Tuesday, June 3, 2025

Nginx

Nginx

Class 38th AWS Nginx June 3rd

Any application to host minimum three serves are mandatory 

Webserver -->Application -->db server 

If you open any host url for ex: Swiggy  --> it will go to webserver (Front end code, html,css,java script)

User -->Server(Webserver)-->App server --> Db server   [AKA also know as]

Webserver:(Appache,Nginx,IIS,websphere)

AKA :The presentation layer 

Purpose :to show the app

Who :UI/UX(front-end dev)

What :Web technologies

Ex:html,css,js

NGINX IS AN WEBSERVER 

  • USED TO SERVE STATIC FILES (FRONT END CODE)
  • 35% of website all over the world
  • It got officially release in Oct 2004
  • It was created to solve the problem of c10k (connect 10k Sessions)
  • Free & open source
  • Easy to install and use 
  • port 80

 Nginx will overcome the problem 10k session handle ,all webserver port 80 

Advantages :

  • It uses less memory and resources (10 MB software).
  • Nginx makes the website faster (give you better ranking in website)
  • helps to get a better  google ranking 
  • handling thousands of connections same time.
  • Load balancing 
  • Acts a proxy & reverse server 
This is for just Knowledge purpose 

Website Ranking checking in Google using 

https://sitechecker.pro/rank-checker/ for specific website to check

https://www.similarweb.com/top-websites/ top 10 website to check 

As you see below Per day Google access 10.22 minutes Avg ,Youtube 20.03 minute per day.


Forward Proxy (just like tool free number,fake ip address)

Advantages:
  •  Hide A client's IP address
  •  Protect data and resources from malicious actors 
  •  Restrict access to specific users/groups
  •  Speed results from cache
Case :case mean if you are open any website it will take time first time, if you open again second time it will come fast second time quick ,because it was case previous that is called case.


 Advantages: 
  •  Hide A server IP address 
  •  Protect against DDOS attacks (Distributed Denial of service) millions of request give to faker make the server down
  •  Speed Access to Specific Users/Group based on location
  •  Speed results from cache
Practical 
Installation 
apt install nginx  :To install  (any package(tools) you need to install )
systemctl start nginx :To install 
systemctl status nginx :To check status  

Important paths
cd  /var/www/html  -->path to put frontend code 
tail -f /var/log/nginx/access.log -->access logs
tail -f /var/log/nginx/access.log | aws '{print $1}' : checking  ips

Step1:
Create one instance Ubantu  instance 

ubuntu@ip-172-31-42-237:~$ sudo -i
root@ip-172-31-42-237:~#
root@ip-172-31-42-237:~# apt update
root@ip-172-31-42-237:~# apt install nginx
root@ip-172-31-42-237:~# systemctl start nginx
root@ip-172-31-42-237:~# systemctl status nginx

Step2: you can get the source code from  git hub

https://github.com/RAHAMSHAIK007/amazonapp
root@ip-172-31-42-237:~# git clone https://github.com/RAHAMSHAIK007/amazonapp.git

root@ip-172-31-42-237:~/amazonapp# cat amazon.sh

apt update 

apt install apache2 

cd /var/www/html : all frontend code 

git clone https://github.com/Ironhack-Archive/online-clone-amazon.git

mv online-clone-amazon/* .

root@ip-172-31-42-237:~/amazonapp# sh amazon.sh

Step3: using your public Ip of the your instance ,amazon web application opened successfully.


