Building Web Server
Getting Ready[edit | edit source]
useradd -r -U nginx useradd webmaster usermod -G webmaster nginx
yum -y install gcc libxslt-devel gd-devel GeoIP-devel subversion git multitail
Installing Nginx[edit | edit source]
The below will walk you threw installing Nginx from Subversion on a Fedora system. With minor modification, the below instructions should also work for other flavors of Linux/Unix.
I always build source files in /var/src, you may choose a different location if you wish.
cd /var/src svn checkout svn://svn.nginx.org/nginx/trunk nginx cd nginx/ ln auto/configure configure
Next you need to configure Nginx for your setup. The below is a pretty generic/basic setup with the gzip_static module, SSL module & the stub_status module.
./configure --user=nginx --group=nginx --prefix=/usr/local --conf-path=/etc/nginx/nginx.conf \ --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid \ --with-http_gzip_static_module --with-http_ssl_module --with-http_stub_status_module
Now make and install it.
make && make install
After you have installed Nginx, you need to start it. To do this on Fedora, create the Nginx INIT script into /etc/init.d named as nginx.
chmod 755 /etc/init.d/nginx chkconfig --add nginx chkconfig nginx on adduser nginx groups nginx service nginx start
Firewall (IPTables)[edit | edit source]
To open normal web traffic for all network cards add the below to /etc/sysconfig/iptables:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
Or to restrict connections to a single network card and IP address, add:
-A INPUT -m state --state NEW -m udp -p udp -i eth1 -s 10.176.228.120 --dport 80 -j ACCEPT
Once done, restart iptables
service iptables restart
Log Rotation[edit | edit source]
/etc/logrotate.d/nginx:
/var/log/nginx/*log {
weekly
rotate 104
dateext
missingok
notifempty
olddir /var/log/nginx/archive
compress
sharedscripts
postrotate
/etc/init.d/nginx reopen_logs
endscript
}