Nginx is another application server, just like: Apache HTTP and Apache Tomcat. Unlike Tomcat, Nginx cannot be used for artifacts at the same time, Nginx is very stable and is compatible with another plugins and applications.

Installation of nginx is the same as apache and tomcat, you can use the yum repository as follows:

[root@dokuwiki .ssh]# rpm -qa | grep nginx
nginx-mod-http-geoip-1.10.2-1.el6.x86_64
nginx-mod-http-xslt-filter-1.10.2-1.el6.x86_64
nginx-filesystem-1.10.2-1.el6.noarch
nginx-mod-stream-1.10.2-1.el6.x86_64
nginx-mod-http-image-filter-1.10.2-1.el6.x86_64
nginx-1.10.2-1.el6.x86_64
nginx-all-modules-1.10.2-1.el6.noarch
nginx-mod-http-perl-1.10.2-1.el6.x86_64
nginx-mod-mail-1.10.2-1.el6.x86_64

After that, we can start with the configuration. The configuration files for nginx are located in: /etc/nginx

-rw-r--r--.  1 root root 3610 Oct 31  2016 win-utf
-rw-r--r--.  1 root root  664 Oct 31  2016 uwsgi_params.default
-rw-r--r--.  1 root root  664 Oct 31  2016 uwsgi_params
-rw-r--r--.  1 root root  636 Oct 31  2016 scgi_params.default
-rw-r--r--.  1 root root  636 Oct 31  2016 scgi_params
-rw-r--r--.  1 root root 2656 Oct 31  2016 nginx.conf.default
-rw-r--r--.  1 root root 3957 Oct 31  2016 mime.types.default
-rw-r--r--.  1 root root 3957 Oct 31  2016 mime.types
-rw-r--r--.  1 root root 2223 Oct 31  2016 koi-win
-rw-r--r--.  1 root root 2837 Oct 31  2016 koi-utf
-rw-r--r--.  1 root root 1007 Oct 31  2016 fastcgi_params.default
-rw-r--r--.  1 root root 1007 Oct 31  2016 fastcgi_params
-rw-r--r--.  1 root root 1077 Oct 31  2016 fastcgi.conf.default
-rw-r--r--.  1 root root 1077 Oct 31  2016 fastcgi.conf
drwxr-xr-x.  2 root root 4096 Oct 31  2016 default.d
-rw-r--r--.  1 root root  683 Jul 24 15:19 nginx.conf
drwxr-xr-x.  5 root root 4096 Jul 24 15:20 .
drwxr-xr-x.  2 root root 4096 Jul 25 07:06 sites-enabled
drwxr-xr-x.  2 root root 4096 Jul 25 07:30 conf.d
drwxr-xr-x. 97 root root 4096 Aug 17 06:44 ..

The configuration files are in couple categories:

• Nginx configuration
• Site Configuration
• Security Configuration

Nginx configuration include how nginx works in terms of: how much connection works, in what format the log should be generated, where the access log should be located and so on. Additionally we have to put the other configuration file location:

/etc/nginx
[root@dokuwiki nginx]# cat nginx.conf
user  nginx;
worker_processes  8;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;

}

The site configuration include: on which port it should listen, site name and others. Optionally you can include the security configuration also, however it isn't good practice to do so.

server {
    listen 80;
    server_name www.jdbwiki.tech;
        root /etc/dokuwiki;
        index index.php index.html;
    location / {
        try_files $uri $uri/ /index.php;
    }

return 301 https://www.jdbwiki.tech$request_uri;

location ~ \.php$ {
    #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
    include fastcgi_params;                
    fastcgi_intercept_errors on;
    fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
}

Although security configuration and site configuration can be all part of the nginx configuration. It is good to have these things separated. So the security configuration again includes on which port the SSL is enabled (by default 443) what cipher to be used:

#
# HTTPS server configuration
#

server {
    listen       443 ssl http2 default_server;
    listen       [::]:443 ssl;
    server_name  www.jdbwiki.tech;
    root /etc/dokuwiki;
    location / {
    try_files $uri /index.html index.php;
    }

    location ~ \.php$ {
    #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
    include fastcgi_params;                
    fastcgi_intercept_errors on;
    fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
    }

    ssl_certificate /root/SSLCert/cert.pem;
    ssl_certificate_key /root/SSLCert/key.pem;
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  10m;
    ssl_prefer_server_ciphers on;
    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
}

Once all has been set up, we can start the nginx server:

[root@dokuwiki conf.d]# service nginx status
nginx (pid  2551) is running...
[root@dokuwiki conf.d]#