nginx

Modules
# List modules
nginx -V

Sites
# /etc/nginx/sites-available/www.example.com.conf
server {
server_name www.example.com;
listen 443 ssl;

root /usr/share/nginx/www/;

ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;

sub_filter_once off;
sub_filter "Welcome" "Sello";
}

server {
server_name www.example.com;
listen 80;

root /usr/share/nginx/www/;

access_log /var/log/nginx/access_www.example.com.log;
error_log /var/log/nginx/error_www.example.com.log debug;

sub_filter_once off;
sub_filter "Welcome" "Hello";
}

Options
# allow body size / upload up to 10 MB
http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
client_max_body_size 10M;

Snippets
location /foo {
if ( $request_method != 'POST' ) {
return 400;
}
}

# disable cache
location stuffyoudontwanttocache {
proxy_no_cache 1; # don't cache it
proxy_cache_bypass 1; # even if cached, don't try to use it
}
# expires 1s;

# redirect to https
if ($ssl_protocol = "") {
return 301 https://$server_name$request_uri;
}

# directory listing / autoindex
https://www.keycdn.com/support/nginx-directory-index/
location /foo/ {
autoindex on;
}

https://www.nginx.com/resources/wiki/modules/fancy_index/
https://github.com/aperezdc/ngx-fancyindex
apt-get install -y nginx-extras
cat /etc/nginx/sites-available/default
...
location /foo/ {
fancyindex on;
fancyindex_exact_size off;
}

location / {
fancyindex on;
fancyindex_ignore "lost\+found";
}

IMAPS forward
# /etc/nginx/nginx.conf
stream {
server {
listen 993;

allow 10.0.1.10;
deny all;

proxy_pass 10.0.3.187:993;
}
}

Proxy over SSH tunnel
ssh -g -R 8182:gitlab.example.com:80 nginx.example.com

ip addr add 127.0.0.2/32 dev eno1:1
echo "127.0.0.2 gitlab.example.com" >> /etc/hosts

cat < /etc/nginx/conf.d/gitlab.example.com.conf
server {
listen gitlab.example.com:80;
server_name gitlab.example.com;
location / {
proxy_pass http://127.0.0.1:8182;
}
}

service nginx reload

GeoIP
http://www.mylinuxtips.info/linuxtipstutorials/webservers/how-to-block-countries-on-nginx-with-geoip-module/

Rate Limiting
https://www.nginx.com/blog/rate-limiting-nginx/
https://medium.freecodecamp.org/nginx-rate-limiting-in-a-nutshell-128fe9e0126c
https://product.reverb.com/first-line-of-defense-blocking-bad-post-requests-using-nginx-rate-limiting-507f4c6eed7b
https://serverfault.com/questions/177461/how-to-rate-limit-in-nginx-but-including-excluding-certain-ip-addresses

Dynamic module load
https://fancyte.ch/nginx-unknown-directive-after-upgrading-to-ubuntu-18-lts/

Links
https://www.nginx.com/blog/tcp-load-balancing-udp-load-balancing-nginx-tips-tricks/#TCPLB
http://wiki.nginx.org/Configuration
http://wiki.nginx.org/HttpSubsModule
http://wiki.nginx.org/NginxHttpSubsModule
https://askubuntu.com/questions/553937/what-is-the-difference-between-the-core-full-extras-and-light-packages-for-ngi
https://www.nginx.com/resources/admin-guide/restricting-access/
http://openresty.org/en/