---
title: 01 Nginx
description: 
published: true
date: 2023-05-03T03:18:59.950Z
tags: 
editor: markdown
dateCreated: 2023-05-03T01:58:59.345Z
---


# Install and Configure Nginx
eNGINe X is a very powerful webserver, It can do many things and is highly configurable.

We will use it as a reverse proxy to forward requests to the correct container.

Create some folders in your home directory

	mkdir -p ~/docker/nginx

Now create a docker compose file in that directory

	vim ~/docker/nginx/docker-compose.yml

Add in the following text

```
version: '3'

services:
  nginx:
    image: nginx:latest
    container_name: nginx
    restart: always
    volumes:
      - /data/nginx/config:/etc/nginx
      - /data/nginx/log/error.log:/var/log/error.log
      - /data/nginx/log/access.log:/var/log/access.log
      - /etc/letsencrypt/:/etc/letsencrypt/
      - /etc/localtime:/etc/localtime:ro
    ports:
      - 80:80
      - 443:443
```

First we need to create a folder for the configuration

	sudo mkdir -p /data/nginx/config

We need to add the nginx configuration file

	sudo vim /data/nginx/config/nginx.conf

Add in the following text

```
# Global Settings
user                 nginx;
pid                  /var/run/nginx.pid;
worker_processes     auto;
worker_rlimit_nofile 65535;

events {
    multi_accept       on;
    worker_connections 1024;
}


# Web Traffic
http {
  charset utf-8;
  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  server_tokens off;
  error_log /var/log/error.log warn;
  access_log /var/log/access.log;
  proxy_cache_path /etc/nginx/cache keys_zone=one:500m max_size=1000m;
  types_hash_max_size 2048;
  types_hash_bucket_size 64;
  client_max_body_size 16M;
  client_body_buffer_size 16M;
  client_header_buffer_size 16M;
  large_client_header_buffers 2 16M;

  # MIME
  default_type           application/octet-stream;

  # Limits
  limit_req_log_level    warn;
  limit_req_zone         $binary_remote_addr zone=login:10m rate=10r/m;

  # SSL
  ssl_session_timeout    1d;
  ssl_session_cache      shared:SSL:10m;
  ssl_session_tickets    off;
  ssl_protocols          TLSv1.2 TLSv1.3;
  ssl_stapling           on;
  ssl_stapling_verify    on;

  # Services
  include /etc/nginx/services/*.active;
}
```

Nginx should be good now, lets start the container

	sudo docker-compose -f ~/docker/nginx/docker-compose.yml up -d
  
We will create 2 folders for future use auth is for password protected services and services is where nginx will look for server configuration

	sudo mkdir -p /data/nginx/config/services && sudo mkdir -p /data/nginx/config/auth

Now we only need to setup fail2ban for Nginx, so create the following file

	sudo vim /etc/fail2ban/filter.d/nginxx.local

add in the following content

```
[INCLUDES]
before = common.conf

[Definition]
failregex = ^<HOST>.*"(GET|POST).*" (400|401|403|404|405|406|407|423|429) .*$
```

This will ban everyone getting any of the error codes in the failregex line.

Now we need to activate the filter in our main fail2ban configuration file

	sudo vim /etc/fail2ban/jail.local
  
Add the following to the bottom

```
## Nginx
[nginxx]
enabled = true
logpath = /data/nginx/log/access.log
```

Restart fail2ban to make the changes take effect

	sudo systemctl restart fail2ban