nginx

Though nginx is now the default web server software, you may still be using (or may have switched to) Apache. Nginx can be used to configure and run pages and software accessible via HTTP and HTTPS. You'll likely find nginx easier to configure, faster and more lightweight than Apache.

You'll need to execute some commands via SSH to get the full use out of this software, though it can be set up via FTP. There is a separate guide on how to connect to your slot via SSH. Commands are kept as simple as possible and in most cases will simply need to be copied and pasted into the terminal window (then executed by pressing the Enter key).

Table of contents

Installation

Install nginx by logging in via SSH, then copying and pasting the following:

mkdir ~/.nginx

You can also create this directory using your (S)FTP software of choice. Either way, every 5 minutes the system will scan slots and if it sees an empty .nginx directory it will stop Apache and install nginx for you. That's it!

Installation notes

In addition to the basic installation, the following will also automatically happen (or be attempted):

  • PHP will be configured
  • Domains served from ~/www
  • ruTorrent will be password protected using a .conf> file
  • An SCGI mount point will be created for rTorrent at /username/RPC
  • Access to areas of ruTorrent which don't need web access will be denied
  • Access to all files beginning with .ht will be denied
  • Access to any directory with a .htaccess file will be denied

Configuring before starting nginx

As above, the auto-configuration will seek to block access to anything reliant on .htaccess files. Nginx relies on its own configuration files instead - you should look to either convert .htaccess to an nginx config file or, if the software page has a section for nginx users reconfigure according to those instructions. You can review by comparison, using the documentation for the various Apache and nginx documentation.

Once you've reviewed and amended the previous Apache configurations for nginx you can remove its deny-htaccess.conf file from ~/.nginx/conf.d/000-default-server.d

Starting, stopping and restarting

As nginx is started by the system, you'll only be able to kill it: the system will start it up for you automatically every five minutes.

To kill nginx simply run this command via SSH:

pkill -fu "$(whoami)" 'nginx'

You can then check if any part of nginx is still running with ps x | grep nginx | grep -v grep.

Using nginx

Nginx is used via config files which tell the web server what you want to do. This page won't go into much detail on that - software in our software section will contain the specific information you need to configure for nginx.

After you've made your changes you'll need to reload nginx. This is not the same as restarting it (though restarting it would of course reload the configs too). You can reload by running this command:

/usr/sbin/nginx -s reload -c ~/.nginx/nginx.conf

At this point you'll receive an alert. This is normal and is not an error as such:

[server ~] /usr/sbin/nginx -s reload -c ~/.nginx/nginx.conf
nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
2017/06/03 07:49:30 [notice] 7309#0: signal process started

Errors generally stop nginx from coming back to life post-reload, so you can always run the check command from above to confirm if nginx is running.

Advanced usage

HTTPS

Every slot comes with HTTP and HTTPS set up at: http://username.server.feralhosting.com/ and https://server.feralhosting.com/username/ (you will need to replace your username and server).

For non-Feral domains HTTPS can be set up if you supply your own certificates. In the past this required using and setting up a forwarded port; this is no longer the case. You will need to create two files and then wait five minutes for them to be installed:

~/www/example.com/https.crt
A PEM certificate for use in nginx's ssl_certificate. The format of a PEM .crt file contains one or more certificates each looking like a much longer version of:
-----BEGIN CERTIFICATE-----
random text
-----END CERTIFICATE-----
~/www/example.com/https.key
An RSA certificate for use in nginx's ssl_certificate_key. The format of the .key is a single certificate and looks like a much longer version of:
-----BEGIN RSA PRIVATE KEY-----
random text
-----END RSA PRIVATE KEY-----

A source for free certificates can be found at www.sslforfree.com.

Force HTTPS

The nginx variable $http_x_forwarded_proto will be either http or https. Add the following to each server { ... } stanza under ~/.nginx/conf.d to force a redirect to HTTPS:

if ( $http_x_forwarded_proto != 'https' ) {
    return 301 https://$host$request_uri;
}

PHP version

Your slot will automatically execute any file ending in .php as a PHP file. Feral uses the PHP version installed by the OS, relies on it for security updates and tests software against this version. If you require a specific version of PHP then you can install your own version to your home folder via:

  1. Select the latest PHP version from php.net/downloads.
  2. Follow the generic install guide to install it to your home folder from source running this alternative configure step: ./configure --enable-fpm --prefix=$HOME
  3. Create a symlink in ~/.nginx/php/start to point to your installed php-fpm executable. Try ln -s ~/sbin/php-fpm ~/.nginx/php/start to create the symlink.
  4. Restart PHP with the command pkill php-fpm and wait five minutes for it to be restarted.
  5. Periodically update PHP by installing (steps 1 and 2). Updates are crucial to keeping your slot secure.

This is considered an advanced usage of a slot because it requires a lot of up-front Linux knowledge and ongoing maintenance. It should only be done if you have a specific reason.

Troubleshooting

If you experience issues or crashes using nginx the first thing to try and do is restart the software using the command listed in the section above, "Starting, stopping and restarting"

Nginx will not start

This can happen if nginx is reloaded or restarted via any means and is normally related to a config change you've made that is invalid. Even if you made the changes a long time ago, since nginx will only try to load them on reload/restart it might be a while before the error comes to light. You can often see the problematic change by running the reload command:

[server ~/.nginx/conf.d/000-default-server.d] /usr/sbin/nginx -s reload -c ~/.nginx/nginx.conf
nginx: [alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
2017/06/03 07:50:11 [emerg] 15787#0: invalid port in upstream "10.0.0.1:/" in /media/sda1/user/.nginx/conf.d/000-default-server.d/sonarr.conf:8

In the above example, there isn't a port in the Sonarr config, so naturally an invalid port issue arises. In this case, adding the correct port Sonarr is listening is what's required. Alternatively, if no longer required, you can delete the config. Either way, you'll need to run the reload command again.

Uninstallation

pkill -9 -fu "$(whoami)" 'nginx'
rm -rf ~/.nginx