Force HTTPS when using AWS ELB and nginx

You only have to setup the SSL certificate on Amazon ELB instead of every EC2 instance that behind ELB, normally you only receive HTTP traffic from Amazon ELB that serves both HTTP and HTTPS endpoints. The problem is that forcing HTTPS will result in a redirect loop when nginx only listens 80 port. A solution is forwarding HTTPS requests to another port, like 1443, in Amazon ELB.

Amazon ELB

Listeners configurations:

HTTP 80 >> HTTP 80
HTTPS 443 >> HTTP 1443

and health check target port should be HTTP:1443 instead of HTTP:80 or HTTPS:443.

nginx

in /etc/nginx/sites-available/your_website.conf

server {
    listen 80;
    server_name yahoo.streetvoice.com;
    rewrite ^ https://$host$request_uri? permanent;
}

server {
    listen 1443;
    server_name yahoo.streetvoice.com;

    ...
}

ref:
http://serverfault.com/questions/619971/redirect-all-http-requests-behind-amazon-elb-to-https-without-using-if
http://scottwb.com/blog/2013/10/28/always-on-https-with-nginx-behind-an-elb/

nginx as load balancer

WSGI using uWSGI and nginx on Ubuntu
https://library.linode.com/web-servers/nginx/python-uwsgi/ubuntu-12.04-precise-pangolin

HTTP 负载均衡模块(HTTP Upstream)
http://www.howtocn.org/nginx:nginx%E6%A8%A1%E5%9D%97%E5%8F%82%E8%80%83%E6%89%8B%E5%86%8C%E4%B8%AD%E6%96%87%E7%89%88:standardhttpmodules:httpupstream

nginx 負載平衡的策略
http://wenku.baidu.com/view/175894c708a1284ac850438a.html

Nginx 模块推荐 Session 粘连
http://www.php-oa.com/2012/03/15/nginx-sticky-upstream-check.html

使用 nginx sticky 实现基于 cookie 的负载均衡
http://www.ttlsa.com/nginx/nginx-modules-nginx-sticky-module/

ref:
http://blog.csdn.net/ydt619/article/details/5954632
http://www.wubin.org.cn/?action=show&id=78

svcn-web1 自己當 nginx load balancer

upstream django_cluster {
    ip_hash;
    # or
    least_conn;
    server 100.100.100.70:8000 weight=3; # svtw-web1
    server 100.100.100.71:8000 weight=4; # svtw-web2
    server 100.100.100.72:8000 weight=4; # svtw-web3
    ...
}

server {
    listen  80;
    server_name  streetvoice.cn;
    charset  utf-8;
    client_max_body_size  75M;

    location /asset  {
        alias /data/storage/asset;
        access_log off;
    }

    location / {
        real_ip_header      X-Forwarded-For;
        set_real_ip_from    10.0.0.0/8;
        proxy_set_header    Host $http_host;
        proxy_redirect      off;
        proxy_read_timeout  120;
        include             /etc/nginx/uwsgi_params;
        uwsgi_pass          django_cluster;
    }
}

weight 默認為 1
max_fails 默認為 1
fail_timeout 默認為 10s

基本上默認的配置就夠了

意思是那台機器發生 max_fails 次錯誤的話
在 fail_timeout 內會被標成不可用

ref:
http://nginx.org/en/docs/http/ngx_http_upstream_module.html#server

Compile nginx with sticky-module on Ubuntu 12.04

# 先移除用 apt-get 安裝的 nginx
$ sudo apt-get autoremove nginx

開始編譯

$ sudo su root

$ cd /usr/src/
$ apt-get source nginx

$ cd nginx-1.6.0/debian/modules
$ wget https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng/get/1.2.5.tar.gz
$ tar zxvf 1.2.5.tar.gz
$ mv nginx-goodies-nginx-sticky-module-ng-bd312d586752/ nginx-goodies-nginx-sticky-module-ng/

$ vim /usr/src/nginx-1.6.0/debian/rules
# 在 full_configure_flags 底下加上:
# --add-module=$(MODULESDIR)/ngx_http_substitutions_filter_module \
# --add-module=$(MODULESDIR)/nginx-goodies-nginx-sticky-module-ng

$ cd /usr/src/nginx-1.6.0/
$ aptitude build-dep nginx
$ aptitude install liblua5.1-0-dev init-system-helpers
$ dpkg-buildpackage -b

$ cd /usr/src
$ dpkg -i nginx-common_1.6.0-1+precise0_all.deb
$ dpkg -i nginx-full_1.6.0-1+precise0_amd64.deb

# 驗證一下
$ nginx -V

ref:
http://gravitronic.com/compiling-the-nginx-sticky-session-module-in-ubuntu/

Install WordPress with nginx on Ubuntu 14.04 (LEMP)

Stack:

  • Ubuntu
  • nginx
  • MariaDB
  • PHP-FPM
  • WordPress (install in a subdirectory)

Install

$ sudo apt-get install nginx

$ sudo apt-get install software-properties-common
$ sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db
$ sudo add-apt-repository 'deb http://ftp.yz.yamagata-u.ac.jp/pub/dbms/mariadb/repo/10.0/ubuntu trusty main'
$ sudo apt-get update
$ sudo apt-get install mariadb-server

$ sudo apt-get install php5-mysql

$ sudo apt-get install php5-curl php5-fpm

ref:
https://downloads.mariadb.org/mariadb/repositories/

Configuration

PHP

$ sudo vim /etc/php5/fpm/php.ini
# do these
cgi.fix_pathinfo=0
upload_max_filesize = 100M
post_max_size=100M

$ sudo vim /etc/php5/fpm/pool.d/www.conf
# do this
listen = /var/run/php5-fpm.sock

$ sudo service php5-fpm restart

nginx

$ sudo rm /etc/nginx/sites-enabled/default

$ sudo vim /etc/nginx/nginx.conf
# do these
worker_processes 2;
client_max_body_size 100m;

Database

$ mysql -u root -p

mysql>
CREATE DATABASE vinta_blog;
CREATE USER [email protected];
SET PASSWORD FOR [email protected]= PASSWORD("YOUR_PASSOWRD");
GRANT ALL PRIVILEGES ON vinta_blog.* TO [email protected] IDENTIFIED BY 'YOUR_PASSOWRD';
FLUSH PRIVILEGES;

WordPress

$ mkdir ~/wordpress
$ wget http://wordpress.org/latest.zip
$ unzip latest.zip
$ mv latest blog
$ mkdir backup-db

$ chmod 777 backup-db
$ sudo chown -R www-data:www-data wordpress
$ sudo usermod -a -G www-data vinta

ref:
https://www.digitalocean.com/community/articles/how-to-install-linux-nginx-mysql-php-lemp-stack-on-ubuntu-12-04
https://www.digitalocean.com/community/articles/how-to-install-wordpress-with-nginx-on-ubuntu-12-04
https://www.digitalocean.com/community/articles/how-to-configure-single-and-multiple-wordpress-site-settings-with-nginx