3.1 KiB
3.1 KiB
Update package list and install nginx
sudo apt update
sudo apt-get install nginx-full
Backup the default config
sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak
(Optional) Obtain SSL certificates using Let's Encrypt (replace <your_domain> with your actual domain)
If you want to use self-signed certificates, generate them instead.
Example for Let's Encrypt:
sudo apt install -y certbot python3-certbot-nginx
sudo certbot --nginx -d <your_domain>
Edit the default config (replace the server block with the following)
sudo tee /etc/nginx/sites-available/default > /dev/null <<'EOF'
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
location / {
# This will just serve the static page /var/www/html/index.html
try_files $uri $uri/ =404;
}
}
EOF
Edit Nginx.conf
do not put the stream[{} block inside http
sudo nano /etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events { worker_connections 768; }
# Add the stream section here, outside http {}
stream {
upstream managers_http {
server lead.swarm.mngoma.lab:80;
server follow.swarm.mngoma.lab:80;
}
server {
listen 80;
proxy_pass managers_http;
}
upstream managers_https {
server lead.swarm.mngoma.lab:443;
server follow.swarm.mngoma.lab:443;
}
server {
listen 443;
proxy_pass managers_https;
}
}
http {
## ... your existing http config here ...
}
Edit nginx conf
nano /etc/nginx/nginx.conf
# ONLY necessary if not handled by /etc/nginx/modules-enabled/
# load_module /usr/lib/nginx/modules/ngx_stream_module.so;
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
}
# ========== STREAM PROXY (Layer 4 TCP) ==========
stream {
upstream managers_http {
server lead.swarm.mngoma.lab:80;
server follow.swarm.mngoma.lab:80;
}
server {
listen 80;
proxy_pass managers_http;
}
upstream managers_https {
server lead.swarm.mngoma.lab:443;
server follow.swarm.mngoma.lab:443;
}
server {
listen 443;
proxy_pass managers_https;
}
}
# ========== HTTP CONFIG ==========
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
##
# Include virtual host configurations
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
Test and reload nginx
sudo nginx -t
sudo systemctl reload nginx
Log trace
tail -f /var/log/nginx/error.log /var/log/nginx/access.log