Remove the nginx and after access public
root@ip-172-31-42-237:/var/www/html# apt remove nginx

Website getting error 

This site can’t be reached

root@ip-172-31-42-237:~# apt install nginx
root@ip-172-31-42-237:~# systemctl start nginx
Website open successfully
Step4:Log information of the who are using the website url,here below 200 means status code, user getting successfully response from website.
root@ip-172-31-42-237:/var/www/html# tail -f /var/log/nginx/access.log
84.225.123.245 - - [09/Jun/2025:10:28:13 +0000] "GET /img/dress.png HTTP/1.1" 200 635437 "http://54.198.138.13/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36"
84.225.123.245 - - [09/Jun/2025:10:28:14 +0000] "GET /img/product_6.jpg HTTP/1.1" 200 211409 "http://54.198.138.13/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36"

Step5: if you want to block the website

root@ip-172-31-42-237:/var/www/html# vim /etc/nginx/nginx.conf

http {

        deny all;

root@ip-172-31-42-237:/var/www/html# systemctl restart nginx.service

Website unable to access getting below error

403 Forbidden

root@ip-172-31-42-237:/var/www/html# tail -f /var/log/nginx/access.log

84.225.123.245 - - [09/Jun/2025:11:16:27 +0000] "GET / HTTP/1.1" 403 195 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36"

Step6: Deny for Single user access

root@ip-172-31-42-237:/var/www/html# vim /etc/nginx/nginx.conf

http {

     deny 84.225.123.245/32;

root@ip-172-31-42-237:/var/www/html# systemctl restart nginx.service

Getting error for my ip address

403 Forbidden

Others are able to access log success
root@ip-172-31-42-237:/var/www/html# tail -f /var/log/nginx/access.log
136.226.199.34 - - [09/Jun/2025:11:30:25 +0000] "GET /favicon.ico HTTP/1.1" 200 "http://54.198.138.13/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36"

 See here using ip address http://54.198.138.13/  instead of that will give to Unique domain name 

 http://54.198.138.13/  --> Amazon.com (domain)

--Thanks 

Just   Knowledge Purpose 

Instead of Chat gpt, use Visual studio code setup the copilot,text the requirement ,the code will generated automatically 



This is the way AI (your are experienced give terraform code for ec2 and make sure the having full secure)

this the  way you need search, see below ,it will give complete text for IAM, security group everything.

// main.tf

provider "aws" {

  region = "us-east-1"

}

data "aws_ami" "amazon_linux" {

  most_recent = true

  owners      = ["amazon"]

  filter {

    name   = "name"

    values = ["amzn2-ami-hvm-*-x86_64-gp2"]

  }

}

resource "aws_security_group" "ec2_sg" {

  name        = "secure-ec2-sg"

  description = "Allow SSH only from my IP"

  vpc_id      = "<YOUR_VPC_ID>"

  ingress {

    description = "SSH from my IP"

    from_port   = 22

    to_port     = 22

    protocol    = "tcp"

    cidr_blocks = ["<YOUR_IP>/32"]

  }

  egress {

    from_port   = 0

    to_port     = 0

    protocol    = "-1"

    cidr_blocks = ["0.0.0.0/0"]

  }

}

resource "aws_iam_role" "ec2_role" {

  name = "ec2-least-privilege-role"

  assume_role_policy = jsonencode({

    Version = "2012-10-17"

    Statement = [{

      Action = "sts:AssumeRole"

      Effect = "Allow"

      Principal = {

        Service = "ec2.amazonaws.com"

      }

    }]

  })

}

resource "aws_iam_instance_profile" "ec2_profile" {

  name = "ec2-instance-profile"

  role = aws_iam_role.ec2_role.name

}

resource "aws_instance" "secure_ec2" {

  ami                         = data.aws_ami.amazon_linux.id

  instance_type               = "t3.micro"

  subnet_id                   = "<YOUR_PRIVATE_SUBNET_ID>"

  vpc_security_group_ids      = [aws_security_group.ec2_sg.id]

  associate_public_ip_address = false

  iam_instance_profile        = aws_iam_instance_profile.ec2_profile.name


  root_block_device {

    encrypted = true

    volume_size = 8

    volume_type = "gp3"

  }

  tags = {

    Name = "secure-ec2"

  }

}

Just Knowledge Purpose 

If you want linux server use this website for 1 hr , click ubuntu  free

https://killercoda.com/playgrounds

--Thanks 



by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)