Oracle linux nginx install

Install the NGINX Web Server and Proxy on Oracle Linux 8

Before You Begin

This tutorial provides instructions for installing the NGINX web server and enabling it on Oracle Linux 8.

Background

NGINX is a lightweight HTTP/S server that is capable of higher performance and lower memory use than a typical Apache web server deployment. However, this performance gain comes at the cost of some functionality and flexibility. NGINX has also gained in popularity as a powerful proxy service that is capable of functioning as a direct HTTP proxy, a reverse proxy with caching, an SMTP, POP3 or IMAP proxy or as a generic TCP/UDP proxy. NGINX also provides load balancing services with fault tolerance.

On earlier Oracle Linux versions, the NGINX web server was provided as part of a software collection package. The web server package is now directly available from the Oracle Linux 8 Application Streams repository and therefore simpler to deploy and configure.

What Do You Need?

• Any system with Oracle Linux 8 installed

(Hands-on Lab) Connect to the Compute Instance

Note: This step is specific to the Oracle provided free lab environment.

The Desktop environment will display before the instance(s) are ready. Deployment of this environment can take two to five minutes, depending on the number of resources and provisioning steps needed.

First, to access the lab compute instance(s), connect to the Oracle Cloud Console and copy the compute instance Public IP address.

1. Sign in to Oracle Cloud Console, and select your Compartment.
2. Click Instances.

Copy the Public IP to a temporary location (such as a text file) on your computer.

To copy, highlight the IP address with the mouse and press Ctrl+C.

Connect to the instance.

Where is the IP address copied from the Oracle Cloud Console.

Accept the ECDSA key fingerprint by typing yes at the prompt.

You are now connected to the compute instance for this lab.

If the connection fails with the Permission denied (publickey,gssapi-keyex,gssapi-with-mic) message, wait a bit longer for the provisioning process to complete and try making the ssh connection again.

Install and enable NGINX

Install the NGINX package

The following command installs the NGINX package and all of its dependencies:

Enable and start the NGINX service

To enable and start the NGINX service for immediate access and make the service start automatically after a reboot, run the following command:

The service starts a web server that listens on TCP port 80 by default. To check the status of the service, run this command:

Configure firewall rules (Optional)

If you are using a custom firewall profile or an Oracle Cloud Infrastructure instance, open the firewall port for the NGINX web service (80).

These commands enable the firewall port for the NGINX web service and reload the default firewall service:

Note that in the demonstration environment, the instance has a public facing IP address and no network security is applied. Depending on your production environment, you may need to configure additional security list rules or update your network security group configuration.

Test your deployment

With your web browser, go to the domain name or IP address of the compute instance. This is the same IP address that you used to SSH into the instance.

The NGINX web server opens the default test page /usr/share/nginx/html/index.html .

Create a custom NGINX configuration

To change the root path for your web server, do not edit the /etc/nginx/nginx.conf file directly. Instead, as a preferred method, create a site-specific configuration in the /etc/nginx/conf.d directory. For example, create the file /etc/nginx/conf.d/default.conf and populate it with a configuration for your site.

The following steps can be used to set up a dedicated site configuration:

Create a directory to host a new site

Create an index.html file to display to visitors to the new site.

Update the permissions to provide ownership of the directory to the nginx process and to set the appropriate SELinux security context.

Create a custom NGINX configuration at /etc/nginx/conf.d/default.conf for visitors to the server IP address.

Replace the value with the public IP address for the instance.

Restart the NGINX web service to load the new configuration.

Confirm that the page is updated when you visit the public IP address for the instance by using a web browser.

You can debug and view any connection issues by tailing the log files:

Use Ctrl-C to exit the tail application when you are finished watching the log files.

Configure HTTPS to secure your service

As a best practice, secure all communications between a web browser and your NGINX server by using HTTPS. For a secure setup, a TLS certificate is required.

Configure your TLS/SSL certificates

Oracle strongly recommends using a TLS certificate that has been signed by an external Certficate Authority (CA). See https://docs.oracle.com/en/operating-systems/oracle-linux/certmanage/ for more information.

For the purpose of this demonstration, you can use a self-signed certificate. To create the certificate and key, run the following command:

Replace the value with the public IP address for the instance.

Create a directory to store the keys and certificates for NGINX.

Copy the certificate to /etc/pki/nginx/server.crt and the key file to /etc/pki/nginx/private/server.key .

Update the NGINX configuration

Replace the /etc/nginx/conf.d/default.conf file to include a configuration for a TLS enabled web site and include a 301 redirect for HTTP traffic to be referred to the HTTPS site.

Replace the values with the public IP address for the instance.

Note that if you are hosting for multiple domains, you can specify different ssl_certificate and ssl_certificate_key values for each server_name configuration that you create in the /etc/nginx/conf.d directory.

Restart the NGINX service to load the new configuration.

Configure the firewall (optional)

Enable the firewall port (443) for the NGINX HTTPS web service and reload the default firewall service.

Confirm that HTTPS is working correctly

Open a browser and navigate to http:// / . The browser should redirect to https:// / .

Most browsers display a security risk warning when accessing a site that uses a self-signed certificate. You can accept the risk warning in this case to confirm that the site is working as expected.

The warning is not displayed if you use a CA signed certificate.

Additional Information

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.

Install the NGINX Web Server and Proxy on Oracle Linux 8

Copyright © 2021, Oracle and/or its affiliates.

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.

The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.

If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable:

U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are «commercial computer software» pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.

This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.

This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle.

