NGINX as a Service on Windows
Download nginx for windows and extract the zip file (tested with version 1.9.5). Download Winsw and place the file into the nginx folder. Rename the Winsw file to e.g. nginxservice.exe. Create a configuration file:
nginxservice.xml
<service>
<id>nginx</id>
<name>nginx</name>
<description>nginx</description>
<executable>D:\nginx-1.9.5\nginx</executable>
<logpath>D:\nginx-1.9.5</logpath>
<logmode>roll</logmode>
<depend></depend>
<startargument>-p D:\nginx-1.9.5</startargument>
<stopargument>-p D:\nginx-1.9.5 -s stop</stopargument>
</service>Open a windows console:
d:
cd nginx-1.9.5
nginxservice install
Now you can start nginx as usual as service directly with normal windows tools.
To remove the service again:
d:
cd nginx-1.9.5
nginxservice uninstall
Attach to Tomcat/Jetty
http {
...
server {
...
location / {
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:8080/;
}
}
}
}Enable IE Compatibility Mode
http {
...
server {
...
location / {
location / {
...
add_header X-UA-Compatible "IE=5;charset=iso-8859-1";
}
}
}
}Disable Access Logging
http {
...
access_log off;
...
}GEO Logging
Download the GEO database:
mkdir -p /usr/local/etc/geo
cd !$
echo #\!/bin/sh >updategeo.sh
echo curl -O "http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz" >>updategeo.sh
echo curl -O "http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz" >> updategeo.sh
echo gunzip -f GeoLiteCity.dat.gz >> updategeo.sh
echo gunzip -f GeoIP.dat.gz >> updategeo.sh
chmod +x updategeo.sh
./updategeo.sh
Add on http level:
/usr/local/etc/nginx/nginx.conf
http {
...
geoip_country /usr/local/etc/geo/GeoIP.dat;
geoip_city /usr/local/etc/geo/GeoLiteCity.dat;
geoip_proxy 127.0.0.1;Make sure you pass the options to fastcgi:
/usr/local/etc/nginx/fastcgi_params
...
### SET GEOIP Variables ###
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3;
fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
fastcgi_param GEOIP_CITY_COUNTRY_CODE $geoip_city_country_code;
fastcgi_param GEOIP_CITY_COUNTRY_CODE3 $geoip_city_country_code3;
fastcgi_param GEOIP_CITY_COUNTRY_NAME $geoip_city_country_name;
fastcgi_param GEOIP_REGION $geoip_region;
fastcgi_param GEOIP_CITY $geoip_city;
fastcgi_param GEOIP_POSTAL_CODE $geoip_postal_code;
fastcgi_param GEOIP_CITY_CONTINENT_CODE $geoip_city_continent_code;
fastcgi_param GEOIP_LATITUDE $geoip_latitude;
fastcgi_param GEOIP_LONGITUDE $geoip_longitude;And for proxy:
/usr/local/etc/nginx/snipets/proxy.conf
### SET GEOIP Variables ###
proxy_set_header GEOIP_COUNTRY_CODE $geoip_country_code;
proxy_set_header GEOIP_COUNTRY_CODE3 $geoip_country_code3;
proxy_set_header GEOIP_COUNTRY_NAME $geoip_country_name;
proxy_set_header GEOIP_CITY_COUNTRY_CODE $geoip_city_country_code;
proxy_set_header GEOIP_CITY_COUNTRY_CODE3 $geoip_city_country_code3;
proxy_set_header GEOIP_CITY_COUNTRY_NAME $geoip_city_country_name;
proxy_set_header GEOIP_REGION $geoip_region;
proxy_set_header GEOIP_CITY $geoip_city;
proxy_set_header GEOIP_POSTAL_CODE $geoip_postal_code;
proxy_set_header GEOIP_CITY_CONTINENT_CODE $geoip_city_continent_code;
proxy_set_header GEOIP_LATITUDE $geoip_latitude;
proxy_set_header GEOIP_LONGITUDE $geoip_longitude;Make sure you include the fastcgi_params or proxy.conf as required.
As the IP database is updated every first Tuesday of each month edit your crontab:
# update GeoIP database on every first Wednesday in a month
03 3 * * 3 root [ $(date +\%d) -le 07] && cd /usr/local/etc/geo && ./updategeo.shEnable ModSecurity
cd /usr/local/etc
git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
cd owasp-modsecurity-crs.git
cp modsecurity_crs_10_setup.conf.example modsecurity_crs_10_setup.conf
Related Posts
| Aug 06 | Filebeat, Logstash, Elasticsearch, Kibana, Nginx | 2 min read |
| Aug 06 | Filebeat, Logstash, Elasticsearch, Kibana, Nginx | 4 min read |
| Mar 10 | Apache | 5 min read |
| Feb 03 | Letsencrypt | 3 min read |
| Nov 15 | Migrate system from i386 (32-bit mode) to amd64 (64-bit mode) | 4 min read |