NGinX in Front of Pier

Installing NGinX to use as a front-end (based on the Deployment Chapter) - make it more robust to attacks, and to simplify serving static content (primarily images).

Another reason to use this instead of running the Smalltalk image as root is that there can be issues copying and testing an image listening to port 80 (change the Seaside port to 80, copy to a windows machine and save the image after making a data change, tar and zip up the changes and image, copy to an AWS ubuntu machine, and after starting the image, it does not listen on port 80). By running NGinX in Front of Pier, Seaside can be setup to use port 8080, and non-root required port.

Installing NGinX can be done with:

user@ip-171-41-14-123:$ sudo apt-get install nginx

Setup is described in the deployment link above, for this sites as an example:

# mkdir -p /data/www
# chown -R user:root /data

Then created my necessary directories:

$ mkdir -p /data/static/images

The configuration file is setup as:

ubuntu@ip-172-31-24-213:~$ less /etc/nginx/nginx.conf
user ubuntu;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
        # multi_accept on;
}

http {
        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        server_tokens off;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        gzip on;
        gzip_disable "msie6";

        server {
                listen 80;
                listen 443 ssl;
                server_name www.myborden.com;
                ssl_certificate /etc/letsencrypt/live/myborden.com/fullchain.pem;
                ssl_certificate_key /etc/letsencrypt/live/myborden.com/privkey.pem;

                # Logging Settings
                ##
                access_log /var/log/nginx/access.log;
                error_log /var/log/nginx/error.log;

                location /static/ {
                        root /data;
                }
                location = /favicon.ico {
                        alias /data/static/favicon.ico;
                }
                location / {
                        proxy_set_header  Host $host;
                        proxy_pass http://127.0.0.1:8080;
                        proxy_connect_timeout     300;
                        proxy_send_timeout        300;
                        proxy_read_timeout        300;
                        send_timeout              300;
                }
        }
}

This is setup to use SSL certificates from Let's Encrypt. Reloaded the config with:

nginx -s reload