nginx snippets

Awstats LogFormat configuration for nginx LogFormat

Tagged awstats, nginx, logformat, configuration  Languages 

This is my nginx LogFormat configuration:

log_format main '$remote_addr - $remote_user [$time_local] $status '
                    '"$request" $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "http_x_forwarded_for"';

And this is my Awstats LogFormat configuration:

LogFormat = "%host - %host_r %time1 %code %methodurl %bytesd %refererquot %uaquot %otherquot"

Fixing how nginx sends request URI to the backend server.

Tagged nginx, uri unescape fix  Languages bash

I needed to send an URI through Nginx to the backend servers (Mongrel) intact. However Nginx was constantly unescaping the URI, and removed slashes in the process. That resulted in an invalid URL at the backend server. The fix was simple, but extremely hard to find. Just remove the trailing slash from the proxy_pass directive, like below.

Invalid URI is sent to the backend server with this configuration of Nginx.

proxy_pass         http://backend1:3000/;

Valid, untampered URI is sent with this configuration of Nginx.

proxy_pass         http://backend1:3000;

Logging nginx to remote loghost with syslog-ng.

Tagged nginx, loghost, remote logging, syslog-ng  Languages bash

Nginx does not support syslog by default, so you have to patch it with a third party module. This snippet relies on that you have configured xstow. See this snippet for instructions on xstow configuration.

cd /tmp
wget http://sysoev.ru/nginx/nginx-0.6.32.tar.gz
tar zxvf nginx-0.6.32.tar.gz
mv nginx-0.6.32 src-0.6.32-orig
wget "http://wiki.codemongers.com/NginxModules?action=AttachFile&do=get&target=syslog.patch" -O syslog.patch
patch -p0 < syslog.patch
cd src-0.6.32-orig
./configure --prefix=/usr/local/stow/nginx --with-syslog
make
sudo make install
cd /usr/local/stow
sudo xstow nginx

I-am-a-noob-at-syslog-disclaimer: This might be a totally wrong way to configure the server and client(s), so it is subject for refinement. In my experience it works though.

Configuring the client. Add the following lines to the end of /etc/syslog-ng/syslog-ng.conf and restart syslog-ng with /etc/init.d/syslog-ng restart. Nginx logs in facility local5 and the hostname of the loghost is "loghost". You could just as well use the IP of the loghost.

filter f_local5 { facility(local5); };
destination d_loghost {tcp("loghost" port(514));};
log { source(s_all); filter(f_local5); destination(d_loghost); };

Configuring the server. Add the following lines to the end of /etc/syslog-ng/syslog-ng.conf and restart syslog-ng with /etc/init.d/syslog-ng restart. Also if you run a cluster of nginx servers it might be wise to put all the output in one file, instead of separate files per host.

source s_remote { tcp(); };
destination d_clients { file("/var/log/HOSTS/nginx.$HOST"); };
log { source(s_remote); destination(d_clients); };

Test the logging by running this from the client.

logger -p local5.info Hubbabubba

nginx, fastcgi and wordpress

Tagged nginx, fastcgi and wordpress  Languages bash

Some pitfalls I ran into.

CSS is served up as text/html by fastcgi to nginx. Determine this by turning on "Net" in Firebug. Firefox in it's standard compliance isn't able to view the style sheet and therefore any images that may be defined in it. Solution; Serve up static stuff as static stuff through nginx:

server {
        # ... abbreviated
            location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|mov)$ {
                    root /home/wordpress/wordpress;
            }
        # ... abbreviated
    }

You receive the error "The plain HTTP request was sent to HTTPS port". Solution: Turn on HTTPS in fastcgi by sending the follwing parameter to it in nginx.conf.

server {
        # ... abbreviated
            location / {
                    # ... abbreviated
                    fastcgi_param HTTPS on;
                    # ... abbreviated
            }
        # ... abbreviated
    }

You get the FTP dialogue when trying to upload a new theme. Solution: Check that the process which runs fastcgi has write privileges into the wordpress folder.

