This is a fully developed Nginx configuration ready for deployment in production environments. It is pre-configured to be scalable, efficient, secure, and reliable.
@carlbennett wanted an Nginx configuration that was both secure and modular enough that it could be put on any server, with minor tuning to just a few settings to make it work anywhere. And thus, this configuration was created.
It is based on the Fedora 29 x86_64 Nginx packages and is maintained at carlbennett/nginx-conf. It is compatible with most Nginx installations, and works well on CentOS 7 when using nginx.org's repos instead of the default centos repos.
Recommended Nginx version:
1.13.0 or newer.
- Global caching
- If included, tunes nginx to have browsers cache static resources.
- Global Gzip compression
- If included, common types of static resources will be compressed by nginx.
- Global URL filtering
- If included, nginx will disconnect common types of attacks based on the URL, instead of responding with an error page or content which could alert the bad actor about your server, which would send an invite to come back later.
- Can be extended upon very easily to block even more types of URLs.
- PHP support
- If included, you can and should define php error reporting and short tags in your server block.
- You can pass other php options via the PHP_VALUE parameter too.
These steps have been tested on Fedora 29 x86_64, and may require minor changes to work on non-RHEL systems.
The following commands assume you are logged in as
root or are
root before every command.
yum in the command
dnf install nginx
Setup the user and group
If you wish to replace apache:
userdel -r apache usermod -u 48 nginx groupmod -g 48 nginx
Add permission group for web content:
groupadd -r www-data usermod -aG www-data nginx usermod -aG www-data `whoami`
Clone this repository
cd ~ git clone email@example.com:carlbennett/nginx-conf.git
Copy files to system
cp -r ./etc/nginx/ /etc/nginx mkdir -p /var/www && cp -r ./var/www/* /var/www
File and directory permissions
chown -R root:root /etc/nginx chown -R nginx:www-data /var/www find /var/www -type f -print0 | sudo xargs -0 chmod 664 find /var/www -type d -print0 | sudo xargs -0 chmod 775
This is only necessary if using a different directory than
RHEL-like systems with SELinux,
/var/www is already configured properly.
dnf install policycoreutils-python-utils semanage fcontext -a -t httpd_sys_content_t '/opt/other-www(/.*)?' restorecon -r /opt/other-www
You should now configure everything under
/etc/nginx to your liking.
systemctl enable nginx systemctl start nginx