any other key for No:
Using existing password for root.
Change the password for root ? ((Press y|Y for Yes, any other key for No) :

 ... skipping.
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : y
Success.

Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y
Success.

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.

Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y
 - Dropping test database...
Success.

 - Removing privileges on test database...
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y
Success.

All done!

Login and Check the version

# mysql -uroot -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 12
Server version: 8.0.27 MySQL Community Server - GPL

Copyright (c) 2000, 2021, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

Installing Nginx

sudo apt update
sudo apt install nginx
systemctl status nginx

Output:

nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2021-11-17 10:09:21 CST; 18s ago
       Docs: man:nginx(8)
    Process: 5735 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
    Process: 5736 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
   Main PID: 5951 (nginx)
      Tasks: 2 (limit: 2341)
     Memory: 5.9M
        CPU: 34ms
     CGroup: /system.slice/nginx.service
             ├─5951 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
             └─5954 nginx: worker process

Nov 17 10:09:21 redis-004 systemd[1]: Starting A high performance web server and a reverse proxy server...
Nov 17 10:09:21 redis-004 systemd[1]: nginx.service: Failed to parse PID from file /run/nginx.pid: Invalid argument
Nov 17 10:09:21 redis-004 systemd[1]: Started A high performance web server and a reverse proxy server.

Check Nginx by IP address – http://192.168.0.33

When using the Nginx web server, server blocks (similar to virtual hosts in Apache) can be used to encapsulate configuration details and host more than one domain on a single server. We will set up a domain called your_domain.

Install and configure Zabbix server for your platform
Install Zabbix repository

# wget https://repo.zabbix.com/zabbix/5.4/debian/pool/main/z/zabbix-release/zabbix-release_5.4-1+debian11_all.deb
# dpkg -i zabbix-release_5.4-1+debian11_all.deb
# apt update

Install Zabbix server, frontend, agent

# apt install zabbix-server-mysql zabbix-frontend-php zabbix-nginx-conf zabbix-sql-scripts zabbix-agent2

c. Create initial database
Run the following on your database host.

# mysql -uroot -p
password
mysql> create database zabbix character set utf8 collate utf8_bin;
mysql> create user zabbix@localhost identified by 'Stx12WsaB';
mysql> grant all privileges on zabbix.* to zabbix@localhost;
mysql> quit;

On Zabbix server host import initial schema and data. You will be prompted to enter your newly created password.

# zcat /usr/share/doc/zabbix-sql-scripts/mysql/create.sql.gz | mysql -uzabbix -p zabbix

Configure the database for Zabbix server. Edit file /etc/zabbix/zabbix_server.conf

DBPassword=Stx12WsaB

Configure PHP for Zabbix frontend
Edit file /etc/zabbix/nginx.conf, uncomment and set ‘listen’ and ‘server_name’ directives.

nano /etc/zabbix/nginx.conf
# listen 80;
# server_name example.com;

Start Zabbix server and agent processes and make it start at system boot.

# systemctl restart zabbix-server zabbix-agent2 nginx php7.4-fpm
# systemctl enable zabbix-server zabbix-agent2 nginx php7.4-fpm

Configure Zabbix frontend
Connect to your newly installed Zabbix frontend: http://server_ip_or_name

Set Up Lets Encrypt on Debian 10

June 28, 2021 The Geek Decoder Leave a comment Nginx

Update your package list

$ sudo apt update

Install the dependencies for the python3-certbot-nginx package, which include the python3-acme, python3-certbot, python3-mock, python3-openssl, python3-pkg-resources, python3-pyparsing, and python3-zope.interface packages:

$ sudo apt install python3-acme python3-certbot python3-mock python3-openssl python3-pkg-resources python3-pyparsing python3-zope.interface

Iinstall the python3-certbot-nginx package:

$ sudo apt install python3-certbot-nginx

Certbot needs to be able to find the correct server block in your Nginx configuration for it to be able to automatically configure SSL. Specifically, it does this by looking for a server_name directive that matches your requested domain.

You should have a server block for your domain at /etc/nginx/sites-available/default with the server_name directive already set appropriately.

To check, open the server block file for your domain using nano or your favorite text editor:

sudo nano /etc/nginx/sites-available/your_domain

Find the existing server_name line. It should look like this:

/etc/nginx/sites-available/default
...
server_name your_domain www.your_domain;
...

If it does, exit your editor and move on to the next step. If it doesn’t, update it to match. Then save the file, quit your editor, and verify the syntax of your configuration edits:

$ sudo nginx -t

If you get an error, reopen the server block file and check for any typos or missing characters. Once your configuration file syntax is correct, reload Nginx to load the new configuration:

$ sudo systemctl reload nginx

Certbot can now find the correct server block and update it.

Add a Cert.

$ sudo certbot --nginx -d your_domain -d www.your_domain

Setting up IPFS Server with Nginx and Gateway

June 16, 2021 The Geek Decoder Leave a comment Nginx

In a previous article, we set up a private IPFS cluster. We now need a public IPFS gateway so files on the private cluster are accessible by the public. This gateway will run on one of the IPFS nodes in the cluster.

We can use Nginx as a proxy to the local ipfs gateway that ships with the IPFS daemon (As a default for IPFS, the files and Webui are only accessable via localhost). So, set up a domain or subdomain pointing to one of the nodes.

