From e53e0b811d2af0aaa8934e2a10a246a175e3a978 Mon Sep 17 00:00:00 2001 From: Ezequiel Bruni Date: Wed, 2 Feb 2022 01:51:20 -0600 Subject: [PATCH 01/17] Did most of the writing --- docs/guides/web/nginx-mainline.md | 136 ++++++++++++++++++++++++++++++ 1 file changed, 136 insertions(+) create mode 100644 docs/guides/web/nginx-mainline.md diff --git a/docs/guides/web/nginx-mainline.md b/docs/guides/web/nginx-mainline.md new file mode 100644 index 0000000000..c96f9ba330 --- /dev/null +++ b/docs/guides/web/nginx-mainline.md @@ -0,0 +1,136 @@ +--- +title: Nginx +author: Ezequiel Bruni +contributors: Steven Spencer (most likely) +--- +# How to Install the Latest Nginx on Rocky Linux + +## Introduction + +To give credit where credit is due, I came up with exactly none of this. This guide is based heavily on [the one by Joshua James](https://www.linuxcapable.com/how-to-install-latest-nginx-mainline-on-rocky-linux-8/) on [LinuxCapable](https://www.linuxcapable.com). Go give his site a read some time, there’s a lot of good stuff there. On to this (beginner-friendly) guide: + +*Nginx* is a web server designed to be fast, efficient, and compatible with just about anything you can imagine. I personally use it a fair bit and—once you get the hang of it—it’s actually pretty easy to set up and configure. Here’s a short rundown of the standout features; Nginx is/has/can be: + +* A basic web server (one would hope) +* A reverse proxy for directing traffic to multiple sites +* A built-in load balancer for managing traffic to multiple websites +* Built-in file caching for speed +* WebSockets +* FastCGI support +* And, of course, IPv6 + +It’s great! So just `sudo dnf install nginx`, right? Well, not exactly. Let’s be clear: **Rocky Linux repositories don’t actually have the latest production-ready version of Nginx.** Since our goal is bug-for bug compatibility with Red Hat Enterprise Linux, you can always ask them to update their repos. Or asking the *Nginx* people might work better (you’ll see what I mean). + +What *you* can do, right now, is install the “mainline” branch of Nginx yourself. It has all the latest updates and toys, and (to my mind) a simpler directory structure for its configuration files. Here’s how to see it all for yourself: + +!!! Note + + There's another branch called "stable", but it's actually a little outdated for most use cases. The "mainline" branch is considered by the Nginx developers to be thoroughly-tested and stable enough for everyone to use. + +## Prerequisites and Assumptions + +You’ll need: + +* An internet-connected Rocky Linux machine or server. +* A basic familiarity with the command line. +* The ability to run commands as root, either as the root user or with `sudo`. +* A text editor of your choice, whether graphical or command-line based. For this tutorial, I’m using *nano*. + +## Installing the Repository + +This part isn’t quite as simple as installing an extra repository usually is. We’re going to have to create a custom repo file for *dnf* to use, and download *Nginx* from. Technically, we’re sort of repurposing repositories for CentOS that were made and hosted by *Nginx* themselves. This solution may or may not be viable in the long term, but it’s working great for now. + +First, make sure your machine is updated: + +```bash +sudo dnf update +``` + +Now, make sure the *dnf-utils* package is installed, and any command-line text editor you may want: + +```bash +sudo dnf install dnf-utils +``` + +Once that’s all installed, power up your text editor of choice. You’ll want to create a file called (for the sake of simplicity) “nginx.repo”, and put it in `/etc/yum.repos.d/`. You can do this real quick like so: + +```bash +sudo nano /etc/yum.repos.d/nginx.repo +``` + +In that file, paste this bit of code, unmodified: + +```bash +[nginx-stable] +name=nginx stable repo +baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ +gpgcheck=1 +enabled=1 +gpgkey=https://nginx.org/keys/nginx_signing.key +module_hotfixes=true + +[nginx-mainline] +name=nginx mainline repo +baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/ +gpgcheck=1 +enabled=0 +gpgkey=https://nginx.org/keys/nginx_signing.key +module_hotfixes=true +``` + +This code basically just lets you use the *Nginx*-made-and-hosted repositories for CentOS, and it allows you use the previously-mentioned “stable” branch if you want to. I mean, don’t. But you could. + +Save the file with “Control-S” (if using *nano*) and exit with “Control-X”. + +## Installing and Running Nginx + +Now, let’s enable the repository file you just made with one simple command: + +```bash +sudo yum-config-manager --enable nginx-mainline +``` + +Then, install *Nginx*: + +```bash +sudo dnf install nginx +``` + +The terminal will ask you if you’re fine with installing the repository’s GPG key. You need that, so choose “Y” for yes. + +Once the installation is done, start *Nginx* and enable it to automatically start on reboot all in one go with: + +```bash +sudo systemctl enable --now nginx +``` + +To verify that the lastest version of *Nginx* has been installed, run: + +```bash +nginx -v +``` + +## Configuring the Firewall + +!!! Note + + If you are installing Nginx on a container such as LXD/LXC or Docker, you can just skip this part. + +If you try to view a web page at your machine’s IP address or domain name from another computer, you’re probably going to get a big fat nothing. Well, that’ll be the case as long as you have a firewall up and running. + +Here’s how to open up the necessary ports to actually see your web pages with *firewalld*, Rocky Linux’s default firewall: + + + +## Additional Configuration Options + +If you want to see how to make *Nginx* work with PHP, and PHP-FPM specifically, check out our [guide to PHP on Rocky Linux](../web/php.md). + + + + + +## Conclusion + + + From 665e30c4c99b7ffe3b85999690a4d5a090d44274 Mon Sep 17 00:00:00 2001 From: Ezequiel Bruni Date: Wed, 2 Feb 2022 02:56:03 -0600 Subject: [PATCH 02/17] The rest of the writing --- docs/guides/web/nginx-mainline.md | 133 +++++++++++++++++- .../guides/web/nginx/images/welcome-nginx.png | Bin 0 -> 14598 bytes 2 files changed, 127 insertions(+), 6 deletions(-) create mode 100644 docs/guides/web/nginx/images/welcome-nginx.png diff --git a/docs/guides/web/nginx-mainline.md b/docs/guides/web/nginx-mainline.md index c96f9ba330..933c3f8d3d 100644 --- a/docs/guides/web/nginx-mainline.md +++ b/docs/guides/web/nginx-mainline.md @@ -80,7 +80,7 @@ module_hotfixes=true This code basically just lets you use the *Nginx*-made-and-hosted repositories for CentOS, and it allows you use the previously-mentioned “stable” branch if you want to. I mean, don’t. But you could. -Save the file with “Control-S” (if using *nano*) and exit with “Control-X”. +Save the file with Control-S (if using *nano*) and exit with Control-X. ## Installing and Running Nginx @@ -110,27 +110,148 @@ To verify that the lastest version of *Nginx* has been installed, run: nginx -v ``` +From there, you could just start dropping HTML files into the `/usr/share/nginx/html/` directory to build a simple, static website. The configuration file for the default website/virtual host is called “default.conf” and it’s in `/etc/nginx/conf.d/`. + ## Configuring the Firewall !!! Note - If you are installing Nginx on a container such as LXD/LXC or Docker, you can just skip this part. + If you are installing Nginx on a container such as LXD/LXC or Docker, you can just skip this part for now. The firewall should be handled by the host OS. If you try to view a web page at your machine’s IP address or domain name from another computer, you’re probably going to get a big fat nothing. Well, that’ll be the case as long as you have a firewall up and running. -Here’s how to open up the necessary ports to actually see your web pages with *firewalld*, Rocky Linux’s default firewall: +Here’s how to open up the necessary ports to actually see your web pages with *firewalld*, Rocky Linux’s default firewall with the `firewall-cmd` command. To add a new port, just run this: +```bash +sudo firewall-cmd --permanent --zone=public --add-port=80/tcp +``` +Let’s break this down: -## Additional Configuration Options +* The `-–permanent` flag tells the firewall to make sure this configuration is used every time the firewall is restarted, and when the server itself is restarted. +* `–-zone=public` tells the firewall to take incoming connections to this port from everyone. +* Lastly, `–-add-port=80/tcp` tells the firewall to accept incoming connections over port 80, as long as they’re using the Transmission Control Protocol, which is what you want in this case. -If you want to see how to make *Nginx* work with PHP, and PHP-FPM specifically, check out our [guide to PHP on Rocky Linux](../web/php.md). +To repeat the process for SSL/HTTPS traffic, just run the command again, and change the number. +```bash +sudo firewall-cmd --permanent --zone=public --add-port=443/tcp +``` +These configurations won’t take effect until you force the issue. To do that, tell *firewalld* to relead its configurations, like so: +```bash +sudo firewall-cmd --reload +``` +Now, there’s a very small chance that this won’t work. In those rare cases, make *firewalld* do your bidding with the old turn-it-off-and-turn-it-on-again. -## Conclusion +```bash +systemctl restart firewalld +``` + +To make sure the ports have been added properly, run `firewall-cmd --list-all`. A properly-configured firewall will look a bit like this (I have a few extra ports open on my local server, ignore them): + +```bash +public (active) + target: default + icmp-block-inversion: no + interfaces: enp9s0 + sources: + services: cockpit dhcpv6-client ssh + ports: 81/tcp 444/tcp 15151/tcp 80/tcp 443/tcp + protocols: + forward: no + masquerade: no + forward-ports: + source-ports: + icmp-blocks: + rich rules: +``` + +And that should be everything you need, firewall-wise. + +*Now* you should be able to see a web page that looks something like this: + +![The Nginx welcome page](nginx/images/welcome-nginx.png) + +It’s not much at all, but it means the server is working. + +## Creating a Server User and Changing the Website Root Folder + +While you *can* just drop your website into the default directory and go (and this might be fine for *Nginx* when it’s running inside a container, or on a test/development server), it’s not what we call best practice. Instead, it’s a good idea to create a specific Linux user on your system for your website, and put your website files in a directory made just for that user. + +If you want to build multiple websites, it’s actually a good idea to create multiple users and root directories, both for the sake of organization and the sake of security. + +In this guide, I’m going to have just the one user: a handsome devil named “www”. We’re going to put all of his website files under a directory in its home folder: `/home/www/`. You can actually put the folder anywhere you want, but on a dedicated server machine, using home folders makes perfect sense. + +### Creating the User + +First, we make the folder we’re going to use: + +```bash +sudo mkdir /home/www/ +``` + +Then, we create the user: + +```bash +sudo adduser -g 'Nginx www user' -h /home/www/ www +``` + +That command tells the machine to + +* Make a user called “www” (as per the last bit of text), +* put all of its files in `/home/www`, +* and add it to the following groups: “Nginx”, “www”, and “user”. + +All three are important, but that “Nginx” group does some real magic. It allows the web server to read and modify files that belong to the “www” user, and the “www” user group. See the Rocky Linux [guide to user management](../../books/admin_guide/06-users.md) for more information. + +You will, at this point, be prompted to give the new user a password. Type it in, press Enter, and repeat. + +From now on, when you’re actually going to add files to your website, it’s a good idea to do it as the web server user. You can log in to the server user account with by running the following command, and then typing in that password you chose: + +```bash +sudo su www +``` + +### Changing the Server Root Folder + +Now that you have your fancy new user account, it’s time to make *Nginx* look for your website files in that folder. It;s time to grab your favorite text editor again. + +For now, just run: + +```bash +sudo nano /etc/nginx/conf.d +``` +When the file is open, look for the line that looks like `root /usr/share/nginx/html`. Change it to your chosen website root folder, eg. + +### Changing File Permissions + +To make sure that *Nginx* can read, write to, and execute any files in the website directory, permissions need to be set properly, especially if you uploaded the files while using the root account. + +First, make sure that all files in the root folder are owned by the server user and its user group with: + +```bash +sudo chown -R www:www /home/www +``` + +And then, to make sure that users who want to actually browse your website can actually see the pages, you should make you can run this command: + +```bash +sudo chmod -R 755 /home/www +``` + +That basically gives everyone the right to look at files on the server, but not modify them. Only the owners get to do that. If you’re feeling paranoid, you can run that particular command every time you upload new HTML/CSS/JS/image files to a static website. + +## Additional Configuration Options and Guides + +* If you want to see how to make *Nginx* work with PHP, and PHP-FPM specifically, check out our [guide to PHP on Rocky Linux](../web/php.md). +* Instructions on multi-site configuration are coming in another guide. Instructions for SSL certificates are coming as well, and this guide will be updated with links when they’re ready. + +## Conclusion +The basic installation and configuration of *Nginx* are easy, even if it’s more complicated than it should be to get the latest version. But, just follow the steps, and you’ll have one of the best server options out there up and running quickly. +Now you just have to go and build yourself a website? What could that take, another ten minutes? *Sobs quietly in Web Designer* diff --git a/docs/guides/web/nginx/images/welcome-nginx.png b/docs/guides/web/nginx/images/welcome-nginx.png new file mode 100644 index 0000000000000000000000000000000000000000..6597b4c95066d550498f794fa77f021de75f5f2d GIT binary patch literal 14598 zcmeHuXFOYR+^-H@s#>!(+p4{a+N)KYP+C$WloB&2k=VNIReQuJilSl%v5KNWs6-IN zUNLKLZu&eg@BQ2t_ul8edR`>?oRj}K=eN#pe*fVw^fhU3u->4eqN3H-QZu5Wy2M3A zbs^~5Mar4N(%BD`p9`KwnyOUDK6WzY;IjQQz%weUiddQxYii2zb$2aOPb#Wg?f*U( zy4=3oQcluC)n7wjx`Cl^YY#grO%FReS5F5wsHO2W$|bS^+G@{Ud0VcLTAVG0v(GmV zxlyS@Q#O|bX8HuVweGYR9$b6ne^Vd|PQ$I-an*W+?qPXYtNLw$kHp~nM*eRsF3&x* zN}Rdm!El%5LK@Fk#tZrGIc??bt_P241WuY3yP6gQCKfXkByn+4@!52Gf5y2MhcoLJ zlN8|KD{dF4s9w;KDg1ur#W7J)Jq3IdqM~}At_7r!Eft5Pd^f&&jVh-fdbO@PjFmwGl7(CZzLjhvmMZ*U19|U6et^+B=29b>2VPX}qTfmg zUMKS$K}ff?lPMr|%WBziQs(rMW{ZS(O<}j$`O#pRybO+T7>88EF}-ICht{+Oj%+R- znXrZzOhOL5RMA9Y?f$9!M&E=`%kqg9aB)AYpoEZEP@-VPdHkPGV3JlE93T%&50-g? zHDgcH!zNbO<~&;plKl4FO(~RdgG#^b1R2V*Q;CK_Yr6Y75ogd1TFuS#mxVGQIfYF& zHVjz%M4s+H$S?^Hd@>N#X}zEB9HqLjhHD$+7NHALDCjoqiSoaaSQ;|Uv8_>|egST1DHN$Vdsxs$2cf|0`6l)|dXQphy{fk(eA;Wx zXfkGdpdAITU3YZ}@Pe9%`tKb%wA`bWY3wYmF-R9@-}q&ytRvXepEk#Vj&mC_z*;+H z-%Oj8Rq!3JX*JiK7)3O(mmVff{H>}8y7vW1HK>6$gNSK5O^lrR{bs?CUOjuFv~*nS zAp^?fScAYA;GLz|!Y)Bo;V;NO%T>tuUdeXIib2p88(T{@$NI#IbC-L-u@611CwY12 za1Wj3iCxc2fl&o1+&eeLqBK(9y~SsDj&T)sc!jJ4$;pBq&1Z0f00w*KH9ekkwK7>} zb%Qm(_0Z|385>i7X9wnFS`d$w&bBPA5{FebM~^#Uhja6F$~WqTKOG+!MzNr}E8hQadS^<*R^xG=L=d zY&c9Govsg)+~i?Wmf9P`oY_ZKzpXp7r3ba^JnR|msuv(0Iy^Z%bl1h!v^C91UMQS| zh~N^8BqD_o$O-nfM17crzBf? zU&?@*#T#F(DQN{N0! zE{q)ME63rl&41cj)#PX#dS$71>jwG8PwF_NNoMobAgKcBiuP@+WeGT5@;&bRt=1%V zm+w7sz$)+Ln;YiHPDNjvj&9;WDnQbX_xbqf!ORkLnXiUO#7qO}NV_~L2}QT@zfxo2 zw}QOJ`ui-Sb_g}o`UfL#Nl>N`@8Nf5ypr+!<)}rMj9HSQro`Gk| zeq;6NILVPOb9~5G1*8ebIZYsQQ4sC$d8LXENqS{Wg!BVj!C7O~wZGf?YNkI}mg1Xh zD4MYJSV;mfEf)wO(gsN@d*`dW@WWqjeo}EAVsIR}I89`Bqx*(TAd`Lf9L;@YAK#fF zMxKVH9{T9;W`%`ql#nO5>yh4fS6(aI$u*=HJ1^J#if(oQvlb9jn`zfo322&dj|Ig}^zq|nE+{YGQFCTc=4NUQZC z)B3sw&O>!u52MbDWI>F7+T=5%{Rt_FLoq2aP!a-uqDDxuTy3N%bwkz{YuK|`V!c@_ zWsJ}UQi(=Dy=a$&_=DK9ml4Qu_Chc=db8}P@GC(Ry9=!et0xOKeU*@L7e+<8LiS0; zDM`q9#>)4HnNk#PeZ9R3e|!t3IhEZ%#2asY9=PD3KRlt1?hbtRd|QQ0p}s8Hof3%! zxj~?