NGINX

Installation

sudo apt-get install nginx
sudo systemctl enable nginx
sudo systemctl start nginx

sudo amazon-linux-extras install nginx1
sudo systemctl enable nginx
sudo systemctl start nginx

sudo dnf install nginx
sudo systemctl enable nginx
sudo systemctl start nginx

sudo yum install epel-release
sudo yum install nginx
sudo systemctl enable nginx
sudo systemctl start nginx

How to configure HTTP or HTTPS to serve OKA

For HTTPS: create self-signed certificates if you don’t have your own

mkdir /etc/ssl/private
chmod 700 /etc/ssl/private
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt

While we are using OpenSSL, we should also create a strong Diffie-Hellman group, which is used in negotiating Perfect Forward Secrecy with clients. We can do this by typing: openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048.

This may take a few minutes, but when it’s done you will have a strong DH group at /etc/ssl/certs/dhparam.pem that we can use in our configuration.

Configure NGINX

The standard nginx.conf file must be present with a content similar to:

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections  1024;
}


http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
}

OKA creates two example configuration files for NGINX in ${OKA_INSTALL_DIR}/conf: one for HTTP (oka.nginx.conf), and one for HTTPS (oka.nginx_ssl.conf). You need to copy the one that suits your needs (HTTP or HTTPS) to /etc/nginx/conf.d/, and adapt it to your configuration (e.g., certificates path…).