Start with an Update

$ sudo apt update 
$ sudo apt upgrade -y

Install Nginx And Configure It.

$ sudo apt install nginx -y

Check status to make sure it started and is not throwing any errors:

$ systemctl status nginx

Results

● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: en
   Active: active (running) since Wed 2021-06-16 22:59:51 UTC; 1min 44s ago
     Docs: man:nginx(8)
  Process: 13062 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process
  Process: 13063 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (cod
 Main PID: 13064 (nginx)
    Tasks: 2 (limit: 1163)
   Memory: 5.3M
   CGroup: /system.slice/nginx.service
           ├─13064 nginx: master process /usr/sbin/nginx -g daemon on; master_pr
           └─13065 nginx: worker process

Jun 16 22:59:51 ip-10-0-1-209 systemd[1]: Starting A high performance web server
Jun 16 22:59:51 ip-10-0-1-209 systemd[1]: nginx.service: Failed to parse PID fro
Jun 16 22:59:51 ip-10-0-1-209 systemd[1]: Started A high performance web server
lines 1-16/16 (END)

Get your IP and open it with browser to make sure Nginx is serving its default page:

$ curl -s domain.com
$ curl -s Ip_address

Now browse to http://your-ip-here and you should see the Nginx default page “Welcome to Nginx”.

Set Up your nginx configs:

$ sudo mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default_back
$ sudo nano /etc/nginx/sites-available/default

Copy and paste this config (change ipfs.geekdecoder.com to your domain)

server {
    listen 80;
    listen [::]:80;
    server_name your_domain_name.com;

    location /api/v0/add {
        proxy_pass http://localhost:5001;
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        allow all;
    }

    location /ipfs {
        proxy_pass http://localhost:8080;
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        allow all;
    }

    location / {
        proxy_pass http://localhost:5001;
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        deny all; # <- Deny other traffic
    }

#Uncomment below if adding ssl cert with certbot
#    listen [::]:443 ssl ipv6only=on; # managed by Certbot
#    listen 443 ssl; # managed by Certbot
#    ssl_certificate /etc/letsencrypt/live/ipfs.dsla.network/fullchain.pem; # managed by Certbot
#    ssl_certificate_key /etc/letsencrypt/live/ipfs.dsla.network/privkey.pem; # managed by Certbot
#    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
#    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
#server {
#    if ($host =  ) {
#        return 301 https://host
#request_uri;
#    } # managed by Certbot


#        listen 80 ;
#        listen [::]:80 ;
#    server_name ;
#    return 404; # managed by Certbot

Test that new config syntax and make sure it is ok:

$ sudo nginx -t

If all good reload:

$ sudo systemctl reload nginx

The setup here does not include an SSL cert but should. If yu do install certbot and enable SSL, you can modify the server block to include it.

Now there are changes to IPFS here.
Run there commands to set up a public gateway.

$ ipfs config --json API.HTTPHeaders.Access-Control-Allow-Origin '["http://your_domain_name.com:5001", "http://localhost:3000", "http://127.0.0.1:5001", "https://webui.ipfs.io"]'
$ ipfs config --json API.HTTPHeaders.Access-Control-Allow-Methods '["PUT", "GET", "POST"]'
$ ipfs config Addresses.API /ip4/0.0.0.0/tcp/5001
$ ipfs config Addresses.Gateway /ip4/127.0.0.1/tcp/8080

Restart IPFS

$ sudo systemctl restart ipfs

Nginx fails to start when Centos/Plesk migrated to Azure

June 15, 2018 The Geek Decoder Leave a comment Azure, Nginx

There is a small issue where a Plesk/CentOS 7 system is migrated to Azure and nginx fails to start.
This is the error in the nginx log


# cat /var/log/nginx/error.log
2018/06/14 22:11:41 [emerg] 9341#0: bind() to 10.144.114.11:443 failed (99: Cannot assign requested address)

If so then to edit:


# /etc/sysctl.conf

And add:


# net.ipv4.ip_nonlocal_bind = 1

Then Run:


# sysctl -p /etc/sysctl.conf

start Nginx:


#service nginx start

Nginx Error bind() to [::]:80 failed (98: Address already in use)

September 11, 2015 The Geek Decoder Leave a comment Nginx

Site is being load balanced and you get this error is different locations:

It works!

This is the default web page for this server.

The web server software is running but no content has been added, yet.

This is using apache vs Nginx.

Restart nginx fails:

root@web2:/var/log/nginx# tail -f error.log
2015/09/11 01:00:13 [emerg] 5190#5190: bind() to [::]:80 failed (98: Address already in use)
2015/09/11 01:00:13 [emerg] 5190#5190: bind() to 0.0.0.0:80 failed (98: Address already in use)

Then it means nginx or some other process is already using port 80.

You can kill it using:


# sudo fuser -k 80/tcp

And then try restarting nginx again:


# service nginx start

502 Errors on Plesk

May 4, 2015 The Geek Decoder Leave a comment Nginx, Plesk

Getting 502 Errors on plesk

Try and disable nginx and re-configure your apache configuration to see if it will correct the errors nginx is showing.

To disable nginx, issue : 


# /usr/local/psa/admin/bin/nginxmng -d

To reconfigure your apache configuration issue : 


# /usr/local/psa/admin/bin/httpdmng --reconfigure-all