-M-rWTXTt-EgH3Gt9wS3C$D2|)2L&a)w)Ipv<1)(qw19mIdcaRLTL4FjmXhL- zNa}!2b~4_js<$ntjeD4U*el3Q!)IQV<>6P z*O9E#!a^jGy$or-m28pTsCu-d_i3BTD1f9iMb7)ap0%N#*2t|fQVEAby+n2kbs=n?N}xk@ZGM600)JDlX9u}>AGtS&KvGS4d_f{ZZD;P}-p8f1OK{oie(cEXkB!LoscK1P z_^9hcA==WqZdValeCh!MzNw7t^U)39eqIVC>=+uOHv!_!BUU~2+25jtIi7i>?8o0s zv~6&j{9W#j?!Fn;7Ys~C?hIFv#fXp)t$?@ps4TAF2vTv427`uaMH%fo0HDdjC6iid zO-kg%uPY@^78I7<%2M7^Ij_}1>+sd@2^F0Dl160dXGM=2+&;R9cVjqhU-}(@Sfa#V zo)$p08QRycu`npguI{YNfG$Ycx#eyRxrc~}+*~qPFQmdd%bCi5ycx2;Z$+GSXy%3b zorYtW$hF}i8*3THr_uu*c*3fKCRf;Q=EiB+yZ#CGLKT{Wb)50h+mBppdVM&nyW{c} zCl^JiGHA%lXszZojBYbWMPj?oh7ka(Rn{jgGZK)jRSEWE`!kbrLm^zNr%Sb{f&?+?aq}-e?YnFCd`I+Hp2CvO z)y2)d!hkgo*8q9JNmM~EufYz&;e+CjmdtN%wd$^JtEc4-r9&M!*}b&6Ivgi#NC^&D>D1wJ^6t#IIdlS>Xz) zcQ~M=O$$SPGFQ9KWRlFc@kzVKJ98Ze_uF##K#QIGKx04xLr;Xu(i469@s?)y- zyRKL9Ay>za`(sbtrUg>6kr~95*-vgTl=Sehnr)-kaP=CwDsLTG*#QWW8+X%KaQzKw zu4Z|cE^chlY2^a(uN;Dmx)5bT0z@;AtStty*&7hZ(cY7*OVjJ#HYi*RD<|zj{YEAyXNE`JSeVAhWb5Q2$cGbfc-4i+ZV|mv zPGT{@U=Q6Cj{#=&m;v!^A!r?2o2BB=sLC(Bs1;9ZzYlU zK}{`Mz>;XFS81sZ+U#D`&t-2u^72J3VBG}eJfJ}682;6=!b4Y6w8H+j*e{jaJI`p5|A@c#kJ@;CjP|P`iC+e42v`BxsC>Ch`8hSFU5_AWCcJa(Ui2jsB#UOJ+cz z>`-+1JK2xcy=)#M4e0n_!?c3g^M0>MS4h}%0flu4ISiNU5iDZQR#3v#BH*L>Q1vA_4YajMWfS+U4+IGKhV~W7 zhCelr2fsIn#pn)iYK;5{+K=JabYs|8I%f~dQWqC*%bj~1g;`%Ko>{^&I1M(0p;a$s z$Tj_>{Z|Pt)CgL3F6Y=-ZO;fNs1${>G+OfL2UoZ>kxemT+Rl0@vPXk>&lwuX3fE<^ zB5~JJ5s}B{1tf7MB7Fvx5KP+3x6X@O%<;ZZ=M(fbV*|TLpTNHK340_5nZKHNNFVGjaAum^D`A&7vlQn#h z*W5}4CZmHe?Y;as(0B9iJ&eYSnz-GLbCMDdeQt&a(;;)WuR_7?2Lkne@=V#E(f86s zxa(O{WMhbyQ%z6*8E@lDSwq<9Fl_qsk{AAyrLinRCZaGkQ6VUQMw-G?UO!+)xIiDT zTG9G0nnYjgCsFo|k9eS$xh!|v68I4xWTdZN=%~40!j??osrBY;hD)+Yd95=+qrz=%`#iq)DzBd{ zss4H*WrxTysSl{40Zn5{zVZ|&i{TuqP}n15;cyS%;@_wjEY7ubx?4Q`LD*$*V%CRf zn`mA3uIAQO?0;y=_5npx*4>#Fmfb8t9@5vv4zjjEox~NeZbO;EEMvcpV>HiyFqV6R zAWgbk>U|4vG~${D<5PaQ=qqnPQB>kfWq}k%I#b_OwKVIDNYZ}qb0I-Nu+EsbwBs4u zE$o7~&AIc9<$K7iXMM5?&dFnojbjChI+$tKYA;Mvve1LvtP(WDbkB4-^vN;%%4h=Q zwXa^O901$=1Q(3@i=0R68P=?NH>N4T28bFA^E!VW0}?n=udh zr>0^S@7OO$6NFMgXi9}|s&(Hr4e#JWv5oZ~hROjuPW|^WKHcUgpL1&m7kS??3)P4y zh~$G-^c%G0ItH%UFWVR_Ugvo|pRo0jI~(ay)|LKSKD+SSS=?XJ2wAr z8fHAG`8-;$qUBD5N%c^&Sgjas3LC+-%l4@mphT71i%T-^TWE*pTGUa4?e%9eA^9lv zbZ)jICiJ~qYVFFN=+4wDzn+gWI@hwy@3%CkpGO2YYZ8O8R;c-DA0aDWm@%--rHYeh zn7UrALcQK&rPJYl|xULFp$+|rz(^B&N&|;4YB0{m0xRjy8MEn zHI?JxHS?Be%;7_Bd3g0I`KNO~i^=zVIqtBR)_UureH6pH0B}5NJ8^|9YJ!`KIs~f+z8Ujwv>fL;y#%{U9$|Q5(q4^qj$#}o{t-`7hBXh}443v6G;@=g(RHUf9AE*|ZACeCB zlB1N*Cd}mJCPN)yN+fhwl>DL1f>Iu*PNgEu+O+nzIuttMNh@}00K6Ghgd*jOCS zTP8s-u3OO(n8!$xjGCXn=hB**nTmsWt_wVAH}Gyo2OaMhT+S(irom9gwImh}gW!v7 zpfpz&zE_Ma4t1~Jwlpa{rg=U*cxA8F_r!X)35B=|IV7!5zbF?w0CMuA6}qP2$9-NuG&tU1n3No!@aQdUHyN4g-tuzx~ggF}ZzmfOMmLy$KGT-|_Z*WOT zt)r6rf4mQTb&L=x%?&6C6c`WR~97o<@^rYCC#^p6hT?3axAi_fbXAdTOB4B1pI z$>Dd<5R|d?Q#I}s0B~DA_xsQd!$PxS_DPpgM`MYDTy2WjGmUssLyN$lpzINu)bDBT zgGwb>3VE?X?a)fOtdaB4!~1E;Z6{_~6|2?71rPThr}?3c=Wz>lAE8NZgp4bE9Mw3C z?4zh}KmV+X)_Kn_6g58dO4vg)=SF2`R0R)WT_f1MI75%E(f03u za-AWmmRU{P(RcADH6;$F%k6H&Xpj=Y1<90{g^=5E5nM>}ku*u=ZBNFG<4bh}bqeM_ z!VyTEC4AvY-5>oVK3jtJha6%)G)Z~`lwaZrQ`5e&d85ZmE}!I=4We+z0elrq910$Z-%dy?;aBie zU)!WcqjA>_c6w5W^~IIJR%5H)UnN#!tbe7iL1J?|M^sOwwLe(vl0w?9jnSt|1-_cU zc5IBiJ)pqNYGnSE_$P@d`C^eAhN~$js=K@xRR$r`hlT%gNhbyX4Yp>=e@_%Wh){5l zVjF96nO^fG#9EGNjWr_gQMm{H>+9>$V@?WB%_Sb>&bIuu1`}y}zEZSe~SLJfF3p;m>zr4gxa}$d?r7y`{ z2*+t8@EeESaqYf7-_<19OJ8Wp8LKh*RD^Vgr&@Z@hB3ws#l9&lf%fg#Iv^UeGZP!2 zVXW4PQGencc5J!V4k(k8S5MJx^{Lu1K1*$SmT}^DOz01&rhFfOti=JhZUYN@&*vA# zOmg~(RkZKIJ1j2fAnV>!eCQ}QWx*Z^`QE`xbU8pg*O-%1>q}|=FWmP3hiT!0j~wew z>CUp#Jl&l>LDl75@3)WdHtoc^eh>EvQBv5BH5nmREjYYxU}(AavqlwdX3YzEG;vBa z`J9Du#eW>ItC>2=FA27HCP`JzIsr0<`9YcIJ{|y^aVAR}(R-Uixy$l=qjRc7CJTG= ze5#33Mp`dCYPiUdB|DsewE0$2;(oS>+0_Cr7^CEx-G#J)KaC%PO3Mklz?2mw9bgG1 zqmn?{p)cO14ExHnpmvL@1{qcw$v&)u!cH}v64&h`mrmD27zrWecb%8{#|>u zqRVWZ_?>_!z3ZF3wSNX&7`fG(C(hbO!p5eu=25J(p@XV&#BuKb0vYMkqr1Wt7+ z*wy?y$+e-lQqst&OhYqINJ$cV+1!gG&D>xowr4RuVD=v_a^eJ<$q;B)T?A@x_4lt& zMa#zX)qd)liX8HbT-<(4%d14_;{&&Cx9y<$$OJTqOBhMl*Gz8f3&@FVuR)yqN7)RMcTkoP{a{>A)0gVd%(Uw@t>n51dCtA*0M={+ue4Ck%}&=usyq`0)mTE5#? zU&Bi0SlRS$&%O}lOWw<^%PZy&(&8dHQfV3a@!nqP_uT?oHU2;+*d6t?&{ zZd7K}o9x;7h$CZbKzK)qKp69U-E(TJ=ZBj|+YYSS8ZYG`tH(+f!wP8;lD9C=u8*a3 zp#}r06ju?h<$7`hTU#-(I<#?zy}o>Egs;=C65i$kpB%4Yz5Cldz46E_XJDy=7+Vrr z$b3dV`77If9sXLZw%IicCLH00B;U}EUS<{pi_$bN-clC6ua~@aG9kI>Wn2jPT`QOw z8WDZHM2BOr=lQf#oemw|Py|Vj)!pARzKS%qxmmjYC7&lT7A$XLgq+y21}uv(yP~4( z?eZ3{CvY|+xiQn*nQL-0X(8m+SH5VI^}xno)i0O!0G-zQav#>!`(t2wqlP*fKkOeT z{Z*^Pu@bIuWWGUHe|wwY*nW|$!{l)3OJiNW9la6oqZ7hakbI-$6D2_R3diev2UpEq z{%V<(_97Gad|R{FoCg+%#g|x2Ht^*9 zBihvl&$GjUh5j1bJPO*8F-caN%W*V7$%6P0jk-!=wtNdmgA`Nwr2N_ zN#mcHjH{1-Tk5YMdyV z1`Q@qvOH_jWd?x^o;Ann^Unxi@md2b6av>)0-#FhMO-T;%LJPOUa^BtK8*t0)n*6jv+m~mtYkRr1<^8O@5z5Y|xeZ%09P^ls04<;lhg50e* zH_GIy_)q^;TJqERi@)3_GCbP=1^KQfD->~BT36ZjtrYk5Ci-B=%_R={3X+n}K1Q!< z5;>E>=^?I#OK%#B6?wH|(aXtl>Dq@A^j*2*lSb1zV{slBa`B6lb;DZVVVFH@vI~18 zoesB))q0@wfcU;0bI$-&PDx?Z7{V6cdNaQD)hi~)Xv|X|`O44Lj3gIV%B;SoAvKt# zd82!xgNKF^-0UdnNvhnZ#lF?ew9yRPvF(jU2G_<9B888+BP7dGdwmxa4LzPH-Nkm+ zhd(MFWF9eod|4EKG=FxP2IS|`=4czfJy}QEnmYnL2ConsLRQ}ln#x%?md%ewIXoF} zhrQi|8-*#18_upt7jyvDu#@xew0Z_s!KY0Q@K*-KGbIA773@-@#k9VVukF!Vx`yc$ zJt=xXiEK>&&Cyqk9!4AXSMsKqAdW*3`|N9yIqZ2$Sl1(c4DY=&DICXq zNW!Sz)uthb@mC&D%p2x839e11K;j{b+Q#?+qi<82s&Flujlz`{O?xbP%qE=jf-n%rIcWPc*SPhEnoE8 z^r^=GD#bBT?Z?W$9(wqR=t;xab@4xtJX>?X!Pl7Dg&*>gas7zWvi>N}AYL>%+n42@9tCb?!AW_g zs(_^v3H`~FsnD7muHNX2?~^EL2*^|HaD=w;FD&OAOS{W`7vp9F-7YyYjB9g?np@st zD9ns{KJ~>M9c+V=Zn!qhYA_ka*&^fQJnV@oepub@5V_0EZFYB8{AQd>Di_aW2&H5# zj~<`}zqwLQQo?%xs_`D}4za4$0S%8@nkMfz!FUwxpmv?75@=%^I5&K$Mztg&v|&DI z4?Q~o)9>E3|I4qi67}!FXj}l(oY|jZFGm$y#<@gjOLZ1 zYbZ1IC>eZCwV^~oaaC^Hu)lkxqJX{%i`j9^%M=@P>{QZOB*BJuf~y&FQd!0h=xZPK z&IGc=dAvd(LJLF<9jhYKQK!$P@~&1oN2hQf*Scig0X{J2NoS0Wn#Ao7yE5}IwU{dE zM0@wVl2JZPb_VpcZ0(o=q@ozR7WK_y0D|S6|eXVH27F8x|xM6`* z*+%J~VvimX4oyASyH=h)ndowzLZNr+f}=ee+2E9{=d}1K4r-~Cw*SevVW08=-H>05+*fO#Lla8}Y>21wxY|+cO z_!vOJGBqwq(0zgp<|vZvniK_SBI~GJ{yRaT;77Bm1t42PCZ*)2Vc>Ug_rFNm{liQd zba=fEQtzNwpqW*q?mi}*fJE~+@w2YQSI?t!;UPg^OvJFw%^*{e?oq zA);x)t#NkpqjvdESC`1Vpi+_`KfhZUSOruWm^(mPZTQ5C$BcTZ; z|9H2#@kED?;PK2LBVQzsXy$sKHGv%GzK14a3Zg@5c^uW%^BvM+ zamc7|^A+E;E72(0Tur61MVzrjanARDyj%Vmj+}E>6O{uIWzOng)Ker%n*UhAao)bb z`-a zk*7U+Ho!|a79ZlQ=lIYqIZ|+I`e(FJLj&ZwmP&3Ms`G`}6Nz_V32hz~9onjIe4f<; zg@aqK2hGeqUS(R*!}(eQL_wICgMcw`UBH;}p7oO~Xu(D(1A{IJ^6(VGgvAQwXqT@> zMnNaDpoGWHrx0?(`R!J_Ky+o#yt+VKZZ6br^}xRuAZ_7;^13;Bl3P4cqu!RdbObcEqnza@lzACxAfeU>xoL4AJO)AHrw zhkcI!Tm^RDnD;u*RT#hUrsKa1Is3mIiF=VaVnaSfw`3k^vUtJ%65sqi{H1~x#3yXd z`qf^Eo?gngxwPvpkFzbAnYX-E|3&*`+J{wdxIp zd!Mf)z)4}`>7h5}XI`ZlzRLJ^%}=d-$H1{`RR0ip$hg_2*emd6#l6@cRc;$}R}=_H zsZ$5h&(T4gTR18ZAwM<5JnEA4b==_o)WF`?vkrz^dMO006{u z?XS}gqq0_Hiej>#Fh&0&R1$6X``&oE)FQGJxs(yPy|a z`pK$SVmmpbWWe(0SdiWNsRSFTx%M>E!D%>a`szOChD*Sc5pUQ6P`fEuFG&6_v6XAw z(yy+eX<)*V_tv}3-<(13>>qo3|Ls(EIFWBwVV?*}zR629wM;=rMPn8*9C8ZK(`O;O0a^YADpgE4U}JhDos5?X^h&QW9NE*WN@AlCtB==p%mb( z@}wEt#MpL`kjI`2cZ5#a-q4l(J-|~rjv#4^*}W6zaTm-_l^DM57l z^X0@ILwwW#%@{6CAn5PZPvlP1$l;!Mx?>(W`TENl`Rsd2V*vAo)6;AVaf-N5F0*{R z*pUod(J5Nxy7T$z@U`CBKHEj!@vWEuY2|EWpe(enknk2%V`FV%i>sShy9O~Y05uDDUV(MJ>Mvg>X z+}xw3lh|&_HO@6bL43OK!7{eBF*)F;nJ-lDODKlT%Un-h4$W+xYHqr@ zySKK1PuSS6<@!+;v^sIoc_V2kTU_xU&Ql`A{OoXgFB|b?XJ<~PR=Ug5)5Ct*Y?NRoZ%~6SA9;rSwtN10eOaM^Yv-kL$?WR*&w7`m0=D~dFmxOo& z0IXE$%tOT0;IN?9<^knhZJ)NXD`x~rLp~RvoyOEjGZ@gFbzBo`*l~D3vr7#5# z`J*F17~=wMUTZ0~=@YOJPu5#t3ov~2qcX+(inBBPs`BHc5zu;&-`*Z}ddMBJlP4hU zDOW7wGk`#{8s6%08S;9uuPS6ki8@lP-=t2a3=CocF@rLoa0)$GtuclPy+NH|HI8c4 z-1yKse_IaozNzf8z3r=1?;qj_yD#d~M^mspm~L^Dt%wCv%JH$FScwcBuO zFmIfvp>m(s0uFz?&b(!#m*>qSh+*zBK>NRJ=BMX9tJ++6^LOC;NmjzxR9|K+jCYMK zOdBmf(V*~Jk`~3b5duz^VPK)4J+&qA8>o=>(&wHsBN+(fNv1Wa@LCXJ)wV48^ki@n zZq-Z{wAj&EcQijKD0va)l&be?=5|V%m^1~6JI)#?t*oTrEqnKuo5V#b6Ke9Z{A&uz zmePis2pTbuoM4YVuT-}9TTrs+5!v8BuacDfR+O4H_ZYjD`P4a&%f*xO@~G5#t+ak1 zO*WJFeu88b6ns7U8^vmW0)PwCg_jt(1KrNDG6Pzw0{sGZa6_^i1wtvwrof?>VfFbyU*#43_jg_HO~LE*@`3VuwuSdG>x{j$8x0d=* zHW{2k|9}otJ@LkM<2GWlw6(EY`>6g~=ZbfgO@ILK0wT>-Ch3+dDL~ejGq4N1w@eP$ zjs{TN`xE&CGJm~aQIds+-!ZsypU+SC?C&LfoOB$vfn59!wiHbCZ-c^ATyd;M-dXQ8SOgS z!H%dluUdY3@mkP1Gu2dg9I~8!^A_p2$6}%io&@?