Источник

Install the NGINX Web Server and Proxy on Oracle Linux 8

Before You Begin

This tutorial provides instructions for installing the NGINX web server and enabling it on Oracle Linux 8.

Background

NGINX is a lightweight HTTP/S server that is capable of higher performance and lower memory use than a typical Apache web server deployment. However, this performance gain comes at the cost of some functionality and flexibility. NGINX has also gained in popularity as a powerful proxy service that is capable of functioning as a direct HTTP proxy, a reverse proxy with caching, an SMTP, POP3 or IMAP proxy or as a generic TCP/UDP proxy. NGINX also provides load balancing services with fault tolerance.

On earlier Oracle Linux versions, the NGINX web server was provided as part of a software collection package. The web server package is now directly available from the Oracle Linux 8 Application Streams repository and therefore simpler to deploy and configure.

What Do You Need?

• Any system with Oracle Linux 8 installed

(Hands-on Lab) Connect to the Compute Instance

Note: This step is specific to the Oracle provided free lab environment.

The Desktop environment will display before the instance(s) are ready. Deployment of this environment can take two to five minutes, depending on the number of resources and provisioning steps needed.

First, to access the lab compute instance(s), connect to the Oracle Cloud Console and copy the compute instance Public IP address.

1. Sign in to Oracle Cloud Console, and select your Compartment.
2. Click Instances.

Copy the Public IP to a temporary location (such as a text file) on your computer.

To copy, highlight the IP address with the mouse and press Ctrl+C.

Connect to the instance.

Where is the IP address copied from the Oracle Cloud Console.

Accept the ECDSA key fingerprint by typing yes at the prompt.

You are now connected to the compute instance for this lab.

If the connection fails with the Permission denied (publickey,gssapi-keyex,gssapi-with-mic) message, wait a bit longer for the provisioning process to complete and try making the ssh connection again.

Install and enable NGINX

Install the NGINX package

The following command installs the NGINX package and all of its dependencies:

Enable and start the NGINX service

To enable and start the NGINX service for immediate access and make the service start automatically after a reboot, run the following command:

The service starts a web server that listens on TCP port 80 by default. To check the status of the service, run this command:

Configure firewall rules (Optional)

If you are using a custom firewall profile or an Oracle Cloud Infrastructure instance, open the firewall port for the NGINX web service (80).

These commands enable the firewall port for the NGINX web service and reload the default firewall service:

Note that in the demonstration environment, the instance has a public facing IP address and no network security is applied. Depending on your production environment, you may need to configure additional security list rules or update your network security group configuration.

Test your deployment

With your web browser, go to the domain name or IP address of the compute instance. This is the same IP address that you used to SSH into the instance.

The NGINX web server opens the default test page /usr/share/nginx/html/index.html .

Create a custom NGINX configuration

To change the root path for your web server, do not edit the /etc/nginx/nginx.conf file directly. Instead, as a preferred method, create a site-specific configuration in the /etc/nginx/conf.d directory. For example, create the file /etc/nginx/conf.d/default.conf and populate it with a configuration for your site.

The following steps can be used to set up a dedicated site configuration:

Create a directory to host a new site

Create an index.html file to display to visitors to the new site.

Update the permissions to provide ownership of the directory to the nginx process and to set the appropriate SELinux security context.

Create a custom NGINX configuration at /etc/nginx/conf.d/default.conf for visitors to the server IP address.

Replace the value with the public IP address for the instance.

Restart the NGINX web service to load the new configuration.

Confirm that the page is updated when you visit the public IP address for the instance by using a web browser.

You can debug and view any connection issues by tailing the log files:

Use Ctrl-C to exit the tail application when you are finished watching the log files.

Configure HTTPS to secure your service

As a best practice, secure all communications between a web browser and your NGINX server by using HTTPS. For a secure setup, a TLS certificate is required.

Configure your TLS/SSL certificates

Oracle strongly recommends using a TLS certificate that has been signed by an external Certficate Authority (CA). See https://docs.oracle.com/en/operating-systems/oracle-linux/certmanage/ for more information.

For the purpose of this demonstration, you can use a self-signed certificate. To create the certificate and key, run the following command:

Replace the value with the public IP address for the instance.

Create a directory to store the keys and certificates for NGINX.

Copy the certificate to /etc/pki/nginx/server.crt and the key file to /etc/pki/nginx/private/server.key .

Update the NGINX configuration

Replace the /etc/nginx/conf.d/default.conf file to include a configuration for a TLS enabled web site and include a 301 redirect for HTTP traffic to be referred to the HTTPS site.

Replace the values with the public IP address for the instance.

Note that if you are hosting for multiple domains, you can specify different ssl_certificate and ssl_certificate_key values for each server_name configuration that you create in the /etc/nginx/conf.d directory.

Restart the NGINX service to load the new configuration.

Configure the firewall (optional)

Enable the firewall port (443) for the NGINX HTTPS web service and reload the default firewall service.

Confirm that HTTPS is working correctly

Open a browser and navigate to http:// / . The browser should redirect to https:// / .

Most browsers display a security risk warning when accessing a site that uses a self-signed certificate. You can accept the risk warning in this case to confirm that the site is working as expected.

The warning is not displayed if you use a CA signed certificate.

Additional Information

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.

Install the NGINX Web Server and Proxy on Oracle Linux 8

Copyright © 2021, Oracle and/or its affiliates.

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.

The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.

If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable:

U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are «commercial computer software» pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.

This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.

This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle.

Источник