nginx Setup
How to successfully install and set up nginx.
This guide describes how to install nginx on Debian 10 and for using the PureLife Cloud configure. Installation is optional and required if access to the PureLife Cloud web app is to be secured (e.g. using an SSL certificate).
Installation
1. We recommend using the current version of nginx. For this, the official nginx package sources should be apt to be added.
echo "deb http://nginx.org/packages/debian `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
curl -L https://nginx.org/keys/nginx_signing.key | sudo apt-key add -
sudo apt-get update
2. After that, nginx can be installed.
# Official nginx package source
sudo apt-get install nginx
# If the standard Debian package source is used
# sudo apt-get install nginx-full
Configuration
The following section assumes that mosquitto is installed on the same server and has started. If this is not the case, the configuration must be adjusted.
1. Download the h5bp configuration.
mkdir /tmp/nginx-boilerplate
cd /tmp/nginx-boilerplate/
wget https://github.com/h5bp/server-configs-nginx/archive/refs/heads/main.zip
7z x main.zip
sudo cp -r server-configs-nginx-main/h5bp/ /etc/nginx/
sudo cp server-configs-nginx-main/nginx.conf /etc/nginx/nginx.conf
sudo cp server-configs-nginx-main/mime.types /etc/nginx/mime.types
cd /etc/nginx/
rm -r /tmp/nginx-boilerplate/
2. Check if the configuration was recognized correctly.
sudo nginx -t
3. Create a configuration file for the domain.
touch /etc/nginx/conf.d/my.domain.com.conf
4. Open the file with a text editor and paste the following.
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name my.domain.com www.my.domain.com;
# SSL config
ssl_certificate /path/to/your/fullchain.pem;
ssl_certificate_key /path/to/your/key.pem;
ssl_trusted_certificate /path/to/your/fullchain.pem;
# HSTS aktivieren
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
include h5bp/tls/ssl_engine.conf;
include h5bp/tls/policy_balanced.conf;
include h5bp/tls/ocsp_stapling.conf;
# Adjustments for basic.conf
include h5bp/security/referrer-policy.conf;
# include h5bp/security/x-content-type-options.conf; # # Sent through PureLife Cloud
# include h5bp/security/x-frame-options.conf; # Sent through PureLife Cloud
include h5bp/location/security_file_access.conf;
include h5bp/cross-origin/requests.conf;
# Redirect from http to https on the same port
error_page 497 https://$server_name:$server_port$request_uri;
# To allow special characters in headers
ignore_invalid_headers off;
http2_push_preload on; # Enable HTTP/2 Server Push
# PureLife Cloud SSE-Verbindung
location /api/v1/sse {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header Connection '';
proxy_http_version 1.1;
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
proxy_pass http://purelife-cloud-backend;
}
location /api/v1/system/live-log {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header Connection '';
proxy_http_version 1.1;
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
proxy_pass http://purelife-cloud-backend;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_buffers 256 16k;
proxy_buffer_size 16k;
proxy_read_timeout 300s;
client_max_body_size 50M;
proxy_http_version 1.1;
proxy_hide_header X-Version-Id;
proxy_pass http://purelife-cloud-backend;
}
}
5. Check if nginx recognized the configuration correctly.
sudo nginx -t
6. Restart nginx.
sudo systemctl reload nginx.service