_4`vSHr>An4{DLgMxh>b4<3F~d z^zMXNo#ktI& Date: Wed, 2 Feb 2022 02:59:24 -0600 Subject: [PATCH 03/17] Minor edits --- docs/guides/web/nginx-mainline.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/guides/web/nginx-mainline.md b/docs/guides/web/nginx-mainline.md index 933c3f8d3d..d7b7a59153 100644 --- a/docs/guides/web/nginx-mainline.md +++ b/docs/guides/web/nginx-mainline.md @@ -7,7 +7,7 @@ contributors: Steven Spencer (most likely) ## Introduction -To give credit where credit is due, I came up with exactly none of this. This guide is based heavily on [the one by Joshua James](https://www.linuxcapable.com/how-to-install-latest-nginx-mainline-on-rocky-linux-8/) on [LinuxCapable](https://www.linuxcapable.com). Go give his site a read some time, there’s a lot of good stuff there. On to this (beginner-friendly) guide: +To give credit where credit is due, I came up with exactly none of this. In particular, this guide is based heavily on [the one by Joshua James](https://www.linuxcapable.com/how-to-install-latest-nginx-mainline-on-rocky-linux-8/) on [LinuxCapable](https://www.linuxcapable.com). Go give his site a read some time, there’s a lot of good stuff there. Now, on to this (beginner-friendly) guide: *Nginx* is a web server designed to be fast, efficient, and compatible with just about anything you can imagine. I personally use it a fair bit and—once you get the hang of it—it’s actually pretty easy to set up and configure. Here’s a short rundown of the standout features; Nginx is/has/can be: @@ -19,7 +19,7 @@ To give credit where credit is due, I came up with exactly none of this. This gu * FastCGI support * And, of course, IPv6 -It’s great! So just `sudo dnf install nginx`, right? Well, not exactly. Let’s be clear: **Rocky Linux repositories don’t actually have the latest production-ready version of Nginx.** Since our goal is bug-for bug compatibility with Red Hat Enterprise Linux, you can always ask them to update their repos. Or asking the *Nginx* people might work better (you’ll see what I mean). +It’s great! So just `sudo dnf install nginx`, right? Well, not exactly. **Rocky Linux repositories don’t have the latest production-ready version of Nginx.** Since our goal is bug-for bug compatibility with Red Hat Enterprise Linux, you can always ask them to update their repos. Or asking the *Nginx* people might work better (you’ll see what I mean). What *you* can do, right now, is install the “mainline” branch of Nginx yourself. It has all the latest updates and toys, and (to my mind) a simpler directory structure for its configuration files. Here’s how to see it all for yourself: @@ -225,7 +225,7 @@ For now, just run: sudo nano /etc/nginx/conf.d ``` -When the file is open, look for the line that looks like `root /usr/share/nginx/html`. Change it to your chosen website root folder, eg. +When the file is open, look for the line that looks like `root /usr/share/nginx/html`. Change it to your chosen website root folder, eg. ### Changing File Permissions From 37760d561705286139dd1dfe2adfebf82d3c5e87 Mon Sep 17 00:00:00 2001 From: Ezequiel Bruni Date: Wed, 2 Feb 2022 03:07:33 -0600 Subject: [PATCH 04/17] Finished writing a section I forgot about --- docs/guides/web/nginx-mainline.md | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/docs/guides/web/nginx-mainline.md b/docs/guides/web/nginx-mainline.md index d7b7a59153..d85ec3eef2 100644 --- a/docs/guides/web/nginx-mainline.md +++ b/docs/guides/web/nginx-mainline.md @@ -225,7 +225,32 @@ For now, just run: sudo nano /etc/nginx/conf.d ``` -When the file is open, look for the line that looks like `root /usr/share/nginx/html`. Change it to your chosen website root folder, eg. +When the file is open, look for the line that looks like `root /usr/share/nginx/html;`. Change it to your chosen website root folder, eg. `root /home/www;`. Save and close the file, then test your *Nginx* configuration to make sure you didn’t skip a semi-colon or anything: + +```bash +nginx -t +``` + +If you get the collowing success message, everything went right: + +``` +nginx: the configuration file /etc/nginx/nginx.conf syntax is ok +nginx: configuration file /etc/nginx/nginx.conf test is successful +``` + +Then, give the server a soft restart with: + +```bash +sudo systemctl reload nginx +``` + +If the soft restart doesn’t work, give *Nginx* a kick in the pants with: + +```bash +sudo systemctl restart nginx +``` + +Any HTML files in your new root folder should now be browsable from… your browser. ### Changing File Permissions From 6b4232633b973cd8668d80943274cbcfac3e644d Mon Sep 17 00:00:00 2001 From: Ezequiel Bruni Date: Wed, 2 Feb 2022 18:47:17 -0600 Subject: [PATCH 05/17] Update docs/guides/web/nginx-mainline.md Co-authored-by: Antoine Le Morvan --- docs/guides/web/nginx-mainline.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/docs/guides/web/nginx-mainline.md b/docs/guides/web/nginx-mainline.md index d85ec3eef2..5c93e2e609 100644 --- a/docs/guides/web/nginx-mainline.md +++ b/docs/guides/web/nginx-mainline.md @@ -144,11 +144,13 @@ These configurations won’t take effect until you force the issue. To do that, sudo firewall-cmd --reload ``` -Now, there’s a very small chance that this won’t work. In those rare cases, make *firewalld* do your bidding with the old turn-it-off-and-turn-it-on-again. +!!! Note -```bash -systemctl restart firewalld -``` + Now, there’s a very small chance that this won’t work. In those rare cases, make `firewalld` do your bidding with the old turn-it-off-and-turn-it-on-again. + + ```bash + systemctl restart firewalld + ``` To make sure the ports have been added properly, run `firewall-cmd --list-all`. A properly-configured firewall will look a bit like this (I have a few extra ports open on my local server, ignore them): From 1b3a0d95b22113f4d5fc4b1e5ec9f9ca937886e8 Mon Sep 17 00:00:00 2001 From: Ezequiel Bruni Date: Wed, 2 Feb 2022 18:48:43 -0600 Subject: [PATCH 06/17] Update docs/guides/web/nginx-mainline.md Co-authored-by: Antoine Le Morvan --- docs/guides/web/nginx-mainline.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guides/web/nginx-mainline.md b/docs/guides/web/nginx-mainline.md index 5c93e2e609..f2ec01a880 100644 --- a/docs/guides/web/nginx-mainline.md +++ b/docs/guides/web/nginx-mainline.md @@ -96,7 +96,7 @@ Then, install *Nginx*: sudo dnf install nginx ``` -The terminal will ask you if you’re fine with installing the repository’s GPG key. You need that, so choose “Y” for yes. +The terminal will ask you if you’re fine with installing the repository’s GPG key. You need that, so choose `Y` for yes. Once the installation is done, start *Nginx* and enable it to automatically start on reboot all in one go with: From 91f67c506e052f982514619f519c4a9f28931870 Mon Sep 17 00:00:00 2001 From: Ezequiel Bruni Date: Wed, 2 Feb 2022 18:49:05 -0600 Subject: [PATCH 07/17] Update docs/guides/web/nginx-mainline.md Co-authored-by: Antoine Le Morvan --- docs/guides/web/nginx-mainline.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guides/web/nginx-mainline.md b/docs/guides/web/nginx-mainline.md index f2ec01a880..7dfde38cc8 100644 --- a/docs/guides/web/nginx-mainline.md +++ b/docs/guides/web/nginx-mainline.md @@ -120,7 +120,7 @@ From there, you could just start dropping HTML files into the `/usr/share/nginx/ If you try to view a web page at your machine’s IP address or domain name from another computer, you’re probably going to get a big fat nothing. Well, that’ll be the case as long as you have a firewall up and running. -Here’s how to open up the necessary ports to actually see your web pages with *firewalld*, Rocky Linux’s default firewall with the `firewall-cmd` command. To add a new port, just run this: +Here’s how to open up the necessary ports to actually see your web pages with `firewalld`, Rocky Linux’s default firewall with the `firewall-cmd` command. To add a new port, just run this: ```bash sudo firewall-cmd --permanent --zone=public --add-port=80/tcp From d3b65c20ae302e71da663e03e4b9022ebf229b9d Mon Sep 17 00:00:00 2001 From: Ezequiel Bruni Date: Wed, 2 Feb 2022 18:54:02 -0600 Subject: [PATCH 08/17] Update docs/guides/web/nginx-mainline.md Co-authored-by: Antoine Le Morvan --- docs/guides/web/nginx-mainline.