Initial Commit

Guides/Docker/01Nginx.md

@@ -0,0 +1,145 @@
+---
+title: 01 Nginx
+description: 
+published: true
+date: 2023-05-03T03:18:59.950Z
+tags: 
+editor: markdown
+dateCreated: 2023-05-03T01:58:59.345Z
+---
+
+
+# Install and Configure Nginx
+eNGINe X is a very powerful webserver, It can do many things and is highly configurable.
+
+We will use it as a reverse proxy to forward requests to the correct container.
+
+Create some folders in your home directory
+
+	mkdir -p ~/docker/nginx
+
+Now create a docker compose file in that directory
+
+	vim ~/docker/nginx/docker-compose.yml
+
+Add in the following text
+
+```
+version: '3'
+
+services:
+  nginx:
+    image: nginx:latest
+    container_name: nginx
+    restart: always
+    volumes:
+      - /data/nginx/config:/etc/nginx
+      - /data/nginx/log/error.log:/var/log/error.log
+      - /data/nginx/log/access.log:/var/log/access.log
+      - /etc/letsencrypt/:/etc/letsencrypt/
+      - /etc/localtime:/etc/localtime:ro
+    ports:
+      - 80:80
+      - 443:443
+```
+
+First we need to create a folder for the configuration
+
+	sudo mkdir -p /data/nginx/config
+
+We need to add the nginx configuration file
+
+	sudo vim /data/nginx/config/nginx.conf
+
+Add in the following text
+
+```
+# Global Settings
+user                 nginx;
+pid                  /var/run/nginx.pid;
+worker_processes     auto;
+worker_rlimit_nofile 65535;
+
+events {
+    multi_accept       on;
+    worker_connections 1024;
+}
+
+
+# Web Traffic
+http {
+  charset utf-8;
+  sendfile on;
+  tcp_nopush on;
+  tcp_nodelay on;
+  server_tokens off;
+  error_log /var/log/error.log warn;
+  access_log /var/log/access.log;
+  proxy_cache_path /etc/nginx/cache keys_zone=one:500m max_size=1000m;
+  types_hash_max_size 2048;
+  types_hash_bucket_size 64;
+  client_max_body_size 16M;
+  client_body_buffer_size 16M;
+  client_header_buffer_size 16M;
+  large_client_header_buffers 2 16M;
+
+  # MIME
+  default_type           application/octet-stream;
+
+  # Limits
+  limit_req_log_level    warn;
+  limit_req_zone         $binary_remote_addr zone=login:10m rate=10r/m;
+
+  # SSL
+  ssl_session_timeout    1d;
+  ssl_session_cache      shared:SSL:10m;
+  ssl_session_tickets    off;
+  ssl_protocols          TLSv1.2 TLSv1.3;
+  ssl_stapling           on;
+  ssl_stapling_verify    on;
+
+  # Services
+  include /etc/nginx/services/*.active;
+}
+```
+
+Nginx should be good now, lets start the container
+
+	sudo docker-compose -f ~/docker/nginx/docker-compose.yml up -d
+  
+We will create 2 folders for future use auth is for password protected services and services is where nginx will look for server configuration
+
+	sudo mkdir -p /data/nginx/config/services && sudo mkdir -p /data/nginx/config/auth
+
+Now we only need to setup fail2ban for Nginx, so create the following file
+
+	sudo vim /etc/fail2ban/filter.d/nginxx.local
+
+add in the following content
+
+```
+[INCLUDES]
+before = common.conf
+
+[Definition]
+failregex = ^<HOST>.*"(GET|POST).*" (400|401|403|404|405|406|407|423|429) .*$
+```
+
+This will ban everyone getting any of the error codes in the failregex line.
+
+Now we need to activate the filter in our main fail2ban configuration file
+
+	sudo vim /etc/fail2ban/jail.local
+  
+Add the following to the bottom
+
+```
+## Nginx
+[nginxx]
+enabled = true
+logpath = /data/nginx/log/access.log
+```
+
+Restart fail2ban to make the changes take effect
+
+	sudo systemctl restart fail2ban