Nethence Newdoc Olddoc Lab Your IP BBDock  

setting up NGINX for reverse-proxying or anything


on Ubuntu,

    apt install nginx
    netstat -antupe --inet --inet6 | grep LISTEN | grep 80
service nginx status
#update-rc.d nginx defaults

    cp -pi /etc/nginx/sites-available/default /etc/nginx/sites-available/default.dist
    cp -pi /etc/nginx/nginx.conf /etc/nginx/nginx.conf.dist
    rm -f /var/www/html/index.nginx-debian.html
echo "<p>nothing here" > /var/www/html/index.html

on RHEL/CentOS, make sure the EPEL repo is available and proceed,

    yum install nginx
    netstat -antupe --inet --inet6 | grep LISTEN | grep 80
    service nginx start
    chkconfig nginx on

    cp -pi /etc/nginx/nginx.conf /etc/nginx/nginx.conf.dist
ls -alhF /usr/share/nginx/html/


define default index file and eventually enable directory listing nginx-wide into the http stanza,

index index.html;
autoindex on;

also define a compression log format into http,

    log_format compression '$remote_addr - $remote_user [$time_local] '
                           '"$request" $status $body_bytes_sent '
                           '"$http_referer" "$http_user_agent" "$gzip_ratio"';

and apply with service nginx restart


setup a vhost,

    cd /usr/local/nginx/conf.d/

server {
    root /data/www/$server_name;
        access_log logs/ compression;
        error_log  logs/ warn;

    location / {
        try_files $uri $uri/ =404;

note. cannot use $server_name for access_log and error_log unless it’s fine with you to change the log folder perms accordingly (www-data needs to write in it)


in the server stanza,

            location ^~ /private/ {
                    auth_basic "Restricted Area";
                    auth_basic_user_file htpasswd;

then create or edit password file,

cd /usr/local/nginx/conf/
#apt install apache2-utils
#yum install httpd-?
htpasswd -c htpasswd NEWUSER
#DO NOT chmod 600 htpasswd as the www-data user reads it

if files exists already,

htpasswd htpasswd NEWUSER

and reload the service,

/usr/local/nginx/sbin/nginx -s reload


setup an http reverse proxy,

cd /etc/nginx/conf.d/

server {
 listen 80;

 location / {
   proxy_set_header X-Real-IP $remote_addr;


service nginx restart


Install and run the FastCGI helper,

apt-get install fcgiwrap
systemctl status fcgiwrap.socket
#systemctl status fcgiwrap.service
ls -lhF /var/run/fcgiwrap.socket

Make sure NGINX is ready for that,

ls -lhF /usr/local/nginx/conf/fastcgi_params
ls -lhF /usr/local/nginx/conf/fastcgi.conf

Make sure your script is executable,

chmod +x /data/www/vhost/index.cgi

and setup those parms into the vhost server stanza e.g.,

vi /usr/local/nginx/conf.d/vhost.conf

    index index.cgi;

#root already defined

location ~ (\.cgi|\.py|\.sh|\.pl|\.lua)$ {
    gzip off;
    fastcgi_pass unix:/var/run/fcgiwrap.socket;
    include fastcgi_params;
    fastcgi_param DOCUMENT_ROOT /data/www/$server_name;
    fastcgi_param SCRIPT_FILENAME /data/www/$server_name$fastcgi_script_name;

/usr/local/nginx/sbin/nginx -s reload

Note. include fastcgi_params points to conf/fastcgi_params already

fancy directory index headers & footers

make sure you got the build essential packages, PCRE, zlib and openssl libs,

apt install build-essential libpcre3-dev zlib1g-dev libssl-dev

fetch latest NGINX source and proceed with custom compilation,

git clone
tar xzf nginx-1.13.0.tar.gz
cd nginx-1.13.0/
./configure --with-http_addition_module --with-http_ssl_module --add-module=../ngx-fancyindex

and install the compiled package,

#make install
apt install checkinstall

then setup the thing with fancy headers & footers into the http or server context,

cd ~/
ln -s /usr/local/nginx

cd ~/nginx/html/
rm -f index.html 50x.html
echo '<p>header' > header.html
echo '<p>footer' > footer.html
touch file

cd ~/nginx/conf/
vi nginx.conf

#ls -lhF ~/nginx/modules/
#(main context) -- using static module, no need
#load_module modules/;

#root already defined

autoindex on;

location / {
    try_files $uri $uri/ =404;
    fancyindex on; # Enable fancy indexes.
    fancyindex_exact_size off; # Output human-readable file sizes.
    fancyindex_header /header.html;
    fancyindex_footer /footer.html;
    fancyindex_ignore favicon.ico robots.txt header.html footer.html css;
    fancyindex_localtime off;

move your configs to the right place (do NOT use existing /etc/nginx/conf.d/ as dpkg –purge might remove those),

mkdir /usr/local/nginx/etc/conf.d/
mv /etc/nginx/conf.d/* /usr/local/nginx/etc/conf.d/
vi /usr/local/nginx/etc/conf/nginx.conf

user www-data;
worker_processes  auto;

events {
    worker_connections  1024;

http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;
    keepalive_timeout  65;

    server {
        listen  80;
        listen  [::]:80;
        server_name _;
        return 301;

    include /usr/local/nginx/etc/conf.d/*.conf;

make sure the system vendor NGINX is NOT currently in use,

dpkg -l | grep nginx
ps aux | grep nginx
netstat -antupe --inet --inet6 | grep nginx

and finally run the thing,

cd ~/
/usr/local/nginx/sbin/nginx -V
ls -lhF /usr/local/nginx/logs/

enable it at boot time and on Ubuntu 16+, make sure the System D service for rc-local is enabled at boot time and don’t forget to make the script executable,

vi /etc/rc.local


echo -n starting custom nginx...
/usr/local/nginx/sbin/nginx && echo done
#/usr/local/nginx/sbin/nginx -s reload

systemctl status rc-local.service
chmod +x /etc/rc.local

eventually get rid of the distro package (be careful with purge, assuming /etc/nginx/ is cleaned-up!),

apt purge nginx
apt autoremove
dpkg -l | grep ^rc
dpkg --purge ...

note. to run as Docker container on foreground,

nginx -g 'daemon off;'


cache control

Into the http stanza and before the Virtual Host Configs server stanzas,

vi nginx.conf

# Expires map
map $sent_http_content_type $expires {
    default                    off;
    text/html                  epoch;
    text/css                   max;
    application/javascript     max;
    ~image/                    max;



Home | GitHub | Donate | Feedback