Default web site

/etc/nginx/sites-available/default:
-----------------------------------
server {
    server_name default.example.com;
    listen 80;

    # Root
    location / {
        root /var/www;
        index default.html;
    }
}

PHP web site

/etc/nginx/sites-available/example:
-----------------------------------
server {
        server_name www.example.com;
        listen 80;

        location / {
                root   /var/www/example-com;
                index index.php;
        }

        location ~ \.php$ {
                include /etc/nginx/fastcgi_params;
                fastcgi_index index.php;
                fastcgi_pass  unix:/var/run/php5-fpm.sock;
                fastcgi_param SCRIPT_FILENAME /var/www/example-com/$fastcgi_script_name;
        }
}

# Redirect example.com to www.example.com
server {
        server_name example.com;
        listen 80;
        rewrite ^ http://www.example.com$request_uri;
}

Python + uWSGI web application

Creation of uWSGI socket

_$: mkdir -p /var/webapp/uwsgi

Give www-data (nginx) write permissions in the socket

a)

_$: chown www-data:www-data /var/webapp/uwsgi

b)

_$: chgrp www-data /var/webapp/uwsgi
_$: chown webapp:www-data /var/webapp/uwsgi/<socket>

Manage the web application with supervisor

/etc/supervisor/supervisord.conf:
---------------------------------
...
[include]
files = /etc/supervisor/conf.d/*.conf

_$: ln -s /var/webapp/supervisor.conf /etc/supervisor/conf.d/webapp.conf

/var/webapp/supervisor.conf:
----------------------------
###
# supervisor configuration
###

# --ini-paste-logged : Use this if we are defining loggers in the ini file
# [loggers]
# keys = root, exc_logger
#
# [handlers]
# ...
#
# -- ini-paste: Use this if we are not defining loggers in the ini file
# [uwsgi]
# ...
# logger = file:/var/log/supervisor/webapp-supervisor.log


[program:webapp]
command=/var/webapp/venv/bin/uwsgi --ignore-sigpipe --ignore-write-errors
    --stats /var/uwsgi/webapp/stats.sock
    --ini-paste-logged /var/%(program_name)s/app-prod.ini
stdout_logfile=/var/log/supervisor/%(program_name)s-supervisor.log
stderr_logfile=/var/log/supervisor/%(program_name)s-supervisor.log
stopsignal=INT

uWSGI

We will need to configure our app to use the uWSGI protocol. In this case, a Pyramid example is shown:

/var/webapp/prod.ini:
---------------------

...

###
# wsgi server configuration
###
[uwsgi]
# emperor does not accept ini-paste directive (just ini) so add it
paste = config:/var/webapp/app-prod.ini

# usual uwsgi configuration
master = true
processes = 4
socket = /var/uwsgi/webapp/webapp.sock
chown-socket = webapp:www-data
chmod-socket = 770
virtualenv = /var/webapp/venv
uid = webapp
gid = webapp
lazy = true

A simple web application

  • Listens on port 80
  • No HTTPS
  • No redirections
/etc/nginx/sites-available/webapp:
----------------------------------
upstream webapp_app_server {
    server unix:///var/webapp/uwsgi/webapp.sock;
}

server {
    server_name webapp.example.com;
    listen 80;

    # Root
    location / {
        include uwsgi_params;
        uwsgi_pass webapp_app_server;
    }

    # Static files
    location /ui/ {
        autoindex       on;
        alias           /var/webapp/app/static/ui/;
        #access_log      off;
    }

    location /robots.txt {
        autoindex       on;
        alias           /var/webapp/app/static/robots.txt;
        #access_log      off;
    }


    # Logs
    access_log  /var/log/nginx/webapp/access.log;
    error_log   /var/log/nginx/webapp/error.log;
}

A more complex web application

  • Listens on ports 80 and 443
  • With HTTPS
  • Redirects from domain.com to www.domain.com
/etc/nginx/sites-available/webapp:
----------------------------------
...
# HTTP
server {
    server_name  www.webapp.example.com;
    listen       80;
    root         /var/webapp;

    # Root
    location / {
        rewrite ^/admin(.*)$  https://$host/admin$1 break;
        include uwsgi_params;
        uwsgi_pass webapp_app_server-com;
    }

    # Static files, logs and error pages
    include /etc/nginx/webapp/base.conf;
}

# HTTPS
server {
    server_name  www.webapp.example.com;

    ...

    # SSL
    listen 443 ssl;
    ssl_certificate     /etc/nginx/ssl/webapp.crt;
    ssl_certificate_key /etc/nginx/ssl/webapp.key;

    ssl_ciphers                 RC4:HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

    # Root
    location / {
        ...
    }

    # Static files, logs and error pages
    include /etc/nginx/webapp/base.conf;
}

# Redirect to www.domain.com
server {
        server_name  webapp.example.com;
        listen       80;
        listen       443 ssl;
        return  301  http://www.webapp.example.com$request_uri;
}

/etc/nginx/webapp/base.conf:
----------------------------
# Static files
location /ui/ {
    alias       /var/webapp/app/static/ui/;
    #access_log  off;
}

location /robots.txt {
    alias        /var/webapp/app/static/robots.txt;
    #access_log   off;
}

# Logs
access_log  /var/log/nginx/webapp/access.log;
error_log   /var/log/nginx/webapp/error.log;

# Error pages
error_page 403 404 = $document_root/webapp/static/html/404.html;
error_page 500     = $document_root/webapp/static/html/500.html;