Here is very rich video to learn Nginx
server {
listen 80;
server_name static.chaoyu.nl;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
ssl_certificate "/sslcerts/certificate.crt";
ssl_certificate_key "/sslcerts/certificate.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers PROFILE=SYSTEM;
ssl_prefer_server_ciphers on;
server_name static.chaoyu.nl
root /usr/share/nginx/;
add_header Access-Control-Allow-Origin *;
location /{
include /etc/nginx/mime.types;
}
location /static-dev {
include /etc/nginx/mime.types;
alias /usr/share/nginx/static/app_name1;
}
location /static-acc {
include /etc/nginx/mime.types;
alias /usr/share/nginx/static/app_name2;
}
location /static-docker {
include /etc/nginx/mime.types;
alias /usr/share/nginx/static/app_name3;
}
}
Config Linux user / groups to allow filezillar connection with key files
sudo groupadd sftpusergroup
sudo useradd mysftpuser
add user to group , append after its primary group ( which is not wat we want)
sudo usermod -a -G examplegroup exampleusername
we need to add sftpusergroup as the primary group, that way when a user create a folder all users in this groups would have the correct rights.
sudo usermod -g examplegroup exampleusername
Give mysftpuser a password
sudo passwd mysftpuser
sudo nano /etc/ssh/sshd_config
find PasswordAuthentication no and change no to yes for now.
restart sshd
sudo systemctl restart sshd.service
#login with newly created user
ssh mysftpuser@your_server_ip
#enter pwd
#create .ssh folder
mkdir .ssh
#create authorized_keys file
nano authorized_keys
# put your public key here
# check .ssh permission and authorized_keys permission
# they must match the below pic
Here is a handy web app to calculate from drwx to number
chmod 700 .ssh/
chmod 600 .ssh/authorized_keys
Once file/folder permission is set correctly, we need to disable password authentication
sudo nano /etc/ssh/sshd_config
#find PasswordAuthentication yes and change to no
sudo systemctl restart sshd.service
Go to /usr/share/nginx with your opc/ or any user has root rights
# create new static folder and assign the group to sftpusergroup , which is mysftpuser's group.
# this is needed if you want to write / upload js, images, css to this static folder via filezillar
sudo mkdir static
sudo chgrp sftpusergroup static/ -R
If you have more users using this static file folder and more sub folders will be created, it is handly to set default group permission to RWX
sudo setfacl -R -dm g::rwx /yourfolder
# -R recrusive --recursive
# -d default
# -m modity
man setfacl #to read more about