summaryrefslogtreecommitdiff
path: root/content
diff options
context:
space:
mode:
Diffstat (limited to 'content')
-rw-r--r--content/_index.md12
-rw-r--r--content/blog/_index.md5
-rw-r--r--content/blog/router.md8
-rw-r--r--content/music/_index.md14
-rw-r--r--content/whatnot/nginx.md165
5 files changed, 169 insertions, 35 deletions
diff --git a/content/_index.md b/content/_index.md
index 47f862e..ed56dd3 100644
--- a/content/_index.md
+++ b/content/_index.md
@@ -1,11 +1,11 @@
---
---
-Hi there. I'm a hobbyist network engineer, systems administrator, computer programmer, and photographer. I also enjoy [certain types of music](/music/), working with Linux (and other *nix) servers and desktops, and occasionally watching anime.
+Hi there. I'm a hobbyist network engineer, systems administrator, computer programmer, and photographer.
-I like to do IT projects and tinker with Linux desktops. You can catch up to what I'm up to lately at [my now page](/now.html). Most of my work is offline, but I'm slowly working on writing posts about what I've done.
+You can catch up to what I'm up to lately at [my now page](/now.html). Most of my work is offline, but I'm slowly working on writing posts about what I've done.
-Because I care more than most about my software setup, you can find it and more at [my uses page](/uses.html).
+And because I care more than most about my software setup, you can read about it and more at [my uses page](/uses.html).
## Contact
@@ -18,8 +18,4 @@ Because I care more than most about my software setup, you can find it and more
## Me Elsewhere
-* Git repositories: [Personal](https://git.mending.trade/), [sourcehut](https://git.sr.ht/~auroras), [GitHub](https://github.com/frostyfalls)
-
-## Latest Posts
-
-{{< latest-posts limit=5 >}}
+* Git repositories: [Personal](https://git.mending.trade/), [sourcehut](https://git.sr.ht/~auroras)
diff --git a/content/blog/_index.md b/content/blog/_index.md
deleted file mode 100644
index 43028d9..0000000
--- a/content/blog/_index.md
+++ /dev/null
@@ -1,5 +0,0 @@
----
-title: "Blog"
----
-
-{{< all-posts type="blog" >}}
diff --git a/content/blog/router.md b/content/blog/router.md
deleted file mode 100644
index b9ee2bf..0000000
--- a/content/blog/router.md
+++ /dev/null
@@ -1,8 +0,0 @@
----
-title: "Creating a router from scratch"
-date: "2025-08-21"
-tags: ["networking", "servers"]
-draft: true
----
-
-This is content.
diff --git a/content/music/_index.md b/content/music/_index.md
deleted file mode 100644
index e100ede..0000000
--- a/content/music/_index.md
+++ /dev/null
@@ -1,14 +0,0 @@
----
-title: "Music"
----
-
-This is the home of my music-related posts; mostly reviews of albums or posts about a live show I went to.
-
-The organization of this section is to be determined, expect it to change.
-
-## Favorites
-
-* The Dismemberment Plan (Change, Emergency & I, Is Terrified)
-* Jimmy Eat World (Clarity, Static Prevails, Bleed American)
-
-{{< all-posts type="music" >}}
diff --git a/content/whatnot/nginx.md b/content/whatnot/nginx.md
new file mode 100644
index 0000000..c48c422
--- /dev/null
+++ b/content/whatnot/nginx.md
@@ -0,0 +1,165 @@
+---
+title: "nginx"
+lastmod: "2025-08-28"
+res:
+- Home: https://nginx.org/en/index.html
+- Wikipedia: https://en.wikipedia.org/wiki/Nginx
+---
+
+nginx is a powerful and flexible web server that can also be used as a reverse proxy. This page covers common configuration steps and tips for serving a working website.
+
+<!--more-->
+
+## Configuration
+
+All configuration happens in the `/etc/nginx` directory. Global configuration is in `nginx.conf`, but other files may be included with the `include` directive. A common use case for this is having every site in a separate file to be included.
+
+### Global server setup
+
+Below is an example of a functional global configuration to be put in `nginx.conf`.
