Category Archives: nginx

SSL tutorials

Just bought a SSL certificate for one of my clients….
Here are some useful tutorial links.—

CSR Generation: Using OpenSSL (Apache w/mod_ssl, NGINX, OS X)
https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1/66/

Nginx CSR Generation using OpenSSL
https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/801/0/nginx-csr-generation-using-openssl

Certificate Installation: Apache & mod_ssl
https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/637/66/

Certificate Installation : NGINX
https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1091/0/certificate-installation–nginx

nginx&cloudflare – allow ip to directory

SUPZ!

One of my blogs is getting lots of login attempts from HACKERS :>

Only allow specific IP to access a specific directory

Inside the configuration of the domain (ex. /etc/nginx/sites-enabled/playboy.com), lets add the following entries – this will allow IP 84.91.XXX.XXX to wp-admin folder and block all the others

 location /full_movies/ {
      allow 84.91.XXX.XXX;
      deny all;
 }

This should to the trick! but if we are using cloudflare the domain we need to add some lines at our nginx.conf (/etc/nginx/nginx.conf) so nginx reads the correct IP from the visitor…
Inside http { lets add the following

set_real_ip_from 204.93.240.0/24;
set_real_ip_from 204.93.177.0/24;
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 108.162.192.0/18;
real_ip_header CF-Connecting-IP;

Horray!

To protect your wordpress login & wp-admin…

  location ~ '(/wp-login.php|/wp-admin)' {
            allow 84.91.4.220;
            deny all;
        }

This might affect your theme/plugins.
It protects /wp-admin/wp-ajax.php….

500 Internal Server Error while uploading files

I was having a 500 Internal Server Error…
nginx logs were showing me the following

2016/03/17 12:09:32 [crit] 31488#0: *11192 open() "/var/lib/nginx/tmp/client_body/0000000005" failed (13: Permission denied), client: 84.91.XXX.XXX, server: host.com, request: "POST /trades_edit/edit_trade HTTP/1.1", host: "host.com", referrer: "https://host.com/trades_edit/125"

Solution?

chown -R www-data:www-data /var/lib/nginx