Install Nginx as a Reverse Proxy on Fedora 27

scottalanmiller

@brandon220 said in Install Nginx as a Reverse Proxy on Fedora 27:

What is a good "size" for a VM that is strictly a reverse proxy? Would 20Gb be sufficient as it is not storing any data other than log files?

Likely just fine. I use 24GB for small servers like this. And 32GB for the big ones.

scottalanmiller

I thin provision, so a little extra is no problem for me.

wirestyle22

@scottalanmiller Yeah, thin provisioning makes sense for something like this for sure

coliver

@wirestyle22 said in Install Nginx as a Reverse Proxy on Fedora 27:

@scottalanmiller Yeah, thin provisioning makes sense for something like this for sure

For almost everything thin provisioning makes sense. I'm sure there is an exception to the rule but I can't think of one off the top of my head.

black3dynamite

@coliver said in Install Nginx as a Reverse Proxy on Fedora 27:

@wirestyle22 said in Install Nginx as a Reverse Proxy on Fedora 27:

@scottalanmiller Yeah, thin provisioning makes sense for something like this for sure

For almost everything thin provisioning makes sense. I'm sure there is an exception to the rule but I can't think of one off the top of my head.

Databases?

scottalanmiller

@black3dynamite said in Install Nginx as a Reverse Proxy on Fedora 27:

@coliver said in Install Nginx as a Reverse Proxy on Fedora 27:

@wirestyle22 said in Install Nginx as a Reverse Proxy on Fedora 27:

@scottalanmiller Yeah, thin provisioning makes sense for something like this for sure

For almost everything thin provisioning makes sense. I'm sure there is an exception to the rule but I can't think of one off the top of my head.

Databases?

That would generally be it. HOWEVER, I normally put my DB on thin provisioning and have a separate, dedicated storage just for the data (DB files) which is thick provisioned.

Or if on Scale, the main storage gets a low HEAT score and the dedicated DB files gets set to 11.

coliver

@scottalanmiller said in Install Nginx as a Reverse Proxy on Fedora 27:

Or if on Scale, the main storage gets a low HEAT score and the dedicated DB files gets set to 11.

JaredBusch

@scottalanmiller said in Install Nginx as a Reverse Proxy on Fedora 27:

@black3dynamite said in Install Nginx as a Reverse Proxy on Fedora 27:

@coliver said in Install Nginx as a Reverse Proxy on Fedora 27:

@wirestyle22 said in Install Nginx as a Reverse Proxy on Fedora 27:

@scottalanmiller Yeah, thin provisioning makes sense for something like this for sure

For almost everything thin provisioning makes sense. I'm sure there is an exception to the rule but I can't think of one off the top of my head.

Databases?

That would generally be it. HOWEVER, I normally put my DB on thin provisioning and have a separate, dedicated storage just for the data (DB files) which is thick provisioned.

Or if on Scale, the main storage gets a low HEAT score and the dedicated DB files gets set to 11.

It depends on how much your database grows. Then provisioning is still just fine if the database size is fairly stable

Donahue

@JaredBusch said in Install Nginx as a Reverse Proxy on Fedora 27:

Before you can request your SSL certificate, you have to have a valid configuration file in place listening on port 80.
Nginx stores the configuration files in /etc/nginx/conf.d/, so let's make our nextcloud.conf.
I am not going to go aver all the pieces here. If you want ot know more about what all these settings mean, go look them up.
Finally, this is a sample base don Nextcloud. Change it to fit your application needs.
The structure may look strange at first, but there is a method to my madness. It is based on how certbot --nginx works.

cat > /etc/nginx/conf.d/nextcloud.conf <<EOF
server {
    client_max_body_size 40M;
    server_name nc.domain.com;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;
    proxy_redirect off;
    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://10.150.0.17;
        proxy_redirect off;
        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
##    ssl_stapling on;
##    ssl_stapling_verify on;
##    ssl_session_cache shared:SSL:10m;
##    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
    listen 80;
}
##server {
##    client_max_body_size 40M;
#    listen 80;
##    server_name nc.domain.com;
##    return 301 https://$host$request_uri;
##}
EOF

NOTE: This is on purpose only one # while the others have two, # listen 80;.

Test the config

nginx -t

When I run this step, I get an error.

[root@nginx ~]# nginx -t
nginx: [emerg] invalid number of arguments in "proxy_set_header" directive in /etc/nginx/conf.d/nextcloud.conf:4
nginx: configuration file /etc/nginx/nginx.conf test failed

travisdh1

@Donahue said in Install Nginx as a Reverse Proxy on Fedora 27:

@JaredBusch said in Install Nginx as a Reverse Proxy on Fedora 27:

Before you can request your SSL certificate, you have to have a valid configuration file in place listening on port 80.
Nginx stores the configuration files in /etc/nginx/conf.d/, so let's make our nextcloud.conf.
I am not going to go aver all the pieces here. If you want ot know more about what all these settings mean, go look them up.
Finally, this is a sample base don Nextcloud. Change it to fit your application needs.
The structure may look strange at first, but there is a method to my madness. It is based on how certbot --nginx works.

cat > /etc/nginx/conf.d/nextcloud.conf <<EOF
server {
    client_max_body_size 40M;
    server_name nc.domain.com;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;
    proxy_redirect off;
    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://10.150.0.17;
        proxy_redirect off;
        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
##    ssl_stapling on;
##    ssl_stapling_verify on;
##    ssl_session_cache shared:SSL:10m;
##    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
    listen 80;
}
##server {
##    client_max_body_size 40M;
#    listen 80;
##    server_name nc.domain.com;
##    return 301 https://$host$request_uri;
##}
EOF

NOTE: This is on purpose only one # while the others have two, # listen 80;.

