Nginx

Install EPEL
Install EPEL to get Nginx, which is not in the standard repos. For RHEL7/CentOS 7:

cd /tmp wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm sudo yum localinstall epel-release-latest-7.noarch.rpm

Install Nginx
Then, install Nginx:

sudo yum install nginx

Start Nginx
You will need to start Nginx before you can use it:

sudo systemctl start nginx

Allow Nginx through the firewall
For Firewalld:

For UFW (used because firewalld has issues with docker): enable http (port 80) and https (443):

sudo ufw enable http sudo ufw enable https

Enable Nginx at Boot
If you can go to port http://localhost:80, it works. Then enable Nginx to start at every boot:

sudo systemctl enable nginx

Create a folder for HTTP Hosting
should probably use www-data group

Out of convention, we usually use  to host any static data for our websites. This way, we can give the  group full access over this directory.

sudo mkdir -p /var/www/ sudo chown -R nginx:nginx /var/www/ Note: The following only applies if you are using RHEL or if SELinux is set to enforcing on CentOS. Creating a specific folder where websites are served from also helps because SELinux restricts what directories Nginx can read, for safety (no reason why Nginx should be allowed to read home or system directories).

But first we have to explain to SELinux what typical usage looks like. You’ll also need to allow Nginx to access your folder (Otherwise you’ll get 403 Forbidden error).


 * 1) chcon -Rt httpd_sys_content_t /var/www/

Proxy Pass
Some apps run their own HTTP servers, which are meant to be proxied into Nginx.

We’ll also have to provide an SELinux policy exception for Nginx so proxy pass will work (otherwise it will be blocked):


 * 1) setsebool -P httpd_can_network_connect true

Server Blocks
I find it useful to use Debian-style server blocks instead of conf.d, since server blocks can be dedicated to a single domain and disabled by removing the sites-enabled link.

But that’s just me, and it can get tedious for other people who find linking to be extra work.

https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-server-blocks-on-centos-7

Server Info Pages
I find it useful to have Server Info Pages that give basic info about the server, stuff that an nmap on the IP could tell anyone in the first place.

The server info page is also on a subdomain with the true name of the server, and not shown by default.

More Info: Server Info Pages