.htaccess + nginx.conf

views2548
Difficulty:

Apache and nginx web servers allow you to simply configure the basic parameters of your work. Let's start with Apache.

.htaccess and the Apache2 config

The main configuration file is apache2.conf, which in Ubuntu is stored in the /etc/apache2/ folder.

Example of settings inside the apache2.conf file:

KeepAlive On #enabling the use of a permanent connection between the server and the client
MaxKeepAliveRequests 100 #maximum number of requests within a single connection
KeepAliveTimeout 30 #how many seconds after the last request the server keeps the connection
Protocols h2 h2c http/1.1 #HTTP protocol versions for which the web server accepts requests
AccessFileName .htaccess #the name of the file that allows you to make additional settings
Listen *:80 #listening to port 80 by default
<IfModule ssl_module> #if the ssl module is enabled, then we listen to port 443
   Listen *:443
</IfModule>

It is better to make individual settings for each site already in specific folders inside /etc/apache2/sites-available/site-folder/domain-name.conf.

It is important not to forget to set access rights to folders and files inside the directory with the site. Folders - 755, files - 644.

An example of such a file:

#the first block will redirect to the https version of the site using the settings in the file.htaccess
<VirtualHost *:80> #the port number to which the settings below apply, 80 port = http
ServerName site.ru #domain name
DocumentRoot /var/www/site.ru/html #link to the folder where the site is stored
<Directory /var/www/site.ru/html> #access settings to the folder where the site is stored
          Options Indexes FollowSymLinks MultiViews
          AllowOverride All
          Order allow,deny
          allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log #link to the error log file
</VirtualHost>

<VirtualHost *:443> #the port number to which the settings below apply, 443 port = https
ServerName site.ru
ServerAdmin admin@site.ru #admin email
SSLEngine on #enabling the use of an ssl certificate
SSLCertificateFile "/root/site.crt" #path to the certificate file
SSLCertificateKeyFile "/root/site.key" #path to the file with the certificate key
DocumentRoot /var/www/site.ru/html
<Directory /var/www/site.ru/html>
          Options Indexes FollowSymLinks MultiViews
          AllowOverride All
          Order allow,deny
          allow from all
   </Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
</VirtualHost>

And the most recent configuration file by level (after you enable the possibility of using it) is .htaccess. It is important that on the virtual hosting you will not have access to the 2 files shown above.

Content.htaccess already depends on specific CMS/frameworks. That is, the same function on Wordpress and Modx will not necessarily be written in the same way in .htaccess.

To simplify, then .you may need htaccess to configure all sorts of redirects, switching to https protocol with SSL certificate and access restrictions.

Example.htaccess for Modx:

RewriteEngine On #turn on the CNC, or friendly URLs, as Modx himself calls them
RewriteBase /

RewriteCond %{ENV:HTTPS} !on #using https protocol
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] #using 301 redirect

RewriteCond %{HTTP_HOST} . #a block with a redirect from www to without www
RewriteCond %{HTTP_HOST} !^site\.ru [NC]
RewriteRule (.*) https://site.ru/$1 [R=301,L]

nginx configuration

The main configuration file is nginx.conf, which in Ubuntu is stored in the /etc/nginx/ folder. Similarly, the basic settings for all sites are stored there at once. And already in the /etc/nginx/sites-available/ folder, settings for specific sites are stored.

user www-data; #the user who starts the web server
worker_processes auto; #number of processes, can be set manually = number of processor cores
pid /run/nginx.pid; #id of the web server process
include /etc/nginx/modules-enabled/*.conf; #connecting nginx modules

# below are standard settings similar to Apache

events {
worker_connections 768;
multi_accept on;
}

http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 30;
types_hash_max_size 2048;
map_hash_bucket_size 64;
server_names_hash_bucket_size 64;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #connect ssl
ssl_prefer_server_iphers on;

access_log /var/log/nginx/access.log; #
error_log /var/log/nginx/error.log logs;

gzip on; #enabling gzip compression

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*; #connecting files from internal folders for individual configuration
}

And the last example is a configuration file inside the /etc/nginx/sites-available/ folder for a specific site, where nginx acts as a reverse proxy for nuxt.js applications.

#everything is broken down by ports and site names. That is, the server listens to 80 and 443 and accepts addresses with and without www.
#the purpose of the settings is to make a correct redirect from all minor versions of the site to the main one.
server { #redirect from http://site.ru on https://site.ru
 listen      80;
 server_name site.ru;
 return 301 https://site.ru$request_uri;
}
server { #redirect from http://www.site.ru on https://site.ru
  listen     80;
  server_name www.site.ru;
  return 301 https://site.ru$request_uri;
}
server {
  listen    443 ssl http2; #using the second version of http and ssl certificate
  server_name   site.ru;
  ssl on;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/ssl/certs/site.crt; #certificate path
  ssl_certificate_key /etc/ssl/certs/site.key; #path to the certificate key
  ssl_prefer_server_ciphers on;
  gzip on; #enabling gzip compression
  gzip_types   text/plain application/xml text/css application/javascript;
  gzip_min_length 1000;
  rewrite ^/(.*)/$ /$1 permanent;

location / {
   expires 31557600; #specify the caching period of static files in seconds
    proxy_redirect           off;
    proxy_set_header Host        $host; #set_header set the server response headers
    proxy_set_header X-Real-IP     $remote_addr;
    proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_read_timeout     1m;
    proxy_connect_timeout    1m;
    proxy_pass             http://localhost:3000 ; #the path with the port on which the nuxt application is running.js
 }
}
server {
  listen    443 ssl; #to redirect from https://www.site.ru on https://site.ru
  server_name www.site.ru ;
  ssl on; #without connecting the ssl certificate, an error will be issued
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_certificate /etc/ssl/certs/site.crt;
  ssl_certificate_key /etc/ssl/certs/site.key;
  ssl_prefer_server_ciphers on;
  return 301 https://site.ru$request_uri ;
}

This is a review article that shows the approximate principle of configuring web servers. For a more thorough setup, I recommend studying full-fledged materials and manuals on specialized sites. This article is an entrance ticket to the configuration of web servers.

Do not forget to restart the processes of the web servers after updating the configuration files.

Numbers

Installation and configuration of a web server and basic software on a VDS/dedicated server - from 30 minutes to 2 hours.

Author: Aleksandr Dergunov
Published: 12/20/2019