Nginx

See also

Basic Authentication

Create basic authentication (like htaccess in apache2)

location /shared_videos {
        autoindex on;
        auth_basic "Restricted Content";
        auth_basic_user_file /etc/nginx/.htpasswd;
}

Authentication on all vhost pages

server {
        ...
        auth_basic "Restricted Content";
        auth_basic_user_file /etc/nginx/.htpasswd;
        ...
}

Tip

You can create htpassword

openssl passwd -6
...
mkpasswd -m SHA-512

Then add user login and password hashed in /etc/nginx/.htpasswd

toto:$6$xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Real IP in logs

Behind a HAProxy load balancer, to get real client IP address in logs,
create configuration file /etc/nginx/conf.d/real_ip.conf:
set_real_ip_from 10.1.0.1; # haproxy
real_ip_header X-Forwarded-For;

Support PHP

Install php and php-fpm packages
Add lines in your php-nedeed vhost
location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/run/php/php<php_version>-fpm.sock;
}

Tip

Get your configured socket

grep -v "^#.*$\|^;.*$\|^$" /etc/php/7.0/fpm/pool.d/www.conf

Check your active socket

pgrep php-fpm -a
24563 php-fpm: master process (/etc/php/7.0/fpm/php-fpm.conf)
24564 php-fpm: pool www
24565 php-fpm: pool www

lsof -p 24563 | awk '$9 ~ /.*\.sock$/{print $9}'
/run/php/php7.0-fpm.sock

Create PHP-FPM pool

Copy default pool configuration

grep -v "^#.*$\|^;.*$\|^$" /etc/php/7.0/fpm/pool.d/www.conf > guisam.conf

Edit the new configuration file, change pool name, user and listen value

[blog.guisam.xyz]
user = guillaume
...
listen = /run/php/php7.0-fpm.guillaume.sock
...

php_admin_value[memory_limit] = 256M

Update nginx configuration

location ~ \.php$ {
  try_files $uri =404;
  fastcgi_split_path_info ^(.+\.php)(/.+)$;
  fastcgi_pass unix:/run/php/php7.0-fpm.guillaume.sock;
  fastcgi_index index.php;
  include fastcgi.conf;
}

Restart/reload nginx and php-fpm service, then check pools:

pgrep php-fpm -a
1605 php-fpm: master process (/etc/php/7.0/fpm/php-fpm.conf)
1606 php-fpm: pool blog.guisam.xyz
1607 php-fpm: pool blog.guisam.xyz
1608 php-fpm: pool www
1609 php-fpm: pool www