Archiwum

Posty oznaczone ‘Nginx’

Nginx – rewrite HTTP to HTTPS

Kwiecień 5th, 2011 Brak komentarzy

Just short code snippet:

rewrite ^(.*) https://my.domain.eu$1 permanent;
Tagi:,

Nginx + WordPress + SSL

Kwiecień 5th, 2011 Brak komentarzy

Nginx configuration for reference

http {  
 
    [...]
 
    client_max_body_size 10m;
 
    set_real_ip_from  10.10.10.3;
    real_ip_header    X-Real-IP;
 
    [...]
 
    server {
        listen       443;
        server_name  my.domain.eu;
        gzip on;
        ssl on;
        ssl_certificate /etc/priv/ssl/my.domain.eu.crt;
        ssl_certificate_key /etc/priv/ssl/my.domain.eu.key;
        ssl_ciphers HIGH:!ADH:!MD5;
        ssl_prefer_server_ciphers on;
        ssl_protocols SSLv3 TLSv1;
        ssl_session_cache shared:SSL:10m;
        ssl_session_timeout 5m;
 
        location / {
          root   /var/www/wp;
          index  index.php;
        }
 
        if (-f $request_filename) {
          break;
        }
 
        if (-d $request_filename) {
          break;
        }
 
        error_page  404  = /index.php?q=$uri;
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/local/www/nginx-dist;
        }
 
        location ~ \.php$ {
            include fastcgi_params;
            fastcgi_pass  unix:/var/run/nginx/fcgi.socket;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME /var/www/wp/$fastcgi_script_name;
            fastcgi_param REMOTE_ADDR $http_x_real_ip;
            }
        }
    }
 
    server {
        listen       80;
        server_name  my.domain.eu;
        gzip on;
 
        [...]
 
    }
}

WordPress variables defined in wp-includes.php

define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);
Tagi:, ,

HTTP compression test

Grudzień 7th, 2010 Brak komentarzy

To check if your Nginx server has properly configured compression just execute command:

$ curl -s -I --compressed  http://my.web.site | grep Content-Encoding

Empty result means that it doesn’t support compression.
Proper results should look like this:

Content-Encoding: gzip
Tagi:, ,

Zen Photo and Nginx – rewrite rules

Grudzień 3rd, 2010 Brak komentarzy

If you are using Zen Photo and searching for Nginx rewrite rules then just jump directly to http://wiki.nginx.org/ZenPhoto.

Tagi:,

Nginx and Gandi SSL certificate

Grudzień 1st, 2010 Brak komentarzy

Getting SSL certificate from Gandi is quite straightforward task. Just remember to combine two downloaded certificates into one domain.crt file.

Nginx configuration makes all browsers happy.

ssl on;
ssl_certificate     /etc/ssl/domain.crt;
ssl_certificate_key /etc/ssl/domain.key;
 
ssl_protocols       SSLv3 TLSv1;
ssl_ciphers         HIGH:!ADH:!MD5;
ssl_prefer_server_ciphers on;

To check that certificate is installed correctly just go to Qualys SSL Labs site and perform their test.

You will get visual interpretation and quite detailed results.

Tagi:,

Nginx proxy and real IP address

Grudzień 1st, 2010 Brak komentarzy

On Nginx proxy add these definitions to pass client and proxy IP addresses:

proxy_set_header  X-Real-IP  $remote_addr;
proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;

On second Nginx server you just need to add two lines:

set_real_ip_from   10.0.0.1; # proxy address
real_ip_header     X-Real-IP;

Where X-Real-IP, X-Forwarded-For contains client IP address and Host contains proxy IP address.

Tagi:,