NGINX
Installation:
We can useĀ aptĀ to install the web server.
NOTE: make sure you donāt have anything running on the portĀ 80, to avoid restarting the server after the installation.
sudo apt update
sudo apt install nginx
Shell
If you have a firewall, you should set your rules after this step.
Check the server status:
To check the status we can just run:
systemctl status nginx
Shell
It should return something like this:
$ systemctl status nginx
ā nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2021-04-26 22:14:56 UTC; 1min 18s ago
Docs: man:nginx(8)
Process: 28780 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS
Process: 28781 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 28782 (nginx)
Tasks: 3 (limit: 4665)
Memory: 3.6M
CGroup: /system.slice/nginx.service
āā28782 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
āā28783 nginx: worker process
āā28784 nginx: worker process
Apr 26 22:14:56 burninstone-new systemd[1]: Starting A high performance web server and a reverse proxy server...
Apr 26 22:14:56 burninstone-new systemd[1]: Started A high performance web server and a reverse proxy server.
Shell
If the server isĀ activeĀ (running), everything is correct. You can check it in any browser using the urlĀ http://your-ip
Useful commands:
Stop the web server
sudo systemctl stop nginx
Shell
Start the web server:
sudo systemctl start nginx
Shell
Restart the web server:
sudo systemctl restart nginx
Shell
Check if your configuration file syntax is valid:
sudo nginx -t
Shell
Reload the web server (after making changes on your config file:
sudo systemctl reload nginx
Shell
Create an index.html
Create the folder:
sudo mkdir -p /var/www/your_domain/html
Shell
Set the owner:
sudo chown -R $USER:$USER /var/www/your_domain/html
Shell
Set the permissions:
sudo chmod -R 755 /var/www/your_domain
Shell
Create the index file:
sudo vim /var/www/your_domain/html/index.html
Plain Text
Code the index.html:
NOTE: to paste onĀ vim pressĀ insert.
<html>
<head>
<title>Hanchon test</title>
</head>
<body>
<h1>Testing NGINX on Ubuntu</h1>
</body>
</html>
HTML
.../html/index.html
Configure your domain
NOTE: In every step change theĀ your_domainĀ value.
Letās start creating a new file with the configuration for our domain.
sudo vim /etc/nginx/sites-available/your_domain
Shell
After creating the domain, letās serve a webpage with this configuration:
server {
listen 80;
listen [::]:80;
root /var/www/your_domain/html;
index index.html;
server_name your_domain www.your_domain;
location / {
try_files $uri $uri/ =404;
}
}
Plain Text
/etc/nginx/sites-available/your_domain
Create a symbolic link to theĀ sites-enabledĀ folder, soĀ NGINXĀ knows that we want to use this configuration.
sudo ln -s /etc/nginx/sites-available/your_domain /etc/nginx/sites-enabled/
Shell
Check the configuration syntax and if everything is ok, restartĀ NGINX:
sudo nginx -t
sudo systemctl restart nginx
Shell
NOTE: if you are using Angular builds, add this line to avoid having errors when refreshing the page.
location / {
root /var/www/ethics_demo/html;
try_files $uri $uri/ /index.html;
index index.html;
}
Plain Text
/etc/nginx/sites-available/your_domain
Use NGINX as a proxy
We can configure our webserver to redirect the request to another endpoint, for example an application running locally in our server:
server {
listen 80;
listen [::]:80;
server_name your_domain www.your_domain;
location /api/ {
proxy_pass http://127.0.0.1:7000/;
include proxy_params;
}
}
Plain Text
NOTE: If you are usingĀ FastAPIĀ as your API, like it was explained in the FastAPI guides, you may must to add yourĀ root_pathĀ to theĀ FastAPIĀ constructor:Ā app = FastAPI(root_path='/api').
Certificates
We are going to useĀ certbotĀ to create, install and renew free certificates (Letās Encrypt).
Install Certbot:
We are going to installĀ certbotĀ usingĀ snap:
Letās install snap if needed:
sudo apt install snapd;
Shell
Letās installĀ core:
sudo snap install core;
Shell
Note: if you are having problems, you should close theĀ terminalĀ and reopen it, so theĀ snapĀ paths are added to yourĀ terminal.
InstallĀ certbot:
sudo snap install --classic certbot;
Shell
Make a link to /usr/binĀ to use it:
sudo ln -s /snap/bin/certbot /usr/bin/certbot
Shell
Certbot usage:
Create and install the certificate:
sudo certbot --nginx -d your_domain
Shell
NOTE: if you want to create certificates for all your domains, you can ignore theĀ -dĀ param.
Auto-update certificates:
Certbot already updates your certificates before they expire.
You can test the renew process using this command
sudo certbot renew --dry-run
Shell
Test your webpage:
The last step is to test if everything is working as intended:
Enter toĀ https://your_domainĀ and it should work.
Enter toĀ http://your_domainĀ and you should be redirected toĀ https://your_domain.
Proxy pass with .sock file:
To use a Uvicorn API with a .sock file, we need to add this to the domain:
# At the begging of the file add this function
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream uvicorn {
server unix:/tmp/socket.sock;
}
# Inside the server configuration
location /api/ {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Connection $connection_upgrade;
proxy_pass http://uvicorn/;
}
Plain Text
Some changes needs to be made in your app to make it work with sockets:
import os
ENV = os.getenv('ENV', 'DEV')
if __name__ == '__main__':
if ENV == 'DEV':
uvicorn.run(app, port=7000)
else:
uvicorn.run(app, root_path="/api", uds='/tmp/socket.sock')
Python
Support websockets:
Add these changes to the location /api/ configuration:
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
HTML