Nginx disable logging

 

To disable logging in nginx we need to change values of access_log and error_log to off.

Lets say if you have config file for website example.com in sites-enabled and you want to disable logging for it.

Just open configuration file related to your website and look for access_log & error_log in server block, change their values to off.

server {
listen 80 default;
server_name *.example.com;

root /var/www/;
index index.php;
access_log off;
error_log off;
....
....
....
}

We can also disable logging for specific patters also, lets say for images or for particular path.

To disable logging for images add following code in in server block:

location ~* \.(gif|jpg|png) {
access_log off;
...
}

To disable logging for particular path(here I am blocking /images/):

location ^~ /images/ {
access_log off;
...
}

After doing any changes in your site nginx conf, just restart nginx and test.
After restarting nginx logging should be disabled.

Nginx ssl_error_rx_record_too_long

 

While trying to configuring Nginx with ssl I got error saying that “ssl_error_rx_record_too_long“.

After debugging about the issue, following change in configuration file resolved the issue:

In my nginx.conf file I have written as:

listen 443;

I changed above configuration as following:

listen 443 ssl;

After changing configuration I restarted Nginx and it worked without any issue.

 

Nginx redirect www to domain

 

To redirect all www request to domain name in Nginx use following rule:

server {
    server_name  www.domain.com;
    rewrite ^(.*) http://domain.com$1 permanent;
}

server {
    server_name  domain.com;
    #The rest of your configuration goes here#
}

Above rule will redirect all requests coming to http://www.domain.com to domain.com

In other way above rule will strip www from url.

After adding above rule restart nginx to make the rule work.

nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)

Recently when I am playing with nginx stuck with following error

nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)

Whenever this kind of error occurs I used to get port details with netstat and kill that process using process ID.

This time I am unable to get port usage details with netstat and stuck with this error for some time.

After exploring little bit on web following command is helped me to resolve above issue:

$ sudo fuser -k 80/tcp

Output:

80/tcp:              28461

fuser command will identify process using files or socket.

Here I am using socket to identify the process and killed the process with  -k argument.

After running above command the issues is resolved and I am able to start nginx.

 

How to view nginx status

 

To view nginx status some configuration upgrade is required in nginx.conf

I used following configuration to get nginx status:

location = /nginx_status {
  stub_status on;
  allow 192.168.2.20;
  deny all;
}

Since its not a good idea to give access of nginx_status url, I am allowing only one IP and denying all.

After changing configuration restart nginx and view configuration from url http://yourhostname/ngins_status

Output of url looks something like below:

Active connections: 1 
server accepts handled requests
 10 10 55 
Reading: 0 Writing: 1 Waiting: 0

Nginx allow only one ip

 

To allow only one IP to access add following line in nginx.conf file:

server {
    listen 80;
    server_name www.example.com;

    location / {
      root /var/www/;

      allow   add.your.ip.here;
      deny    all;
    }
  }

Two lines that are bold in above configuration are important to achieve this functionality.

After adding above configuration restart nginx and try to test. Expect from your IP is should not allow access to any other IP.

Nginx password protect website

 

Whenever there was requirement to protect a webiste or a particular folder in website with some username and password, we are used to do it with Apache2/Apache HTTP.

This time I thought to try with Nginx.

Here I am proxy passing all requests with upstream and I wanted to protect it some username and password.

Again I used apach2-utils module to protect website.

Install apache2-utils:

$ apt-get install apache2-utils

Now create a user with some password:

$ htpasswd -c /etc/nginx/conf.d/.htpasswd/passwd username

where username is some username as you wish, it will ask for password just enter some password.

After creating usename and password add following configuration nginx.conf’s http module.

upstream appcluster {

server 192.168.2.20:8080;
}

server {
listen *;
location / {
proxy_pass http://appcluster;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/conf.d/.htpasswd/passwd;
proxy_set_header X-Real-IP $remote_addr;

}

Upstream module will proxy pass all request that are coming to your hostname to port 8080 of ip 192.168.2.20.

After adding above configuration restart nginx and try to access you hostname, it should ask username and password.

In above configuration following 2 lines are responsible for protecting your website:

auth_basic "Restricted";
auth_basic_user_file /etc/nginx/conf.d/.htpasswd/passwd;

After adding all configurations in nginx.conf, following is my http module:

http {

##
# Basic Settings
##

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

include /etc/nginx/mime.types;

default_type application/octet-stream;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;
gzip_disable "msie6";

upstream appcluster {

server 192.168.2.20:8080;
}

server {
listen *;
location / {
proxy_pass http://appcluster;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/conf.d/.htpasswd/passwd;
proxy_set_header X-Real-IP $remote_addr;

}
}
}