Building Web Server

From MattWiki
Jump to: navigation, search

Getting Ready

useradd -r -U nginx
useradd webmaster
usermod -G webmaster nginx
yum -y install gcc libxslt-devel gd-devel GeoIP-devel subversion git multitail

Installing Nginx

The below will walk you threw installing Nginx from Subversion on a Fedora system. With minor modification, the below instructions should also work for other flavors of Linux/Unix.

I always build source files in /var/src, you may choose a different location if you wish.

cd /var/src
svn checkout svn://svn.nginx.org/nginx/trunk nginx
cd nginx/
ln auto/configure configure

Next you need to configure Nginx for your setup. The below is a pretty generic/basic setup with the gzip_static module, SSL module & the stub_status module.

./configure --user=nginx --group=nginx --prefix=/usr/local --conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid \
--with-http_gzip_static_module --with-http_ssl_module --with-http_stub_status_module

Now make and install it.

make && make install

After you have installed Nginx, you need to start it. To do this on Fedora, create the Nginx INIT script into /etc/init.d named as nginx.

chmod 755 /etc/init.d/nginx
chkconfig --add nginx
chkconfig nginx on
adduser nginx
groups nginx
service nginx start

Firewall (IPTables)

To open normal web traffic for all network cards add the below to /etc/sysconfig/iptables:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

Or to restrict connections to a single network card and IP address, add:

-A INPUT -m state --state NEW -m udp -p udp -i eth1 -s 10.176.228.120 --dport 80 -j ACCEPT

Once done, restart iptables

service iptables restart

Log Rotation

/etc/logrotate.d/nginx:

/var/log/nginx/*log {
    weekly
    rotate 104
    dateext
    missingok
    notifempty
    olddir /var/log/nginx/archive
    compress
    sharedscripts
    postrotate
        /etc/init.d/nginx reopen_logs
    endscript
}