Ce déploiment est expérimenté sur un serveur Linux Debian 10
sudo apt-get -y update
sudo apt-get -y install nginx
sudo chown -R mcalves:mcalves /etc/nginx/
sudo chown -R mcalves:mcalves /var/log/nginx
mkdir $HOME/nginx/ && touch $HOME/nginx/nginx.pid
vim /etc/nginx/nginx.conf
worker_processes auto;
pid /home/mcalves/nginx/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
error_log /var/log/nginx/error.log;
worker_rlimit_nofile 8192;
events {
worker_connections 4096;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
proxy_read_timeout 600s;
proxy_http_version 1.1;
proxy_buffering off;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# allow large uploads of files
client_max_body_size 1G;
##
# Reverse Proxy
##
server {
listen 8080;
server_name repo.example.com;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8081/;
}
}
server {
listen 8080;
server_name gitlab.example.com;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:9080/;
}
}
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
Dans cet exemple on retrouve des redirections vers des services comme Gitlab ou Nexus. A modifier pour votre service.
vim /etc/nginx/sites-available/default
server {
listen 8080 default_server;
listen[::]:8080 default_server;
...
}
sudo vim /etc/logrotate.d/nginx
{
...
create 0640 mcalves mcalves
...
}
sudo echo "mcalves ALL=(ALL) NOPASSWD:/usr/sbin/nginx" > /etc/sudoers.d/mcalves
sudo cp /lib/systemd/system/nginx.service /etc/systemd/system
sudo vim /lib/systemd/system/nginx.service
[Unit]
Description=A high performance web server and a reverse proxy server
Documentation=man:nginx(8)
After=network.target nss-lookup.target
[Service]
Type=forking
PIDFile=/home/mcalves/nginx/nginx.pid
ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload
ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /home/mcalves/nginx/nginx.pid
TimeoutStopSec=5
KillMode=mixed
User=mcalves
Group=mcalves
[Install]
WantedBy=multi-user.target
sudo systemctl enable nginx
sudo systemctl start nginx
sudo systemctl status nginx
ps aux |grep nginx
mcalves@ats-linux-03:~/gitlab$ ps aux | grep nginx
mcalves 837 0.0 0.0 10392 852 ? Ss 10:45 0:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
mcalves 838 0.0 0.0 12168 3228 ? S 10:45 0:00 nginx: worker process
mcalves 839 0.0 0.0 12168 3228 ? S 10:45 0:00 nginx: worker process
mcalves 840 0.0 0.0 12168 3228 ? S 10:45 0:00 nginx: worker process