+
+```nginx
+user nginx nginx;
+worker_processes auto;
+worker_rlimit_nofile 4096;
+
+events {
+ worker_connections 1024;
+ use epoll;
+}
+
+http {
+ include mime.types;
+ default_type application/octet-stream;
+
+ charset utf-8;
+ server_tokens off;
+
+ sendfile on;
+ sendfile_max_chunk 1M;
+ tcp_nopush on;
+
+ gzip off;
+
+ include http.d/*.conf;
+}
+```
+
+Options such as gzip support may be enabled, but are not required for a functional server. The `include` statement makes it easier to add new sites to the server, simply by creating a new file in the `http.d` directory.
+
+### Simple static site
+
+Below is a server that simply serves static files from a root directory.
+
+```nginx
+server {
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ server_name host.tld;
+ ssl_certificate /etc/ssl/nginx/host.tld.pem;
+ ssl_certificate_key /etc/ssl/nginx/host.tld.key;
+
+ root /var/www/host.tld/htdocs;
+
+ access_log /var/log/nginx/host.tld.access.log main;
+ error_log /var/log/nginx/host.tld.error.log info;
+}
+```
+
+### Reverse proxying
+
+When running a (public) web service, it would be wise to proxy the traffic to an internal server - primarily for load balancing, but it can also be an extra layer of security.
+
+nginx can proxy servers listening on both TCP and UNIX sockets. The example below shows a working site configuration for proxying a [Miniflux](https://miniflux.app/) server listening on a UNIX socket.
+
+```nginx
+server {
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ server_name host.tld;
+ ssl_certificate /etc/ssl/nginx/host.tld.pem;
+ ssl_certificate_key /etc/ssl/nginx/host.tld.key;
+
+ location / {
+ proxy_pass http://unix:/run/miniflux/miniflux.sock;
+ include conf.d/proxy.conf;
+ }
+
+ access_log /var/log/nginx/host.tld.access.log main;
+ error_log /var/log/nginx/host.tld.error.log info;
+}
+```
+
+Ensure you have the following in `conf.d/proxy.conf` to be able to share common proxy options between all of your sites:
+
+```nginx
+proxy_set_header Host $host;
+proxy_set_header Upgrade $http_upgrade;
+proxy_set_header Connection "Upgrade";
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+proxy_set_header X-Forwarded-Proto $scheme;
+proxy_request_buffering off;
+proxy_redirect off;
+```
+
+Some applications may require options to be tweaked, however this covers many bases.
+
+### Tip: Redirecting HTTP to HTTPS automatically
+
+In the modern age, browsing the web with TLS is the standard, and certificates are both free and ubiquitous. That being said, it is encouraged to only serve your web content over HTTPS. You can automatically redirect a site listening on HTTP to HTTPS with the following `server` block:
+
+```nginx
+server {
+ listen 80;
+ listen [::]:80;
+ server_name host.tld;
+
+ return 301 https://$host$request_uri;
+}
+```
+
+### Tip: Compressing with gzip
+
+You can increase the performance of your web server by compressing the data sent with gzip. Below is a configuration that covers a wide variety of uses; this goes in your global `http` block inside `nginx.conf`:
+
+```nginx
+http {
+ # ...
+ gzip on;
+ gzip_disable "msie6";
+ gzip_vary on;
+ gzip_proxied any;
+ gzip_comp_level 6;
+ gzip_buffers 16 8k;
+ gzip_http_version 1.1;
+ gzip_min_length 256;
+ gzip_types
+ application/atom+xml
+ application/geo+json
+ application/javascript
+ application/x-javascript
+ application/json
+ application/ld+json
+ application/manifest+json
+ application/rdf+xml
+ application/rss+xml
+ application/xhtml+xml
+ application/xml
+ font/eot
+ font/otf
+ font/ttf
+ image/svg+xml
+ text/css
+ text/javascript
+ text/plain
+ text/xml;
+ # ...
+}
+```
+
+Do note `text/html` is automatically compressed, so there is no need to add it to `gzip_types`.
+
+## External resources
+
+* [https://wiki.gentoo.org/wiki/Nginx](https://wiki.gentoo.org/wiki/Nginx)
Powered by cgit. See my home page.