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guides/web/nginx-mainline.md b/docs/guides/web/nginx-mainline.md index 7dfde38cc8..3beabdcda1 100644 --- a/docs/guides/web/nginx-mainline.md +++ b/docs/guides/web/nginx-mainline.md @@ -138,7 +138,7 @@ To repeat the process for SSL/HTTPS traffic, just run the command again, and cha sudo firewall-cmd --permanent --zone=public --add-port=443/tcp ``` -These configurations won’t take effect until you force the issue. To do that, tell *firewalld* to relead its configurations, like so: +These configurations won’t take effect until you force the issue. To do that, tell `firewalld` to relead its configurations, like so: ```bash sudo firewall-cmd --reload From 549f5e733eb7ebf6c0bc46d33415bb49fe01911d Mon Sep 17 00:00:00 2001 From: Ezequiel Bruni Date: Wed, 2 Feb 2022 18:54:06 -0600 Subject: [PATCH 09/17] Update docs/guides/web/nginx-mainline.md Co-authored-by: Antoine Le Morvan --- docs/guides/web/nginx-mainline.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guides/web/nginx-mainline.md b/docs/guides/web/nginx-mainline.md index 3beabdcda1..8bb27da5ea 100644 --- a/docs/guides/web/nginx-mainline.md +++ b/docs/guides/web/nginx-mainline.md @@ -98,7 +98,7 @@ sudo dnf install nginx The terminal will ask you if you’re fine with installing the repository’s GPG key. You need that, so choose `Y` for yes. -Once the installation is done, start *Nginx* and enable it to automatically start on reboot all in one go with: +Once the installation is done, start the `nginx` service and enable it to automatically start on reboot all in one go with: ```bash sudo systemctl enable --now nginx From 8e1971757aa5292ccd3da3aa5484b88de198e81a Mon Sep 17 00:00:00 2001 From: Ezequiel Bruni Date: Wed, 2 Feb 2022 18:55:56 -0600 Subject: [PATCH 10/17] Update docs/guides/web/nginx-mainline.md Co-authored-by: Antoine Le Morvan --- docs/guides/web/nginx-mainline.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guides/web/nginx-mainline.md b/docs/guides/web/nginx-mainline.md index 8bb27da5ea..f9c1564bbf 100644 --- a/docs/guides/web/nginx-mainline.md +++ b/docs/guides/web/nginx-mainline.md @@ -34,7 +34,7 @@ You’ll need: * An internet-connected Rocky Linux machine or server. * A basic familiarity with the command line. * The ability to run commands as root, either as the root user or with `sudo`. -* A text editor of your choice, whether graphical or command-line based. For this tutorial, I’m using *nano*. +* A text editor of your choice, whether graphical or command-line based. For this tutorial, I’m using `nano`. ## Installing the Repository From b58f8cafedef2e15da50e0c7c6ec40e529dd9d5a Mon Sep 17 00:00:00 2001 From: Ezequiel Bruni Date: Wed, 2 Feb 2022 18:56:55 -0600 Subject: [PATCH 11/17] Update docs/guides/web/nginx-mainline.md Co-authored-by: Antoine Le Morvan --- docs/guides/web/nginx-mainline.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guides/web/nginx-mainline.md b/docs/guides/web/nginx-mainline.md index f9c1564bbf..9cc29e22c9 100644 --- a/docs/guides/web/nginx-mainline.md +++ b/docs/guides/web/nginx-mainline.md @@ -46,7 +46,7 @@ First, make sure your machine is updated: sudo dnf update ``` -Now, make sure the *dnf-utils* package is installed, and any command-line text editor you may want: +Now, make sure the `dnf-utils` package is installed, and any command-line text editor you may want: ```bash sudo dnf install dnf-utils From 56ccdc469dca2e93aa97ff12944bfec4852f8864 Mon Sep 17 00:00:00 2001 From: Ezequiel Bruni Date: Wed, 2 Feb 2022 18:57:44 -0600 Subject: [PATCH 12/17] Update docs/guides/web/nginx-mainline.md Co-authored-by: Antoine Le Morvan --- docs/guides/web/nginx-mainline.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guides/web/nginx-mainline.md b/docs/guides/web/nginx-mainline.md index 9cc29e22c9..ea7a2e2d47 100644 --- a/docs/guides/web/nginx-mainline.md +++ b/docs/guides/web/nginx-mainline.md @@ -52,7 +52,7 @@ Now, make sure the `dnf-utils` package is installed, and any command-line text e sudo dnf install dnf-utils ``` -Once that’s all installed, power up your text editor of choice. You’ll want to create a file called (for the sake of simplicity) “nginx.repo”, and put it in `/etc/yum.repos.d/`. You can do this real quick like so: +Once that’s all installed, power up your text editor of choice. You’ll want to create a file called (for the sake of simplicity) `nginx.repo`, and put it in `/etc/yum.repos.d/`. You can do this real quick like so: ```bash sudo nano /etc/yum.repos.d/nginx.repo From 560337826e55958002a1dc93bdf2fcde98f0f53b Mon Sep 17 00:00:00 2001 From: Ezequiel Bruni Date: Wed, 2 Feb 2022 18:59:03 -0600 Subject: [PATCH 13/17] Update docs/guides/web/nginx-mainline.md Co-authored-by: Antoine Le Morvan --- docs/guides/web/nginx-mainline.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guides/web/nginx-mainline.md b/docs/guides/web/nginx-mainline.md index ea7a2e2d47..dd4e2373e8 100644 --- a/docs/guides/web/nginx-mainline.md +++ b/docs/guides/web/nginx-mainline.md @@ -80,7 +80,7 @@ module_hotfixes=true This code basically just lets you use the *Nginx*-made-and-hosted repositories for CentOS, and it allows you use the previously-mentioned “stable” branch if you want to. I mean, don’t. But you could. -Save the file with Control-S (if using *nano*) and exit with Control-X. +Save the file with Control-S (if using `nano`) and exit with Control-X. ## Installing and Running Nginx From d0dff35269cee04995aeb498693ad2bfc2b20239 Mon Sep 17 00:00:00 2001 From: Ezequiel Bruni Date: Wed, 2 Feb 2022 18:59:16 -0600 Subject: [PATCH 14/17] Update docs/guides/web/nginx-mainline.md Co-authored-by: Antoine Le Morvan --- docs/guides/web/nginx-mainline.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guides/web/nginx-mainline.md b/docs/guides/web/nginx-mainline.md index dd4e2373e8..e948dffd8d 100644 --- a/docs/guides/web/nginx-mainline.md +++ b/docs/guides/web/nginx-mainline.md @@ -90,7 +90,7 @@ Now, let’s enable the repository file you just made with one simple command: sudo yum-config-manager --enable nginx-mainline ``` -Then, install *Nginx*: +Then, install the package `nginx` from the previously added repository: ```bash sudo dnf install nginx From 7f334ff6810a98537feaa5a5b79bbe9ed3e51690 Mon Sep 17 00:00:00 2001 From: Ezequiel Bruni Date: Fri, 4 Feb 2022 01:08:06 -0600 Subject: [PATCH 15/17] Edits, additions, and fixes --- docs/guides/web/nginx-mainline.md | 148 ++++++++++++++++++++++-------- 1 file changed, 110 insertions(+), 38 deletions(-) diff --git a/docs/guides/web/nginx-mainline.md b/docs/guides/web/nginx-mainline.md index e948dffd8d..4e77595bf1 100644 --- a/docs/guides/web/nginx-mainline.md +++ b/docs/guides/web/nginx-mainline.md @@ -25,7 +25,15 @@ What *you* can do, right now, is install the “mainline” branch of Nginx your !!! Note - There's another branch called "stable", but it's actually a little outdated for most use cases. The "mainline" branch is considered by the Nginx developers to be thoroughly-tested and stable enough for everyone to use. + There's another branch called "stable", but it's actually a little outdated for most use cases. It will receive no new features as they are developed, and only the most urgently-needed bug fixes and security upgrades. + + The developers of Nginx consider the "mainline" branch to be the well-tested and stable for general use, *as it gets all new features, all security fixes, and all bug fixes.