Nginx is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server.
How to configure Nginx?
The default configuration file for Nginx is located at /opt/bitnami/nginx/conf/nginx.conf. Change the port using the listen directive:
Nginx was compiled to include most popular extensions: compression options, Passenger module for Ruby applications and PageSpeed module.
How to create an SSL certificate?
You can create your own SSL certificate with the OpenSSL binary. A certificate request can then be sent to a certificate authority (CA) to get it signed into a certificate, or if you have your own certificate authority, you may sign it yourself, or you can use a self-signed certificate (because you just want a test certificate or because you are setting up your own CA).
|NOTE: In the following steps, replace the APPNAME placeholder with the name of your application directory.|
Generate a new private key:
$ sudo openssl genrsa -out /opt/bitnami/apps/APPNAME/conf/certs/server.key 2048
Create a certificate:
$ sudo openssl req -new -key /opt/bitnami/apps/APPNAME/conf/certs/server.key -out /opt/bitnami/apps/APPNAME/conf/certs/cert.csr
IMPORTANT: Enter the server domain name when the above command asks for the "Common Name".
Send cert.csr to the certificate authority. When the certificate authority completes their checks (and probably received payment from you), they will hand over your new certificate to you.
Until the certificate is received, create a temporary self-signed certificate:
$ sudo openssl x509 -in /opt/bitnami/apps/APPNAME/conf/certs/cert.csr -out /opt/bitnami/apps/APPNAME/conf/certs/server.crt -req -signkey /opt/bitnami/apps/APPNAME/conf/certs/server.key -days 365
Back up your private key in a safe location after generating a password-protected version as follows:
$ sudo openssl rsa -des3 -in /opt/bitnami/apps/APPNAME/conf/certs/server.key -out privkey.pem
Note that if you use this encrypted key in the configuration file, Nginx won't be able to start. Regenerate the key without password protection from this file as follows:
$ sudo openssl rsa -in privkey.pem -out /opt/bitnami/apps/APPNAME/conf/certs/server.key
Find more information about certificates at http://www.openssl.org.
How to debug Nginx errors?
The Nginx log file is located at /opt/bitnami/nginx/log/error.log.
If you configured Nginx to use a privileged port (port number < 1024), check that the Nginx server is running as user daemon in the configuration file. This user should also have write privileges to the /opt/bitnami/nginx/log/ directory.
How to enable HTTPS support with SSL certificates?
|NOTE: The steps below assume that you are using a custom domain name and that you have already configured the custom domain name to point to your cloud server. In the following steps, replace the APPNAME placeholder with the name of your application directory.|
Bitnami images come with SSL support already pre-configured and with a dummy certificate in place. Although this dummy certificate is fine for testing and development purposes, you will usually want to use a valid SSL certificate for production use. You can either generate this on your own (explained here) or you can purchase one from a commercial certificate authority.
Once you obtain the certificate and certificate key files, you will need to update your server to use them. Follow these steps to activate SSL support:
Use the table below to identify the correct locations for your certificate and configuration files.
Variable Value Current application URL https://[custom-domain]/ Example: https://my-domain.com/ or https://my-domain.com/appname Nginx configuration file /opt/bitnami/apps/APPNAME/conf/APPNAME.conf Certificate file /opt/bitnami/apps/APPNAME/conf/certs/server.crt Certificate key file /opt/bitnami/apps/APPNAME/conf/certs/server.key
Copy your SSL certificate and certificate key file to the specified locations.
Once you have copied all the server certificate files, you may make them readable by the root user only with the following commands:
$ sudo chown root:root /opt/bitnami/apps/APPNAME/conf/certs/server* $ sudo chmod 600 /opt/bitnami/apps/APPNAME/conf/certs/server*
Open port 443 in the server firewall. Refer to the FAQ for more information.
Restart the Nginx server.
$ sudo /opt/bitnami/ctlscript.sh restart nginx
You should now be able to access your application using an HTTPS URL.
How to configure Nginx with Phusion Passenger to run Ruby on Rails applications?
To configure Nginx with Phusion Passenger, refer to this page.
How to modify the allowed limit for uploaded files in the Nginx configuration?
The maximum size for uploaded files is set to 1MB by default in the Nginx configuration. You can add the following option at the end of this file /opt/bitnami/apps/APP_NAME/conf/nginx-app.conf to increase the allowed size for uploads. Replace the APP_NAME placeholder with the correct directory name.
|NOTE: Remember to replace the SIZE placeholder with the value you want to set. For example: client_max_body_size 8m;.|
Restart PHP-FPM and Nginx for the changes to take effect.
$ sudo /opt/bitnami/ctlscript.sh restart nginx $ sudo /opt/bitnami/ctlscript.sh restart php-fpm
How to install a Let's Encrypt certificate in your Web server?
To learn more about this topic, read our guide on generating and installing Let's Encrypt certificates for Bitnami applications.
How to start the Nginx server?
The Nginx server is located in the /opt/bitnami directory.
This server is disabled by default. To start it, rename the ctl.sh.disabled script:
$ cd /opt/bitnami $ mv nginx/scripts/ctl.sh.disabled nginx/scripts/ctl.sh
By default, Nginx will be started on port 1234. Check http://SERVER-IP:1234 in your browser to see the Nginx welcome page.