Tech:Nginx

From Meta
Jump to navigation Jump to search

NGINX is a high performance web server which Miraheze uses for all of our services that use HTTP.

Adding a new site[edit | edit source]

Adding a new site to NGINX is relatively easy but also depends on what you want to do.

New Site[edit | edit source]

To add a new site you add a .conf file in /etc/nginx/sites-available/<name>.conf and then symlink /etc/nginx/sites-enabled/<name>.conf to /etc/nginx/sites-available/<name>.conf

With the contents:

(This redirects from domain a to domain b)

server {
	listen 80;
	listen [::]:80;
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	server_name <site_name>;
	root <path>;

	ssl_certificate <cert>;
	ssl_certificate_key <cert>;

	ssl_trusted_certificate /etc/ssl/certs/GlobalSign.crt; # path to trusted certificate

	add_header Strict-Transport-Security "max-age=2419200";

	location / {
		rewrite ^(.*)$ https://<domain>$1;
	}
}

Debugging[edit | edit source]

Debugging NGINX can be configured in multiple ways.

Syntax Checking[edit | edit source]

To check nginx syntax you run:

nginx -t

Which tells you if the syntax passes.

Access Logs[edit | edit source]

The access logs are useful to tell you either if someone is causing huge traffic to the site or which url is failing.

You can view the access log at:

/var/log/nginx/access.log

Error Log[edit | edit source]

The error log is located at by default:

/var/log/nginx/error.log

You can configure the error log to include debugging information by doing:

error_log /var/log/nginx/error.log debug;

Finding out resource abuse[edit | edit source]

You can do the following:

cat access.log | awk '{print $1}' | sort | uniq -c | sort -nr |head -3

Which will print the most frequent ip and how many times it's listed. This will give you an indicator if someone is abusing the resources (You should check the User Agent too).

You can also cat the access log (or varnish log) to see if there's a pattern (e.g a specific url showing up more then once, or user agent).

See Also[edit | edit source]