Server Block Nginx

January 01, 2019

Nginx Logo https://dwglogo.com

Berikut contoh konfigurasi server block Nginx:

Server Block Umum

server {
  listen 80;

  server_name domain.tld;
  root /var/www/public_html;

  index index.html index.php;
}

Nginx dengan PHP FPM Socket

server {
 listen 80;

 server_name domain.tld;
 root /var/www/public_html;

 index index.php;

 location ~* \.php$ {
 fastcgi_pass unix:/run/php/php-fpm.sock;
 include	fastcgi_params;
 fastcgi_param	SCRIPT_FILENAME	$document_root$fastcgi_script_name;
 fastcgi_param	SCRIPT_NAME	$fastcgi_script_name;
  }
}

Nginx dengan SSL

server {
  listen 80;

  server_name domain.tld;
}

server {
    listen 443 quic reuseport;
    listen 443 http2 ssl;
    
    server_name  domain.tld;

    ssl_certificate     /etc/fullchain.pem;
    ssl_certificate_key /etc/privkey.pem;
    ssl_session_timeout 15m;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_prefer_server_ciphers on;
}

Redirect http to https

server {
    server_name domain.tld;

    # Redirect to https://domain
    return 301 https://domain.tld$request_uri;
}

Redirect www to non-www

server {
    server_name domain.tld;

    # Redirect to https://domain
    return 301 https://domain.tld$request_uri;
}

server {
   listen 443;
    server_name www.domain.tld;
  
    # Redirect to https://domain
    return 301 https://domain.tld$request_uri;

    # SSL for redirect
    ssl_certificate     /etc/fullchain.pem;
    ssl_certificate_key /etc/privkey.pem;
}

Nginx sebagai Reverse Proxy

server {
  listen 80;

  server_name domain.tld;

  location / {
      proxy_pass http://192.168.2.2:9000;
  }
}

Nginx: WordPress Server Blocks

upstream php {
        server unix:/tmp/php-cgi.socket;
        server 127.0.0.1:9000;
}

server {
        listen 80;
        listen [::]:80;
        ## Your website name goes here.
        server_name xxx.xxx.xxx;
        ## Your only path reference.
        root /var/www/html/web/wordpress;
        ## This should be in your http block and if it is, it's not needed here.
        index index.php;

        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }

        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }

        location / {
                # This is cool because no php is touched for static content.
                # include the "?$args" part so non-default permalinks doesn't break when using query string
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
                #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
                include fastcgi_params;
                fastcgi_intercept_errors on;
                fastcgi_pass php;
                #The following parameter can be also included in fastcgi_params file
                fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
        }

        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                expires max;
                log_not_found off;
        }
}

Nginx: Jekyll Server Blocks

server {
   listen 80;
   
   server_name domain.tld;
   return 301 https://$http_host$request_uri;
}

server {
    listen 443 quic reuseport;
    listen 443 http2 ssl;

    server_name domain.tld;

    ssl_certificate     /etc/fullchain.pem;
    ssl_certificate_key /etc/privkey.pem;
    ssl_session_timeout 15m;
    ssl_protocols SSLv3 TLSv1.2;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass http://192.168.1.2:4000;
        allow 123.123.123.123;
        deny all;
    }

    # Jekyll Admin
    location ~ ^/(admin|_api)(/.*)? {
        auth_basic "Administration";
        auth_basic_user_file /etc/nginx/htpasswd;

        allow 123.123.123.123;
        deny all;

        proxy_pass http://192.168.1.2:4000/$1$2;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;

   }

    error_page 403 /403.html;
    location = /403.html {
        root /usr/local/nginx/html/;
        internal;
    }
}

Semoga bermanfaat.

Sumber : https://www.nginx.com