See also

Basic Authentication

Create basic authentication (like htaccess in apache2)

location /shared_videos {
        autoindex on;
        auth_basic "Restricted Content";
        auth_basic_user_file /etc/nginx/.htpasswd;

Authentication on all vhost pages

server {
        auth_basic "Restricted Content";
        auth_basic_user_file /etc/nginx/.htpasswd;


You can create htpassword

openssl passwd -6
mkpasswd -m SHA-512

Then add user login and password hashed in /etc/nginx/.htpasswd


Real IP in logs

Behind a HAProxy load balancer, to get real client IP address in logs,
create configuration file /etc/nginx/conf.d/real_ip.conf:
set_real_ip_from; # haproxy
real_ip_header X-Forwarded-For;
real_ip_recursive on;

Support PHP

Install php and php-fpm packages
Add lines in your php-nedeed vhost
location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/run/php/php<php_version>-fpm.sock;


Get your configured socket

grep -v "^#.*$\|^;.*$\|^$" /etc/php/7.0/fpm/pool.d/www.conf

Check your active socket

pgrep php-fpm -a
24563 php-fpm: master process (/etc/php/7.0/fpm/php-fpm.conf)
24564 php-fpm: pool www
24565 php-fpm: pool www

lsof -p 24563 | awk '$9 ~ /.*\.sock$/{print $9}'

Create PHP-FPM pool

Copy default pool configuration

grep -v "^#.*$\|^;.*$\|^$" /etc/php/7.0/fpm/pool.d/www.conf > guisam.conf

Edit the new configuration file, change pool name, user and listen value

user = guillaume
listen = /run/php/php7.0-fpm.guillaume.sock

php_admin_value[memory_limit] = 256M

Update nginx configuration

location ~ \.php$ {
  try_files $uri =404;
  fastcgi_split_path_info ^(.+\.php)(/.+)$;
  fastcgi_pass unix:/run/php/php7.0-fpm.guillaume.sock;
  fastcgi_index index.php;
  include fastcgi.conf;

Restart/reload nginx and php-fpm service, then check pools:

pgrep php-fpm -a
1605 php-fpm: master process (/etc/php/7.0/fpm/php-fpm.conf)
1606 php-fpm: pool
1607 php-fpm: pool
1608 php-fpm: pool www
1609 php-fpm: pool www

Errors pages

error_page 404 /404.html;
location  /404.html {