Bitnami Nginx for 1&1 Cloud Platform

Nginx is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server.

How to configure Nginx?

The default configuration file for Nginx is located at /opt/bitnami/nginx/conf/nginx.conf. Change the port using the listen directive:

listen 1234;

Nginx was compiled to include most popular extensions: compression options, Passenger module for Ruby applications and PageSpeed module.

How to create an SSL certificate?

You can create your own SSL certificate with the OpenSSL binary. A certificate request can then be sent to a certificate authority (CA) to get it signed into a certificate, or if you have your own certificate authority, you may sign it yourself, or you can use a self-signed certificate (because you just want a test certificate or because you are setting up your own CA).

NOTE: In the following steps, replace the APPNAME placeholder with the name of your application directory.
  • Generate a new private key:

     $ sudo openssl genrsa -out /opt/bitnami/apps/APPNAME/conf/certs/server.key 2048
    
  • Create a certificate:

     $ sudo openssl req -new -key /opt/bitnami/apps/APPNAME/conf/certs/server.key -out /opt/bitnami/apps/APPNAME/conf/certs/cert.csr
    
    IMPORTANT: Enter the server domain name when the above command asks for the "Common Name".
  • Send cert.csr to the certificate authority. When the certificate authority completes their checks (and probably received payment from you), they will hand over your new certificate to you.

  • Until the certificate is received, create a temporary self-signed certificate:

     $ sudo openssl x509 -in /opt/bitnami/apps/APPNAME/conf/certs/cert.csr -out /opt/bitnami/apps/APPNAME/conf/certs/server.crt -req -signkey /opt/bitnami/apps/APPNAME/conf/certs/server.key -days 365
    
  • Back up your private key in a safe location after generating a password-protected version as follows:

     $ sudo openssl rsa -des3 -in /opt/bitnami/apps/APPNAME/conf/certs/server.key -out privkey.pem
    

    Note that if you use this encrypted key in the configuration file, Nginx won't be able to start. Regenerate the key without password protection from this file as follows:

     $ sudo openssl rsa -in privkey.pem -out /opt/bitnami/apps/APPNAME/conf/certs/server.key
    

Find more information about certificates at http://www.openssl.org.

How to debug Nginx errors?

The Nginx log file is located at /opt/bitnami/nginx/log/error.log.

If you configured Nginx to use a privileged port (port number < 1024), check that the Nginx server is running as user daemon in the configuration file. This user should also have write privileges to the /opt/bitnami/nginx/log/ directory.

How to enable HTTPS support with SSL certificates?

TIP: If you wish to use a Let's Encrypt certificate, you will find specific instructions for enabling HTTPS support with Let's Encrypt SSL certificates in our Let's Encrypt guide.
NOTE: The steps below assume that you are using a custom domain name and that you have already configured the custom domain name to point to your cloud server.

Bitnami images come with SSL support already pre-configured and with a dummy certificate in place. Although this dummy certificate is fine for testing and development purposes, you will usually want to use a valid SSL certificate for production use. You can either generate this on your own (explained here) or you can purchase one from a commercial certificate authority.

Once you obtain the certificate and certificate key files, you will need to update your server to use them. Follow these steps to activate SSL support:

  • Use the table below to identify the correct locations for your certificate and configuration files.

    Variable Value
    Current application URL https://[custom-domain]/
      Example: https://my-domain.com/ or https://my-domain.com/appname
    Nginx configuration file /opt/bitnami/nginx/conf/bitnami/bitnami.conf
    Certificate file /opt/bitnami/nginx/conf/server.crt
    Certificate key file /opt/bitnami/nginx/conf/server.key
  • Copy your SSL certificate and certificate key file to the specified locations.

  • Once you have copied all the server certificate files, you may make them readable by the root user only with the following commands:

     $ sudo chown root:root /opt/bitnami/nginx/conf/server*
    
     $ sudo chmod 600 /opt/bitnami/nginx/conf/server*
    
  • Open port 443 in the server firewall. Refer to the FAQ for more information.

  • Restart the Nginx server.

     $ sudo /opt/bitnami/ctlscript.sh restart nginx
    

You should now be able to access your application using an HTTPS URL.

How to configure Nginx with Phusion Passenger to run Ruby on Rails applications?

To configure Nginx with Phusion Passenger, refer to this page.

How to force HTTPS redirection with Nginx?

Modify the /opt/bitnami/nginx/conf/bitnami/bitnami.conf file so that it looks like this:

server {
      listen 80;
      server_name localhost;
      return 301 https://$host$request_uri;
      include "/opt/bitnami/nginx/conf/bitnami/bitnami-apps-prefix.conf";
  }

After modifying the Nginx configuration file:

  • Open port 443 in the server firewall. Refer to the FAQ for more information.

  • Restart Nginx to apply the changes.

How to modify the allowed limit for uploaded files in the Nginx configuration?

The maximum size for uploaded files is set to 1MB by default in the Nginx configuration. You can add the following option at the end of this file /opt/bitnami/apps/APP_NAME/conf/nginx-app.conf to increase the allowed size for uploads. Replace the APP_NAME placeholder with the correct directory name.

client_max_body_size SIZE;
NOTE: Remember to replace the SIZE placeholder with the value you want to set. For example: client_max_body_size 8m;.
  • Restart PHP-FPM and Nginx for the changes to take effect.

    $ sudo /opt/bitnami/ctlscript.sh restart nginx
    $ sudo /opt/bitnami/ctlscript.sh restart php-fpm
    

How to install a Let's Encrypt certificate in your Web server?

To learn more about this topic, read our guide on generating and installing Let's Encrypt certificates for Bitnami applications.

How to start the Nginx server?

The Nginx server is located in the /opt/bitnami directory.

This server is disabled by default. To start it, rename the ctl.sh.disabled script:

$ cd /opt/bitnami
$ mv nginx/scripts/ctl.sh.disabled nginx/scripts/ctl.sh

By default, Nginx will be started on port 1234. Check http://SERVER-IP:1234 in your browser to see the Nginx welcome page.

How to create a password to protect access to an application?

To configure Nginx to request a username and password when accessing your application, follow these steps:

  • At the console, type the following commands. Remember to replace APPNAME, USERNAME and PASSWORD with your application name, desired username and desired password respectively.

      $ sudo apt-get update
      $ sudo apt-get install apache2-utils
      $ cd /opt/bitnami/APPNAME/conf/
      $ sudo htpasswd -cb users USERNAME PASSWORD
    
  • Edit the /opt/bitnami/apps/APPNAME/conf/nginx-app.conf file and update the default location block as shown below:

      location ~ \.php$ {
          fastcgi_split_path_info ^(.+\.php)(/.+)$;
          fastcgi_read_timeout 300;
          fastcgi_pass unix:/opt/bitnami/php/var/run/www.sock;
          fastcgi_index index.php;
          fastcgi_param SCRIPT_FILENAME $request_filename;
          include fastcgi_params;
          auth_basic "Restricted Area";
          auth_basic_user_file /opt/bitnami/APPNAME/conf/users;
      }
    
    NOTE: If you don't wish to protect the entire application, but only a sub-URL, create a new location block as shown above only for the sub-URL you wish to protect.
  • Restart the Nginx server:

     $ sudo /opt/bitnami/ctlscript.sh restart nginx
    

When accessing the application, you will see an authentication popup window. Enter the username and password defined in the first step:

To change the password later, run the htpasswd utility without the -c switch:

$ sudo htpasswd /opt/bitnami/users USERNAME
oneone

Bitnami Documentation