Nginx:
client_max_body_size
PHP:
post_max_sizeupload_max_filesize
Tag Archives: nginx
SELinux policy for nginx and GitLab unix socket in Fedora 19
The installation of GitLab in Fedora 19 went fine. I followed the official installation guide with some deviations where necessary, mostly taken from the CentOS guide in gitlab-recipes. I setup nginx using the ssl config, and poked some holes in iptables. For systemd services I used these files.
Source: SELinux policy for nginx and GitLab unix socket in Fedora 19
Using SSL Certificates with HAProxy – Servers for Hackers
What programmers need to know about servers.
Source: Using SSL Certificates with HAProxy – Servers for Hackers
Configuring NGINX to accept the PROXY Protocol – NGINX
This article explains how to configure NGINX and NGINX Plus to accept the PROXY protocol. Table of Contents Introduction Using the PROXY protocol with SSL, HTTP/2, SPDY, and WebSocket Using the PROXY protocol with a TCP Stream Complete Example Introduction The PROXY protocol enables NGINX and NGINX Plus to receive client connection information passed through […]
Source: Configuring NGINX to accept the PROXY Protocol – NGINX
Shaving your RTT with TCP Fast Open – Bradley Falzon
Check out the recently released RFC on TCP Fast Open, a spec that allows most TCP connections to send data during the initial SYN packet – reducing the initial round trips required from 2 to 1. Excellent for HTTPS connections.
Source: Shaving your RTT with TCP Fast Open – Bradley Falzon
How to Generate SSL Certificate Chain for Nginx
I’m using Comodo Certificate, you will get these files from their email:
- Root CA Certificate –
AddTrustExternalCARoot.crt - Intermediate CA Certificate –
UTNAddTrustSGCCA.crt - Intermediate CA Certificate –
ComodoUTNSGCCA.crt - Intermediate CA Certificate –
EssentialSSLCA_2.crt - Your EssentialSSL Certificate –
www_example_com.crt
Correct order:
- Your EssentialSSL Certificate –
www_example_com.crt - Intermediate CA Certificate –
EssentialSSLCA_2.crt - Intermediate CA Certificate –
ComodoUTNSGCCA.crt - Intermediate CA Certificate –
UTNAddTrustSGCCA.crt - Root CA Certificate –
AddTrustExternalCARoot.crt
You can create a chained certificate required by Nginx:
cat www_example_com.crt EssentialSSLCA_2.crt ComodoUTNSGCCA.crt UTNAddTrustSGCCA.crt AddTrustExternalCARoot.crt > example.com.chained.crt
In fact, you can only need the first three certificates: most systems have their root CA.
cat www_example_com.crt EssentialSSLCA_2.crt ComodoUTNSGCCA.crt > example.com.chained.crt
Update Mar 21, 2015:
Comodo updated their certificates filename, so the correct order now is:
- Your EssentialSSL Certificate –
www_example_com.crt - Intermediate CA Certificate –
COMODORSADomainValidationSecureServerCA.crt - Intermediate CA Certificate –
COMODORSAAddTrustCA.crt - Root CA Certificate –
AddTrustExternalCARoot.crt
cat www_example_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt > example.com.chained.crt
logrotate for nginx
vi /etc/logrotate.d/nginx
/srv/www/*/logs/*log {
daily
missingok
rotate 52
compress
delaycompress
notifempty
create 640 nginx adm
}
# debug logrotate -d /etc/logrotate.conf
# focus logrotate with verbose info logrotate -f -v /etc/logrotate.conf
Debian 手動編譯安裝 nginx + PHP-FPM 指北
目前網上各種不靠譜的自動化安裝腳本不計其數。nginx + PHP-FPM 教程也不多,本篇備忘錄重點針對 PHP-FPM 安裝,參考 nginx 官方 docs 與 Slicehost wiki 編寫而成
Continue reading