* + + The only reasons to use the "stable" branch include: + * You *really* want to be sure that new features and big-fixes won't break any third-party code or custom code of your own. + * You want to stick with the Rocky Linux software repositories only. + + There will be a tutorial at the end of this guide detailing how to enable and install the "stable" branch with minimal fuss. ## Prerequisites and Assumptions @@ -38,7 +46,7 @@ You’ll need: ## Installing the Repository -This part isn’t quite as simple as installing an extra repository usually is. We’re going to have to create a custom repo file for *dnf* to use, and download *Nginx* from. Technically, we’re sort of repurposing repositories for CentOS that were made and hosted by *Nginx* themselves. This solution may or may not be viable in the long term, but it’s working great for now. +This part isn’t quite as simple as installing an extra repository usually is. We’re going to have to create a custom repo file for `dnf` to use, and download *Nginx* from. Technically, we’re sort of repurposing repositories for CentOS that were made and hosted by *Nginx* themselves. This solution may or may not be viable in the long term, but it’s working great for now. First, make sure your machine is updated: @@ -120,21 +128,33 @@ From there, you could just start dropping HTML files into the `/usr/share/nginx/ If you try to view a web page at your machine’s IP address or domain name from another computer, you’re probably going to get a big fat nothing. Well, that’ll be the case as long as you have a firewall up and running. -Here’s how to open up the necessary ports to actually see your web pages with `firewalld`, Rocky Linux’s default firewall with the `firewall-cmd` command. To add a new port, just run this: +Now to open up the necessary ports to actually see your web pages with `firewalld`, Rocky Linux’s default firewall with the `firewall-cmd` command. There are two ways to do it: the official way, and the manual way. *In this instance, the official way is best,* but you should know both for future reference. + +The official way opens up the firewall to the `http` service, which is of course the service that handles web pages. Just run this: ```bash -sudo firewall-cmd --permanent --zone=public --add-port=80/tcp +sudo firewall-cmd --permanent --zone=public --add-service=http ``` Let’s break this down: * The `-–permanent` flag tells the firewall to make sure this configuration is used every time the firewall is restarted, and when the server itself is restarted. * `–-zone=public` tells the firewall to take incoming connections to this port from everyone. -* Lastly, `–-add-port=80/tcp` tells the firewall to accept incoming connections over port 80, as long as they’re using the Transmission Control Protocol, which is what you want in this case. +* Lastly, `--add-service=http` tells `firewalld` to let all HTTP traffic through to the server. + +Now here's the manual way to do it. It's pretty much the same, except you're specifically opening up port 80, which is what the HTTP uses. + +```bash +sudo firewall-cmd --permanent --zone=public --add-port=80/tcp +``` -To repeat the process for SSL/HTTPS traffic, just run the command again, and change the number. +* `–-add-port=80/tcp` tells the firewall to accept incoming connections over port 80, as long as they’re using the Transmission Control Protocol, which is what you want in this case. + +To repeat the process for SSL/HTTPS traffic, just run the command again, and change the service and/or the port number. ```bash +sudo firewall-cmd --permanent --zone=public --add-service=http +# Or, in some other cases: sudo firewall-cmd --permanent --zone=public --add-port=443/tcp ``` @@ -152,7 +172,7 @@ sudo firewall-cmd --reload systemctl restart firewalld ``` -To make sure the ports have been added properly, run `firewall-cmd --list-all`. A properly-configured firewall will look a bit like this (I have a few extra ports open on my local server, ignore them): +To make sure the ports have been added properly, run `firewall-cmd --list-all`. A properly-configured firewall will look a bit like this: ```bash public (active) @@ -160,8 +180,8 @@ public (active) icmp-block-inversion: no interfaces: enp9s0 sources: - services: cockpit dhcpv6-client ssh - ports: 81/tcp 444/tcp 15151/tcp 80/tcp 443/tcp + services: cockpit dhcpv6-client ssh http https + ports: protocols: forward: no masquerade: no @@ -177,7 +197,11 @@ And that should be everything you need, firewall-wise. ![The Nginx welcome page](nginx/images/welcome-nginx.png) -It’s not much at all, but it means the server is working. +It’s not much at all, but it means the server is working. You can also test that your web page is working from the command line with: + +```bash +curl -I http://[your-ip-address] +``` ## Creating a Server User and Changing the Website Root Folder @@ -185,41 +209,43 @@ While you *can* just drop your website into the default directory and go (and th If you want to build multiple websites, it’s actually a good idea to create multiple users and root directories, both for the sake of organization and the sake of security. -In this guide, I’m going to have just the one user: a handsome devil named “www”. We’re going to put all of his website files under a directory in its home folder: `/home/www/`. You can actually put the folder anywhere you want, but on a dedicated server machine, using home folders makes perfect sense. +In this guide, I’m going to have just the one user: a handsome devil named “www”. Deciding where to put your website files gets more complicated. + +Depending on your server setup, you can put your website files in a couple of different places. If you're on a bare-metal (physical) server, or you're installing `nginx` directly on a VPS, you probably have Security Enhanced Linux (SELinux) running. SELinux is a tool that does a lot to protect your machine, but it also kind of dictates where you can put certain things, like web pages. + +So if you're installing `nginx` directly to your machine, then you'll want to put your websites in subdirectories of the default root folder. In this case, the default root is `/usr/share/nginx/html`, so the website for the “www” user might go into `/usr/share/nginx/html/www`. + +If you're running `nginx` in a container such as LXD/LXC, however, SELinux will likely *not* be installed, and you can put your files wherever you like. In this case, I like to put all of a user's website files under a directory in a normal home folder, like so: `/home/www/`. + +I'll continue this guide as though SELinux is installed, though. Just change what you need to based on your use case. You can also learn more about how SELinux works in [our guide on the subject](../security/learning_selinux.md). ### Creating the User First, we make the folder we’re going to use: ```bash -sudo mkdir /home/www/ +sudo mkdir /usr/share/nginx/html/www ``` Then, we create the user: ```bash -sudo adduser -g 'Nginx www user' -h /home/www/ www +sudo adduser -g 'Nginx www' -h /usr/share/nginx/html/www www --system --shell=/bin/false ``` -That command tells the machine to - -* Make a user called “www” (as per the last bit of text), -* put all of its files in `/home/www`, -* and add it to the following groups: “Nginx”, “www”, and “user”. +That command tells the machine to: -All three are important, but that “Nginx” group does some real magic. It allows the web server to read and modify files that belong to the “www” user, and the “www” user group. See the Rocky Linux [guide to user management](../../books/admin_guide/06-users.md) for more information. +* Make a user called “www” (as per the middle bit of text), +* put all of its files in `/usr/share/nginx/html/www`, +* and add it to the following groups: “Nginx”, “www”. +* The `--system` flag says that the user is not a human user, it's reserved for the system. If you want to create human user accounts to manage different websites, that's a whole other guide. +* `--shell=/bin/false` makes sure no one can even *try* to log in as the “www” user. -You will, at this point, be prompted to give the new user a password. Type it in, press Enter, and repeat. - -From now on, when you’re actually going to add files to your website, it’s a good idea to do it as the web server user. You can log in to the server user account with by running the following command, and then typing in that password you chose: - -```bash -sudo su www -``` +The “Nginx” group does some real magic. It allows the web server to read and modify files that belong to the “www” user, and the “www” user group. See the Rocky Linux [guide to user management](../../books/admin_guide/06-users.md) for