chore(nginx): expand knowledge, review and add configuration examples

knowledge base/nginx.md

@@ -1,4 +1,4 @@
-# nginx
+# Nginx
 
 TODO
 
@@ -7,28 +7,93 @@ TODO
 
 1. [TL;DR](#tldr)
 1. [Further readings](#further-readings)
+   1. [Sources](#sources)
 
 ## TL;DR
 
-<!-- Uncomment if used
 <details>
-  <summary>Installation and configuration</summary>
+  <summary>Setup</summary>
 
 ```sh
+dnf install 'nginx'
+
+vim '/etc/nginx/conf.d/some-web-service.conf'
+```
+
+```conf
+# Redirect traffic on port 80 to port 443.
+server {
+    listen 80;
+    server_name some-web-service.example.org;
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+# Proxy incoming traffic.
+server {
+    listen       443  ssl;
+    server_name  some-web-service.example.org;
+
+    ssl_certificate      /etc/ssl/certs/some-web-service.example.org.crt;
+    ssl_certificate_key  /etc/ssl/private/some-web-service.example.org.key;
+
+    # Optional
+    ssl_protocols  TLSv1.2 TLSv1.3;
+    ssl_ciphers    HIGH:!aNULL:!MD5;
+
+    location / {
+        proxy_pass https://some-destination.example.org;
+        proxy_set_header Host some-destination.example.org;
+
+        # Optional but recommended
+        proxy_set_header  X-Real-IP          $remote_addr;
+        proxy_set_header  X-Forwarded-For    $proxy_add_x_forwarded_for;
+        proxy_set_header  X-Forwarded-Proto  https;
+
+        # Only when the destination uses self-signed certs
+        proxy_ssl_verify  off;
+    }
+}
 ```
 
 </details>
--->
 
-<!-- Uncomment if used
 <details>
   <summary>Usage</summary>
 
 ```sh
+# Check the whole configuration and exit.
+nginx -t
+# Check the whole configuration, dump it, and exit.
+nginx -T
+
+# Start the server.
+nginx
+systemctl start 'nginx.service'
+
+# Reload the configuration files.
+nginx -s 'reload'
+kill -s 'HUP' '1628'
+pkill -HUP 'nginx'
+
+# Reopen the log files.
+nginx -s 'reopen'
+kill -s 'USR1' '1628'
+pkill -USR1 'nginx'
+
+# Gracefully shutdown the server.
+nginx -s 'quit'
+kill -s 'QUIT' '1628'
+pkill -QUIT 'nginx'
+# Quickly shutdown the server.
+nginx -s 'stop'
+kill -s 'INT' '1628'
+pkill -TERM 'nginx'
 ```
 
 </details>
--->
 
 <!-- Uncomment if used
 <details>
@@ -46,6 +111,10 @@ TODO
 - [Website]
 - [Nginx Proxy Manager]
 
+### Sources
+
+- [Documentation]
+
 <!--
   Reference
   ═╬═Time══
@@ -58,6 +127,7 @@ TODO
 
 <!-- Files -->
 <!-- Upstream -->
+[documentation]: https://nginx.org/en/docs/
 [website]: https://nginx.org/en/
 
 <!-- Others -->

snippets/nginx/redirect http to https.conf

@@ -0,0 +1,8 @@
+server {
+    listen       80;
+    server_name  this.example.org;
+
+    location  /  {
+        return  301  https://$host$request_uri;
+    }
+}

snippets/nginx/reverse proxy with host header override.conf

@@ -5,16 +5,20 @@ server {
     ssl_certificate      /etc/nginx/ssl/code.example.org.crt;
     ssl_certificate_key  /etc/nginx/ssl/code.example.org.key;
 
+    # Optional
     ssl_protocols  TLSv1.2 TLSv1.3;
     ssl_ciphers    HIGH:!aNULL:!MD5;
 
     location / {
-        proxy_pass https://gitea.example.org:443;
+        proxy_pass        https://gitea.example.org;
         proxy_set_header  Host  gitea.example.org;
 
         # Optional but recommended
         proxy_set_header  X-Real-IP          $remote_addr;
         proxy_set_header  X-Forwarded-For    $proxy_add_x_forwarded_for;
         proxy_set_header  X-Forwarded-Proto  https;
+
+        # Only when the destination uses self-signed certs
+        proxy_ssl_verify  off;
     }
 }