Configure Nginx webserver on Jump server / Bastion host
How to install Nginx on the Ezeelogin SSH jump server?
Overview: This article describes how to install and configure Nginx with PHP-FPM on both Debian 9 and CentOS, tailored for an Ezeelogin SSH jump server setup.
To set up Nginx on your Ezeelogin SSH jump server, follow these step-by-step instructions tailored for both Debian 9 and CentOS environments:
1. Installing Nginx and PHP-FPM on Debian 9:
Step 1(A): Update Packages and Install Nginx with PHP-FPM:
root@gateway:~# apt update ; apt-get install nginx php-fpm
Step 1(B): Configure Default Nginx Server Block. Open the default configuration file:
root@gateway:~# vi etc/nginx/sites-enabled/default
Step 1(C): We need to make some changes to this file for our site.
The changes that you need to make are in red in the text below. If you prefer, you may just copy and paste everything, then replace the value of server_name & root (Document root) with the appropriate domain name or IP address & Document root:
# Default server configuration
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
root /var/www/html;
# Add index.php to the list if you are using PHP
indexindex.phpindex.html index.htm index.nginx-debian.html;
server_name (Add your hostname or IP);
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
if (!-f $request_filename) {
rewrite ^/(.*)$/ezlogin/index.php?$1 last;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#location ~ /\.ht {
# deny all;
#}
}
Step 1(D): After making the changes, save and close the file.
Step 1(E): Restart Nginx and PHP-FPM Services to make the necessary changes:
root@gateway:~# systemctl reload nginx.service
root@gateway:~# systemctl reload php7.0-fpm.service
Step 1(F): Make sure to install the Ioncube Loader
2. Install & Configure Nginx on Centos:
Step 2(A): Install Nginx and PHP-FPM:
root@gateway:~# yum install epel-release ; yum install nginx
Step 2(B): Install & configure php handler
root@gateway:~# yum install php-fpm
Step 2(C): Open the main php-fpm configuration file with root privileges, search for "cgi.fix_pathinfo=1" and set it to "cgi.fix_pathinfo=0"
root@gateway:~# vi /etc/php.ini
Step 2(D): Set "cgi.fix_pathinfo=0". Save and close the file when you are finished.
cgi.fix_pathinfo=0
Step 2(E): Open the php-fpm pool configuration file www.conf using the editor.
root@gateway:~# vi /etc/php-fpm.d/www.conf
Step 2(F): Find the line that specifies the listen parameter, and change it so it looks like the following:
listen = /var/run/php-fpm/php-fpm.sock
Step 2(G): Next, find the lines that set the listen.owner and listen.group and uncomment them. They should look like this:
listen.owner = nginx
listen.group = nginx
Step 2(H): Lastly, find the lines that set the user and group and change their values from "Apache" to "nginx":
user = nginx
group = nginx
Step 2(I): After making changes save and quit.
Step 2(J): Start th PHP processor by running the following commands:
root@gateway:~# sudo systemctl enable php-fpm
root@gateway:~# sudo systemctl restart nginx
root@gateway:~# sudo systemctl restart php-fpm
3. Configure Nginx to Process PHP Pages:
Step 3(A): Open the default Nginx server block configuration file by opening the default configuration file:
root@gateway:~# vi /etc/nginx/conf.d/default.conf
Step 3(B): We need to make some changes to this file for our site.
The changes that you need to make are in red in the text below. If you prefer, you may just copy and paste everything, then replace the value of server_name & root (Document root) with the appropriate domain name or IP address & Document root:
server {
listen 80;
server_name server_domain_name_or_IP;
# note that these lines are originally from the "location /" block
root /var/www/html;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
if (!-f $request_filename) { rewrite ^/(.*)$ /ezlogin/index.php?$1 last;
}
}
Step 3(C): After making changes save and close the file.
Step 3(D): Restart Nginx to make the necessary changes:
root@gateway:~# systemctl restart nginx
If you have any difficulties contact support.