more information. ### Changing the Server Root Folder -Now that you have your fancy new user account, it’s time to make *Nginx* look for your website files in that folder. It;s time to grab your favorite text editor again. +Now that you have your fancy new user account, it’s time to make `nginx` look for your website files in that folder. Grab your favorite text editor again. For now, just run: @@ -227,7 +253,7 @@ For now, just run: sudo nano /etc/nginx/conf.d ``` -When the file is open, look for the line that looks like `root /usr/share/nginx/html;`. Change it to your chosen website root folder, eg. `root /home/www;`. Save and close the file, then test your *Nginx* configuration to make sure you didn’t skip a semi-colon or anything: +When the file is open, look for the line that looks like `root /usr/share/nginx/html;`. Change it to your chosen website root folder, eg. `root /usr/share/nginx/html/www;` (or `/home/www` if you're running `nginx` in containers like I do). Save and close the file, then test your `nginx` configuration to make sure you didn’t skip a semi-colon or anything: ```bash nginx -t @@ -246,39 +272,85 @@ Then, give the server a soft restart with: sudo systemctl reload nginx ``` -If the soft restart doesn’t work, give *Nginx* a kick in the pants with: +!!! Note -```bash -sudo systemctl restart nginx -``` + In the unlikely event that the soft restart doesn’t work, give `nginx` a kick in the pants with: + + ```bash + sudo systemctl restart nginx + ``` Any HTML files in your new root folder should now be browsable from… your browser. ### Changing File Permissions -To make sure that *Nginx* can read, write to, and execute any files in the website directory, permissions need to be set properly, especially if you uploaded the files while using the root account. +To make sure that *`nginx` can read, write to, and execute any files in the website directory, permissions need to be set properly. First, make sure that all files in the root folder are owned by the server user and its user group with: ```bash -sudo chown -R www:www /home/www +sudo chown -R www:www /usr/share/nginx/html/www ``` -And then, to make sure that users who want to actually browse your website can actually see the pages, you should make you can run this command: +And then, to make sure that users who want to actually browse your website can actually see the pages, you should make you can run these commands (and yes, those semicolons matter): ```bash -sudo chmod -R 755 /home/www +sudo find /usr/share/nginx/html/www -type d -exec chmod 555 "{}" ; +sudo find /usr/share/nginx/html/www -type f -exec chmod 444 "{}" ; ``` -That basically gives everyone the right to look at files on the server, but not modify them. Only the owners get to do that. If you’re feeling paranoid, you can run that particular command every time you upload new HTML/CSS/JS/image files to a static website. +That basically gives everyone the right to look at files on the server, but not modify them. Only the root and server users get to do that. ## Additional Configuration Options and Guides * If you want to see how to make *Nginx* work with PHP, and PHP-FPM specifically, check out our [guide to PHP on Rocky Linux](../web/php.md). * Instructions on multi-site configuration are coming in another guide. Instructions for SSL certificates are coming as well, and this guide will be updated with links when they’re ready. +## Installing the Stable Branch From Rocky's Own Repos + +If you want to use the “stable” branch of `nginx`, even with its limitations, here's how you do it. First, make sure your OS is updated: + +```bash +sudo dnf update +``` + +Then, look for the latest `nginx` version available in the default repos with: + +```bash +sudo dnf module list nginx +``` + +That should get you a list that looks like this: + +```bash +Rocky Linux 8 - AppStream +Name Stream Profiles Summary +nginx 1.14 [d] common [d] nginx webserver +nginx 1.16 common [d] nginx webserver +nginx 1.18 common [d] nginx webserver +nginx 1.20 common [d] nginx webserver +``` + +Choose the highest number on the list, and enable its module like so: + +```bash +sudo dnf module enable nginx:1.20 +``` + +You'll be asked if you're sure you want to do this, so just choose `Y` as usual. Then, use the default command to install `nginx`: + +```bash +sudo dnf install nginx +``` + +Then you can enable the service and configure your server as detailed above. + +!!! Note + + The default configuration file, in this case, is in the base `nginx` configuration folder at `/etc/nginx/nginx.conf`. The root website folder is the same, though. + ## Conclusion -The basic installation and configuration of *Nginx* are easy, even if it’s more complicated than it should be to get the latest version. But, just follow the steps, and you’ll have one of the best server options out there up and running quickly. +The basic installation and configuration of `nginx` are easy, even if it’s more complicated than it should be to get the latest version. But, just follow the steps, and you’ll have one of the best server options out there up and running quickly. Now you just have to go and build yourself a website? What could that take, another ten minutes? *Sobs quietly in Web Designer* From 5ba4fea35e48052b02e25a1a7f731155a958d88d Mon Sep 17 00:00:00 2001 From: Ezequiel Bruni Date: Fri, 4 Feb 2022 02:04:24 -0600 Subject: [PATCH 16/17] Added 2 \ thingies --- docs/guides/web/nginx-mainline.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/guides/web/nginx-mainline.md b/docs/guides/web/nginx-mainline.md index 4e77595bf1..80329fc3b6 100644 --- a/docs/guides/web/nginx-mainline.md +++ b/docs/guides/web/nginx-mainline.md @@ -295,8 +295,8 @@ sudo chown -R www:www /usr/share/nginx/html/www And then, to make sure that users who want to actually browse your website can actually see the pages, you should make you can run these commands (and yes, those semicolons matter): ```bash -sudo find /usr/share/nginx/html/www -type d -exec chmod 555 "{}" ; -sudo find /usr/share/nginx/html/www -type f -exec chmod 444 "{}" ; +sudo find /usr/share/nginx/html/www -type d -exec chmod 555 "{}" \; +sudo find /usr/share/nginx/html/www -type f -exec chmod 444 "{}" \; ``` That basically gives everyone the right to look at files on the server, but not modify them. Only the root and server users get to do that. From 9e4ba1a25e355d00067d1e8fc5bd76694c0f7538 Mon Sep 17 00:00:00 2001 From: Steven Spencer Date: Fri, 4 Feb 2022 11:14:18 -0600 Subject: [PATCH 17/17] Editing pass - Nginx document * added "tested with: 8.5" to the meta information * slight wording changes (not much) * fix some technical errors with the `adduser` command options * fix the name of the nginx configuration (default.conf) * fully tested on a Rocky Linux container and the processes work --- docs/guides/web/.pages | 4 +++ docs/guides/web/nginx-mainline.md | 44 ++++++++++++++++++------------- 2 files changed, 29 insertions(+), 19 deletions(-) create mode 100644 docs/guides/web/.pages diff --git a/docs/guides/web/.pages b/docs/guides/web/.pages new file mode 100644 index 0000000000..c970ce1669 --- /dev/null +++ b/docs/guides/web/.pages @@ -0,0 +1,4 @@ +--- +nav: + - apache_hardened_webserver + - ... diff --git a/docs/guides/web/nginx-mainline.md b/docs/guides/web/nginx-mainline.md index 80329fc3b6..b4579eb714 100644 --- a/docs/guides/web/nginx-mainline.md +++ b/docs/guides/web/nginx-mainline.md @@ -1,7 +1,8 @@ --- title: Nginx author: Ezequiel Bruni -contributors: Steven Spencer (most likely) +contributors: Antoine Le Morvan, Steven Spencer +tested with: 8.5 --- # How to Install the Latest Nginx on Rocky Linux @@ -19,21 +20,21 @@ To give credit where credit is due, I came up with exactly none of this. In part * FastCGI support * And, of course, IPv6 -It’s great! So just `sudo dnf install nginx`, right? Well, not exactly. **Rocky Linux repositories don’t have the latest production-ready version of Nginx.