Linux 4 All

Best Linux tricks source

Posts in the nginx category

When Nginx is running on a server behind a Load Balancer, by default all traffic will come from Load Balancer IP, thus Nginx will only log the Load Balancer IP. In order to get your visitor real IP address, you can use X-Forwarded-For header.

In order to configure Nginx to log real IP address, add the following to nginx.conf, http section:

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    set_real_ip_from 127.0.0.1; # Varnish IP address
    set_real_ip_from 10.0.0.0/8; # Load Balancer IP range

    real_ip_header X-Forwarded-For;
    real_ip_recursive on;

Here is how to install a SSL certificate for Apache and Nginx:

1. Apache: edit the virtual host:


SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/site.crt
SSLCACertificateFile /etc/pki/tls/certs/site.ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/site.key

2. Nginx: you need to combine site certificate and CA bundle into one single file. Add those entries to server part of nginx configuration file:

ssl_certificate /etc/pki/tls/certs/site+CA.crt;
ssl_certificate_key /etc/pki/tls/private/site.key;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
#ssl_prefer_server_ciphers on;

Remember to check ssl keys before restarting nginx or apache.