How to install Nginx from source, Ruby Enterprise Edition, and Phusion Passenger

Tagged nginx, install, passenger, ree  Languages bash

Ruby Enterprise Edition:

cd /usr/local/src
wget thttp://rubyforge.org/frs/download.php/66162/ruby-enterprise-1.8.7-2009.10.tar.gz
tar zxvf ruby-enterprise-1.8.7-2009.10.tar.gz
./ruby-enterprise-1.8.7-2009.10/installer

ln -fs /opt/ruby-enterprise-1.8.7-2009.10 /opt/ruby-enterprise/

Nginx:

wget -P http://sysoev.ru/nginx/nginx-0.7.63.tar.gz
tar -xzf nginx-0.7.63.tar.gz

Phusion Passenger:

gem install passenger
/opt/ruby-enterprise/bin/passenger-install-nginx-module --auto --nginx-source-dir=/tmp/nginx-0.7.63 --prefix=/opt/nginx --extra-configure-flags=--with-http_ssl_module

How to prevent hotlinking of images with nginx

Tagged hotlink, prevent, nginx, valid_referers  Languages 
# Alternative 1: location ~* (\.jpg|\.png|\.css|\.gif)$ {
# Alternative 2:
location /images/ {
    root /var/www/xxx/current/public;
    valid_referers none blocked xxx.com www.xxx.com;
    if ($invalid_referer) {
        return 444; # or 403 Forbidden
    }
}

Nginx start script for Debian

Tagged debian, nginx, startup  Languages bash
#! /bin/sh

### BEGIN INIT INFO
# Provides:          nginx
# Required-Start:    $all
# Required-Stop:     $all
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: starts the nginx web server
# Description:       starts nginx using start-stop-daemon
### END INIT INFO

PATH=/opt/nginx/sbin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/opt/nginx/sbin/nginx
NAME=nginx
DESC=nginx
PID=/var/run/nginx.pid

test -x $DAEMON || exit 0

# Include nginx defaults if available
if [ -f /etc/default/nginx ] ; then
        . /etc/default/nginx
fi

set -e

case "$1" in
  start)
        echo -n "Starting $DESC: "
        start-stop-daemon --start --quiet --pidfile $PID \
                --exec $DAEMON -- $DAEMON_OPTS
        echo "$NAME."
        ;;
  stop)
        echo -n "Stopping $DESC: "
        start-stop-daemon --stop --quiet --pidfile $PID \
                --exec $DAEMON
        echo "$NAME."
        ;;
  restart|force-reload)
        echo -n "Restarting $DESC: "
        start-stop-daemon --stop --quiet --pidfile \
                $PID --exec $DAEMON
        sleep 1
        start-stop-daemon --start --quiet --pidfile \
                $PID --exec $DAEMON -- $DAEMON_OPTS
        echo "$NAME."
        ;;
  reload)
          echo -n "Reloading $DESC configuration: "
          start-stop-daemon --stop --signal HUP --quiet --pidfile     $PID \
              --exec $DAEMON
          echo "$NAME."
          ;;
      *)
            N=/etc/init.d/$NAME
            echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
            exit 1
            ;;
esac

exit 0

How to fix "PEM_read_bio:no start line error" nginx error

Tagged nginx, https, ssl  Languages bash

If nginx/OpenSSL gives you this error:

[emerg]: SSL_CTX_use_PrivateKey_file("/etc/ssl/cert.pem") failed (SSL:
error:0906D06C:PEM routines:PEM_read_bio:no start line error:140B0009:SSL
routines:SSL_CTX_use_PrivateKey_file:PEM lib)
configuration file /etc/nginx/nginx.conf test failed

It probably means your private key needs to be added to the certificate file (/etc/ssl/cert.pem). The file will then contain the following:

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

Remember to test your configuration and verify that nginx can read your certificate before restarting the server:

sudo /usr/sbin/nginx -c /etc/nginx/nginx.conf -t
the configuration file /etc/nginx/nginx.conf syntax is ok
configuration file /etc/nginx/nginx.conf test is successful

If nginx asks you for a PEM password (Enter PEM pass phrase), strip out the password from the private key:

openssl rsa -in jebus.key -out jebus-stripped.key