** Since our goal is bug-for bug compatibility with Red Hat Enterprise Linux, you can always ask them to update their repos. Or asking the *Nginx* people might work better (you’ll see what I mean). +It’s great! So just `sudo dnf install nginx`, right? Well, not exactly. **Rocky Linux repositories don’t have the latest production-ready version of Nginx.** Since the goal for Rocky Linux is to be bug-for bug compatible with Red Hat Enterprise Linux, you can always ask Red Hat to update their repos. Or asking the *Nginx* people might work better (you’ll see what I mean). What *you* can do, right now, is install the “mainline” branch of Nginx yourself. It has all the latest updates and toys, and (to my mind) a simpler directory structure for its configuration files. Here’s how to see it all for yourself: -!!! Note +!!! Note + + There's another branch called "stable", but it's actually a little outdated for most use cases. It will receive no new features as they are developed, and only the most urgently-needed bug fixes and security upgrades. - There's another branch called "stable", but it's actually a little outdated for most use cases. It will receive no new features as they are developed, and only the most urgently-needed bug fixes and security upgrades. - - The developers of Nginx consider the "mainline" branch to be the well-tested and stable for general use, *as it gets all new features, all security fixes, and all bug fixes.* + The developers of Nginx consider the "mainline" branch to be well-tested and stable for general use, *as it gets all new features, all security fixes, and all bug fixes.* The only reasons to use the "stable" branch include: * You *really* want to be sure that new features and big-fixes won't break any third-party code or custom code of your own. * You want to stick with the Rocky Linux software repositories only. - There will be a tutorial at the end of this guide detailing how to enable and install the "stable" branch with minimal fuss. + There will be a tutorial at the end of this guide detailing how to enable and install the "stable" branch with minimal fuss. ## Prerequisites and Assumptions @@ -136,9 +137,9 @@ The official way opens up the firewall to the `http` service, which is of course sudo firewall-cmd --permanent --zone=public --add-service=http ``` -Let’s break this down: +Let’s break this down: -* The `-–permanent` flag tells the firewall to make sure this configuration is used every time the firewall is restarted, and when the server itself is restarted. +* The `-–permanent` flag tells the firewall to make sure this configuration is used every time the firewall is restarted, and when the server itself is restarted. * `–-zone=public` tells the firewall to take incoming connections to this port from everyone. * Lastly, `--add-service=http` tells `firewalld` to let all HTTP traffic through to the server. @@ -205,13 +206,13 @@ curl -I http://[your-ip-address] ## Creating a Server User and Changing the Website Root Folder -While you *can* just drop your website into the default directory and go (and this might be fine for *Nginx* when it’s running inside a container, or on a test/development server), it’s not what we call best practice. Instead, it’s a good idea to create a specific Linux user on your system for your website, and put your website files in a directory made just for that user. +While you *can* just drop your website into the default directory and go (and this might be fine for *Nginx* when it’s running inside a container, or on a test/development server), it’s not what we call best practice. Instead, it’s a good idea to create a specific Linux user on your system for your website, and put your website files in a directory made just for that user. -If you want to build multiple websites, it’s actually a good idea to create multiple users and root directories, both for the sake of organization and the sake of security. +If you want to build multiple websites, it’s actually a good idea to create multiple users and root directories, both for the sake of organization and the sake of security. In this guide, I’m going to have just the one user: a handsome devil named “www”. Deciding where to put your website files gets more complicated. -Depending on your server setup, you can put your website files in a couple of different places. If you're on a bare-metal (physical) server, or you're installing `nginx` directly on a VPS, you probably have Security Enhanced Linux (SELinux) running. SELinux is a tool that does a lot to protect your machine, but it also kind of dictates where you can put certain things, like web pages. +Depending on your server setup, you can put your website files in a couple of different places. If you're on a bare-metal (physical) server, or you're installing `nginx` directly on a VPS, you probably have Security Enhanced Linux (SELinux) running. SELinux is a tool that does a lot to protect your machine, but it also kind of dictates where you can put certain things, like web pages. So if you're installing `nginx` directly to your machine, then you'll want to put your websites in subdirectories of the default root folder. In this case, the default root is `/usr/share/nginx/html`, so the website for the “www” user might go into `/usr/share/nginx/html/www`. @@ -227,21 +228,26 @@ First, we make the folder we’re going to use: sudo mkdir /usr/share/nginx/html/www ``` +Next, create the www group: + +```bash +sudo groupadd www +``` Then, we create the user: ```bash -sudo adduser -g 'Nginx www' -h /usr/share/nginx/html/www www --system --shell=/bin/false +sudo adduser -G nginx -g www -d /usr/share/nginx/html/www www --system --shell=/bin/false ``` That command tells the machine to: -* Make a user called “www” (as per the middle bit of text), +* Make a user called “www” (as per the middle bit of text), * put all of its files in `/usr/share/nginx/html/www`, -* and add it to the following groups: “Nginx”, “www”. +* and add it to the following groups: “mginx” as supplemental , “www” as primary. * The `--system` flag says that the user is not a human user, it's reserved for the system. If you want to create human user accounts to manage different websites, that's a whole other guide. * `--shell=/bin/false` makes sure no one can even *try* to log in as the “www” user. -The “Nginx” group does some real magic. It allows the web server to read and modify files that belong to the “www” user, and the “www” user group. See the Rocky Linux [guide to user management](../../books/admin_guide/06-users.md) for more information. +The “nginx” group does some real magic. It allows the web server to read and modify files that belong to the “www” user, and the “www” user group. See the Rocky Linux [guide to user management](../../books/admin_guide/06-users.md) for more information. ### Changing the Server Root Folder @@ -250,7 +256,7 @@ Now that you have your fancy new user account, it’s time to make `nginx` look For now, just run: ```bash -sudo nano /etc/nginx/conf.d +sudo nano /etc/nginx/conf.d/default.conf ``` When the file is open, look for the line that looks like `root /usr/share/nginx/html;`. Change it to your chosen website root folder, eg. `root /usr/share/nginx/html/www;` (or `/home/www` if you're running `nginx` in containers like I do). Save and close the file, then test your `nginx` configuration to make sure you didn’t skip a semi-colon or anything: @@ -259,7 +265,7 @@ When the file is open, look for the line that looks like `root /usr/share/ngin nginx -t ``` -If you get the collowing success message, everything went right: +If you get the following success message, everything went right: ``` nginx: the configuration file /etc/nginx/nginx.conf syntax is ok @@ -284,7 +290,7 @@ Any HTML files in your new root folder should now be browsable from… your brow ### Changing File Permissions -To make sure that *`nginx` can read, write to, and execute any files in the website directory, permissions need to be set properly. +To make sure that *`nginx` can read, write to, and execute any files in the website directory, permissions need to be set properly. First, make sure that all files in the root folder are owned by the server user and its user group with: