Nginx 手冊

安裝 Nginx

# 停止
sudo service apache2 stop
# sudo systemctl disable apache2

# 安裝 Nginx
sudo apt install nginx
# sudo apt remove nginx
# sudo apt autoremove nginx

# 啟動 Nginx
sudo service nginx start

瀏覽服務器,如果能看到頁面,表示安裝成功。Nginx 預設把網頁檔案儲存在 /var/www/html 目錄,是由 /etc/nginx/sites-enabled/default 來設定,在目錄內您可以看到已經有一個 index.nginx-debian.html,如果有安裝 apache2 那麼頁面可能是 index.html,但那不影響檢查 nginx 運作是否正確,只要有任一頁面正常顯示即可。

nginx 服務器的組態路徑為 /etc/nginx 目錄結構如下
/etc/nginx
├── conf.d (1)
├── modules-available
├── modules-enabled
├── sites-available (2)
├── sites-enabled (3)
└── snippets (4)
1 靜態檔案放置於該目錄,可應用於固定 (不會切換) 的虛擬主機。
2 網站設定檔是在 /etc/nginx/sites-available 的位置,啟用站台要以 ln 連結指令在 sites-enabled 資料夾中建立一個連結連回到 sites-available 組態檔。
3 啟用站台就是在 sites-enabled 的目錄中建立連結,不啟用則是刪除該連結。
4 由其他網站設定檔引入共通組態。
建立新的網站目錄 /var/www/test-site 並加入測試網頁.
mkdir /var/www/test-site

cat > /var/www/test-site/index.html << "EOF"
<html>
    <head>
        <title>Welcome to Test Site!</title>
    </head>
    <body>
        <h1>Hello World!</h1>
    </body>
</html>
EOF
在 /etc/nginx/sites-available 建立虛擬主機配置檔案 test-site。
sudo bash -c 'cat > /etc/nginx/sites-available/test-site.conf' << "EOF"
server {
    listen 80;
    listen [::]:80;
    root /var/www/test-site;
    index index.html;
    server_name test-site;
    location / {
    try_files $uri $uri/ =404;
    }
}
EOF

# 取消所有站台. 註:這裡用 rm 如果用 unlink 則只能一個一個取消.
sudo rm /etc/nginx/sites-enabled/*

# 啟用 test-site 站台
sudo ln -s /etc/nginx/sites-available/test-site.conf /etc/nginx/sites-enabled/

# reload
sudo service nginx reload
Nginx 相關命令
# start nginx
sudo service nginx start

# stop nginx
sudo service nginx stop

# reload
sudo service nginx reload

# restart
sudo service nginx restart

# show nginx status
sudo systemctl status nginx

# nginx 日誌
sudo journalctl -u nginx --since today

# 列出啟用中的站台
ls /etc/nginx/sites-enabled -l

# 列出可使用的站台
ls /etc/nginx/sites-available -l

# 啟用站台
sudo ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/

# 取消站台
sudo unlink /etc/nginx/sites-enabled/default

Drupal 的 Nginx 配置

參考: Drupal configuration recipe 
server {
    server_name example.com;
    root /var/www/drupal8; ## <-- Your only path reference. (1)

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    # Very rarely should these ever be accessed outside of your lan
    location ~* \.(txt|log)$ {
        allow 192.168.0.0/16; (2)
        deny all;
    }

    location ~ \..*/.*\.php$ {
        return 403;
    }

    location ~ ^/sites/.*/private/ {
        return 403;
    }

    # Block access to scripts in site files directory
    location ~ ^/sites/[^/]+/files/.*\.php$ {
        deny all;
    }

    # Allow "Well-Known URIs" as per RFC 5785
    location ~* ^/.well-known/ {
        allow all;
    }

    # Block access to "hidden" files and directories whose names begin with a
    # period. This includes directories used by version control systems such
    # as Subversion or Git to store control files.
    location ~ (^|/)\. {
        return 403;
    }

    location / {
        # try_files $uri @rewrite; # For Drupal <= 6
        try_files $uri /index.php?$query_string; # For Drupal >= 7
    }

    location @rewrite {
        #rewrite ^/(.*)$ /index.php?q=$1; # For Drupal <= 6
        rewrite ^ /index.php; # For Drupal >= 7
    }

    # Don't allow direct access to PHP files in the vendor directory.
    location ~ /vendor/.*\.php$ {
        deny all;
        return 404;
    }

    # Protect files and directories from prying eyes.
    location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|/(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|/#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ {
        deny all;
        return 404;
    }

    # In Drupal 8, we must also match new paths where the '.php' appears in
    # the middle, such as update.php/selection. The rule we use is strict,
    # and only allows this pattern with the update.php front controller.
    # This allows legacy path aliases in the form of
    # blog/index.php/legacy-path to continue to route to Drupal nodes. If
    # you do not have any paths like that, then you might prefer to use a
    # laxer rule, such as:
    #   location ~ \.php(/|$) {
    # The laxer rule will continue to work if Drupal uses this new URL
    # pattern with front controllers other than update.php in a future
    # release.
    location ~ '\.php$|^/update.php' {
        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
        # Ensure the php file exists. Mitigates CVE-2019-11043
        try_files $fastcgi_script_name =404;
        # Security note: If you're running a version of PHP older than the
        # latest 5.3, you should have "cgi.fix_pathinfo = 0;" in php.ini.
        # See http://serverfault.com/q/627903/94922 for details.
        include fastcgi_params;
        # Block httpoxy attacks. See https://httpoxy.org/.
        fastcgi_param HTTP_PROXY "";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param QUERY_STRING $query_string;
        fastcgi_intercept_errors on;
        # PHP 5 socket location.
        #fastcgi_pass unix:/var/run/php5-fpm.sock;
        # PHP 7 socket location.
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; (3)
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
        try_files $uri @rewrite;
        expires max;
        log_not_found off;
    }

    # Fighting with Styles? This little gem is amazing.
    # location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6
    location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
        try_files $uri @rewrite;
    }

    # Handle private files through Drupal. Private file's path can come
    # with a language prefix.
    location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
        try_files $uri /index.php?$query_string;
    }

    # Enforce clean URLs
    # Removes index.php from urls like www.example.com/index.php/my-page --> www.example.com/my-page
    # Could be done with 301 for permanent or other redirect codes.
    if ($request_uri ~* "^(.*/)index\.php/(.*)") {
        return 307 $1$2;
    }
}
1 修改為站台的路徑。
2 改為實際的區域網路區段。
3 如果為 php 7.3 則檔名為 /var/run/php/php7.3-fpm.sock,若不正確則網頁會出現 502 Bad Gateway。
Update Your Nginx Config for Drupal 8 提到下列問題

  1. 無法執行 Update.php

  2. 無法從管理介面安裝模組

  3. 一些導航元素缺少 CSS 樣式

Drupal configuration recipe 已經修正了,文章具有參考價值。

phpMyAdmin 的 Nginx 配置

在 conf.d 建立 phpmyadmin.conf 配置檔案。
sudo bash -c 'cat > /etc/nginx/conf.d/phpmyadmin.conf' << "EOF"
server
{
  listen 80;
  listen [::]:80;
  index index.php index.html index.htm;
  server_name example.com www.example.com;

  client_max_body_size 100M;

  location /phpmyadmin
  {
    root /usr/share/;
    index index.php index.html index.htm;
    location ~ ^/phpmyadmin/(.+\.php)$
    {
      try_files $uri =404;
      root /usr/share/;
      fastcgi_pass unix:/run/php/php7.3-fpm.sock;
      fastcgi_index index.php;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      include /etc/nginx/fastcgi_params;
    }

    location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$
    {
      root /usr/share/;
    }
  }

  location ~ \.php$
  {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
  }
}
EOF

sudo service nginx reload
Reference

How to Install phpMyAdmin with Nginx on Ubuntu 18.04
Manually Install phpMyAdmin Latest on Ubuntu 16.04 | 18.04 with Nginx, MariaDB and PHP 7.2-FPM – Website for Students