# Web Server

# NGINX



# NGINX Cheat Sheet

#### **Server Block Structure**

```nginx
# Define a server block (listens on port 80 by default for HTTP)
server {
  listen [port]; # Optional, default is 80
  server_name example.com www.example.com;
  root /path/to/root;
  index index.html;
}
```

#### **Location Block**

```nginx
# Define location blocks for specific path handling
location / {
  # Configuration for the root location
}

location /static/ {
  # Configuration for the "/static/" path
}
```

#### **Listen on Port**

```nginx
server {
  # Standard HTTP Protocol
  listen 80;

  # Standard HTTPS Protocol
  listen 443 ssl;

  # Listen on 80 using IPv6
  listen [::]:80;

  # Listen only on using IPv6
  listen [::]:80 ipv6only=on;
}
```

#### **Redirects**

```nginx
# Redirects www to non-www
server {
  listen 80;
  server_name www.example.com;
  return 301 http: //example.com$request_uri;
}
```

#### **Domain Name**

```nginx
server {
  # Listen to yourdomain.com
  server_name yourdomain.com;

  # Listen to multiple domains
  server_name yourdomain.com www.yourdomain.com;

  # Listen to all domains
  server_name *.yourdomain.com;

  # Listen to all top-level domains
  server_name yourdomain.*;

  # Listen to unspecified Hostname (Listens to IP address itself)
  server_name "";
}
```

#### **HTTPS Configuration**

```nginx
# Enable SSL for secure connections
server {
  listen 443 ssl;
  server_name example.com;

  # SSL certificates from a trusted CA
  ssl_certificate /path/to/certificate.crt;
  ssl_certificate_key /path/to/private.key;

  # Configure appropriate cipher suites
  ssl_chipers HIGH:!aNULL:!MD5;
  # Additional SSL configurations go here
}
```

####  

#### **Reverse Proxy**

```nginx
server {
  # Set up a reverse proxy for a backend application
  location /app/ {
    proxy_pass http://backend-server;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  }
}
```

#### **Basic Authentication**

```nginx
server {
  # Set up basic authentication
  location /secure/ {
    auth_basic "Restricted";
    auth_basic_user_file /path/to/.htpasswd;
  }
}
```

#### **Load Balancing**

```nginx
# Configure load balancing with round-robin method
upstream backend {
  server backend1.example.com;
  server backend2.example.com;
}

server {
  location / {
    proxy_pass http://backend;
  }
}
```

#### **Custom Error Page**

```nginx
# Define custom error pages for various status code
error_page 404 /404.html;
location = /404.html {
  root /path/to/error/pages;
}
```

#### **Gzip Compression**

```nginx
# Enable Gzip compression for text-based content
gzip on;
gzip_types text/plain text/css application/javascript text/xml;
```

# Request Entity Too Large Error

/etc/nginx/nginx.conf

```sh  
client\_max\_body\_size 2M;  
```

php.ini

```sh  
upload\_max\_filesize = 5M  
```

# Caddy Webserver

```
t322.demolah.com {<br></br>        root * /var/www/t322/public<br></br><br></br>        # Laravel route handling: only rewrite if file doesn't exist<br></br>        handle {<br></br>                @notStatic {<br></br>                        not file<br></br>                }<br></br><br></br>                 rewrite @notStatic /index.php<br></br><br></br>                php_fastcgi unix//run/php/php8.4-fpm.sock<br></br>                file_server<br></br>                encode zstd gzip<br></br>        }<br></br><br></br>        header {<br></br>                # Prevent clickjacking<br></br>                X-Frame-Options "SAMEORIGIN"<br></br><br></br>                # Prevent XSS attacks<br></br>                X-XSS-Protection "1; mode=block"<br></br><br></br>                # Block content sniffing<br></br>                X-Content-Type-Options "nosniff"<br></br><br></br>                # Enable HSTS (force HTTPS in browsers)<br></br>                Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"<br></br><br></br>                # Referrer policy (less data leakage)<br></br>                Referrer-Policy no-referrer-when-downgrade<br></br>                # Referrer-Policy "strict-origin-when-cross-origin"<br></br><br></br>                # Content Security Policy (optional - adjust for your use case)<br></br>                Content-Security-Policy "<br></br>                        default-src 'self';<br></br>                        img-src * data:;<br></br>                        font-src  'self' https://t322.demolah.com https://fonts.gstatic.com data:;<br></br>                         style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;<br></br>                         script-src 'self' 'unsafe-inline' 'unsafe-eval';<br></br>                 "<br></br><br></br>                # Disable FLoC<br></br>                Permissions-Policy "interest-cohort=()"<br></br><br></br>                # Remove server version (optional)<br></br>                -Server Caddy<br></br>        }<br></br><br></br>        @staticFiles {<br></br>                path *.js *.css *.png *.jpg *.jpeg *.gif *.svg *.woff2 *.woff *.ttf *.eot<br></br>        }<br></br><br></br>        header @staticFiles {<br></br>                Cache-Control "public, max-age=31536000, immutable"<br></br>        }<br></br><br></br>        log {<br></br>                output file /var/log/caddy/t322.demolah.com.access.log {<br></br>                        roll_size 10mb<br></br>                        roll_keep 5<br></br>                        roll_keep_for 720h<br></br>                }<br></br><br></br>                # Log format: JSON or common<br></br>                format json<br></br>        }<br></br>}<br></br>
```

\## tips:

kalau depan ada cloudflare

  
\### ssl/tls

- overview guna strict mode

\### edge

- always user https matikan,
- automatic https rewrites matikan