Config Nginx as Static file server

Posted on

Here is very rich video to learn Nginx 

   server {
         listen 80;
         server_name static.chaoyu.nl;
         return 301 https://$server_name$request_uri;
   }
   server {
        listen       443 ssl;
        ssl_certificate "/sslcerts/certificate.crt";
        ssl_certificate_key "/sslcerts/certificate.key";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers PROFILE=SYSTEM;
        ssl_prefer_server_ciphers on;

        server_name  static.chaoyu.nl
        root  /usr/share/nginx/;
        add_header Access-Control-Allow-Origin *;

        location /{
            include /etc/nginx/mime.types;
        }
        location /static-dev {
            include /etc/nginx/mime.types;
            alias  /usr/share/nginx/static/app_name1;
        }
        location /static-acc {
            include /etc/nginx/mime.types;
            alias  /usr/share/nginx/static/app_name2;

        }
        location /static-docker {
            include /etc/nginx/mime.types;
            alias  /usr/share/nginx/static/app_name3;
        }
   }

Config Linux user / groups to allow filezillar connection with key files

sudo groupadd sftpusergroup
sudo useradd mysftpuser

add user to group , append after its primary group ( which is not wat we want) 

sudo usermod -a -G examplegroup exampleusername

we need to add sftpusergroup as the primary group, that way when a user create a folder all users in this groups would have the correct rights.

sudo usermod -g examplegroup exampleusername

Give mysftpuser a password

sudo passwd mysftpuser
sudo nano /etc/ssh/sshd_config

find PasswordAuthentication no and change no to yes for now.

restart sshd

sudo systemctl restart sshd.service
#login with newly created user 
ssh mysftpuser@your_server_ip
#enter pwd
#create .ssh folder
mkdir .ssh
#create authorized_keys file
nano authorized_keys
# put your public key here 
# check .ssh permission and authorized_keys permission
# they must match the below pic

Here is a handy web app to calculate from drwx to number

chmod 700 .ssh/
.ssh folder permission (700)
chmod 600 .ssh/authorized_keys
authorized_kyes permission (600)

Once file/folder permission is set correctly, we need to disable password authentication

sudo nano /etc/ssh/sshd_config
#find PasswordAuthentication yes and change to no
sudo systemctl restart sshd.service

Go to /usr/share/nginx with your opc/ or any user has root rights

# create new static folder and assign the group to sftpusergroup , which is mysftpuser's group. 
# this is needed if you want to write / upload js, images, css to this static folder via filezillar 
sudo mkdir static
sudo chgrp sftpusergroup static/ -R

If you have more users using this static file folder and more sub folders will be created, it is handly to set default group permission to RWX

sudo setfacl -R -dm g::rwx /yourfolder
# -R recrusive --recursive
# -d default 
# -m modity

man setfacl #to read more about

Leave a Reply