Test the config

nginx -t

When I run this step, I get an error.

[root@nginx ~]# nginx -t
nginx: [emerg] invalid number of arguments in "proxy_set_header" directive in /etc/nginx/conf.d/nextcloud.conf:4
nginx: configuration file /etc/nginx/nginx.conf test failed

You've got the same thing in both the server { and location / { sections. If that's not a copy/paste error, remove them from the server { section.

Donahue

I figured out that step. Somehow it only pasted some of the arguments in there. I am still waiting on the DNS A record before I can move on

Donahue

@travisdh1 said in Install Nginx as a Reverse Proxy on Fedora 27:

@Donahue said in Install Nginx as a Reverse Proxy on Fedora 27:

@JaredBusch said in Install Nginx as a Reverse Proxy on Fedora 27:

Before you can request your SSL certificate, you have to have a valid configuration file in place listening on port 80.
Nginx stores the configuration files in /etc/nginx/conf.d/, so let's make our nextcloud.conf.
I am not going to go aver all the pieces here. If you want ot know more about what all these settings mean, go look them up.
Finally, this is a sample base don Nextcloud. Change it to fit your application needs.
The structure may look strange at first, but there is a method to my madness. It is based on how certbot --nginx works.

cat > /etc/nginx/conf.d/nextcloud.conf <<EOF
server {
    client_max_body_size 40M;
    server_name nc.domain.com;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;
    proxy_redirect off;
    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://10.150.0.17;
        proxy_redirect off;
        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
##    ssl_stapling on;
##    ssl_stapling_verify on;
##    ssl_session_cache shared:SSL:10m;
##    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
    listen 80;
}
##server {
##    client_max_body_size 40M;
#    listen 80;
##    server_name nc.domain.com;
##    return 301 https://$host$request_uri;
##}
EOF

NOTE: This is on purpose only one # while the others have two, # listen 80;.

Test the config

nginx -t

When I run this step, I get an error.

[root@nginx ~]# nginx -t
nginx: [emerg] invalid number of arguments in "proxy_set_header" directive in /etc/nginx/conf.d/nextcloud.conf:4
nginx: configuration file /etc/nginx/nginx.conf test failed

You've got the same thing in both the server { and location / { sections. If that's not a copy/paste error, remove them from the server { section.

that's not mine, that is from @JaredBusch

scottalanmiller

@Donahue said in Install Nginx as a Reverse Proxy on Fedora 27:

I figured out that step. Somehow it only pasted some of the arguments in there. I am still waiting on the DNS A record before I can move on

Why do you need an A record?

Donahue

@scottalanmiller said in Install Nginx as a Reverse Proxy on Fedora 27:

@Donahue said in Install Nginx as a Reverse Proxy on Fedora 27:

I figured out that step. Somehow it only pasted some of the arguments in there. I am still waiting on the DNS A record before I can move on

Why do you need an A record?

I need an external DNS record. Certbot failed because it said it needed an A record.

scottalanmiller

@Donahue said in Install Nginx as a Reverse Proxy on Fedora 27:

@scottalanmiller said in Install Nginx as a Reverse Proxy on Fedora 27:

@Donahue said in Install Nginx as a Reverse Proxy on Fedora 27:

I figured out that step. Somehow it only pasted some of the arguments in there. I am still waiting on the DNS A record before I can move on

Why do you need an A record?

I need an external DNS record. Certbot failed because it said it needed an A record.

OIC

Donahue

I've got to wait for my DNS provider to put in the record for me, which I am told will be done "sometime today". We will see, but I kinda doubt it.

scottalanmiller

@Donahue said in Install Nginx as a Reverse Proxy on Fedora 27:

I've got to wait for my DNS provider to put in the record for me, which I am told will be done "sometime today". We will see, but I kinda doubt it.

How long would it take to move to a good DNS provider?

scottalanmiller

Rhetorical question, answer is "about two hours."

JaredBusch

@scottalanmiller said in Install Nginx as a Reverse Proxy on Fedora 27:

@Donahue said in Install Nginx as a Reverse Proxy on Fedora 27:

I've got to wait for my DNS provider to put in the record for me, which I am told will be done "sometime today". We will see, but I kinda doubt it.

How long would it take to move to a good DNS provider?

The problem is that his entire domain is apparently outsource and not in theri control. Or this would be trivial.

JaredBusch

@scottalanmiller said in Install Nginx as a Reverse Proxy on Fedora 27:

Rhetorical question, answer is "about two hours."

And then 24 hours for replication