Quick check on Nginx configuration

Log Rotation Configuration

During the operation of Nginx/OpenResty, access and error logs continuously grow. Over time, large log files can impact performance and management. Therefore, logs should be rotated daily or by file size for better organization, storage, and analysis.
The logrotate tool is used for log management. It is a Linux utility that automates log rotation, compression, and deletion of old logs.

Step 1: Create a `logrotate` Configuration File

Add the following configuration to /etc/logrotate.d/openresty:

# Log rotation for OpenResty
#/usr/local/openresty/nginx/logs/*.log {
#    daily  # Rotate logs daily
#    rotate 7  # Keep the last 7 days of logs
#    missingok  # Ignore missing files
#    notifempty  # Skip rotation if the log is empty
#    compress  # Compress old logs using gzip
#    delaycompress  # Delay compression by one day
#    postrotate
#        /bin/kill -USR1 `cat /usr/local/openresty/nginx/logs/nginx.pid 2>/dev/null` 2>/dev/null || true
#    endscript
#}
/usr/local/openresty/nginx/logs/*.log {
    create 0664 
    daily
    rotate 7
    missingok
    notifempty
    compress
    delaycompress
    postrotate
        /bin/kill -USR1 `cat /usr/local/openresty/nginx/logs/nginx.pid 2>/dev/null` 2>/dev/null || true
    endscript
}

Step 2: Manually Test `logrotate`

logrotate -f /etc/logrotate.d/openresty

Location Syntax

The location block is used to match client request URIs.

Basic Syntax:

There are four optional parameters for URI matching, and a named location (@) for internal routing.

location [ = | ~ | ~* | ^~ ] /URI { … }
location @/name/ { … }

Parameter	Explanation
(none)	Standard prefix match (matches from the beginning of the URI).
`=`	Exact match (if matched, processing stops immediately).
`^~`	Prefix match with priority (if matched, regex locations are ignored). Used for directories.
`~`	Regex match (case-sensitive).
`~*`	Regex match (case-insensitive).
`@`	Named location for internal redirects (e.g., `error_page`, `try_files`). Functions similarly to `goto` in programming.

Matching Order in Nginx

Nginx first matches the server block based on domain, IP, and port.
Within a server, Nginx matches location blocks in the following priority order:

1. location =    # Exact match (highest priority)
2. location ^~   # Prefix match (if matched, regex locations are ignored)
3. location ~    # Case-sensitive regex match
4. location ~*   # Case-insensitive regex match
5. location /a   # Standard prefix match (lower priority than `^~`)
6. location /    # Default fallback (matches anything not handled above)

Note:

Rules 1-4 stop matching immediately upon success.
Rule 5 selects the longest prefix match if no higher-priority match exists.

To enable cross-origin requests in Nginx, use the following configuration:

location / {  
    add_header Access-Control-Allow-Origin *;
    add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
    add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';

    if ($request_method = 'OPTIONS') {
        return 204;
    }
    proxy_pass http://192.168.12.1:8081;
}

`if` Syntax in Nginx

1. Regular Expression Matching:

== → Exact match
~ → Regex match (case-sensitive)
~* → Regex match (case-insensitive)
!~ → Negative regex match (case-sensitive)
!~* → Negative regex match (case-insensitive)

2. File Handling Conditions:

-f, !-f → Check if the path exists and is a file
-d, !-d → Check if the path exists and is a directory
-e, !-e → Check if the path exists (file or directory)
-x, !-x → Check if the path exists and is executable

Security: Preventing Bot Traffic & Penalizing Suspicious Requests

# Block bots and malicious requests
if ($request_uri ~* \.(php|txt|sh|sql|tar)) {
    rewrite (.*)  http://speedtest.tele2.net/50GB.zip permanent;
    break;
}