Before starting, please follow these conventions to avoid affecting system stability.
| Path | Purpose | Action |
|---|---|---|
| /etc/nginx/sites-available/ | Configuration files for standalone port services | Create new files here |
| /etc/nginx/server_common_conf/ | Configuration files for location proxies | Create new files here |
| /etc/nginx/nginx.conf.rosp | System Nginx configuration template | DO NOT modify |
| /etc/nginx/sites-available/rosp_web | System main Web service configuration | DO NOT modify |
| Port Range | Status | Description |
|---|---|---|
| 80, 443 | System reserved | Web management interface, do not use directly |
| 1880, 8080, 8090 | Service reserved | Node-RED, ChirpStack, etc. |
| 8081-8089 | Recommended | Custom HTTP services |
| 9000-9999 | Recommended | Custom TCP/UDP services |
All operations require root privileges.
If your application needs to use the default Web service ports (80/443), you must change the system Web service ports to other ports. Run the following commands to modify the default Web management interface ports:
sudo uci set web_server.http_port 8080
sudo uci set web_server.https_port 8443
sudo uci commit
Choose the most suitable method based on your requirements.
| Feature | Method 1: Standalone Port | Method 2: Location Proxy |
|---|---|---|
| Access Method | http://device-IP:port/ | https://device-IP/path/ |
| Use Cases | Independent Web apps, monitoring dashboards, documentation | API services, backends requiring unified entry point |
| SSL | Not supported | Automatically enabled (recommended) |
| Advantages | Isolated configuration, no mutual impact | Unified access point, more secure |
| Disadvantages | Need to manage additional ports, no HTTPS | Need to plan URL paths to avoid conflicts |
Tip: HTTP (80) access is automatically redirected to HTTPS (443) by default, so Location Proxy only works under HTTPS.
Example: deploying a static website on port 8888.
1. Create Configuration File
# Write configuration to /etc/nginx/sites-available/my_static_site
sudo tee /etc/nginx/sites-available/my_static_site > /dev/null <<'EOF'
server {
listen 8888;
server_name _;
root /var/www/my_static_site;
index index.html;
# Simplified logging and security headers
access_log /var/log/nginx/my_static_site.log;
error_log /var/log/nginx/my_static_site.error.log;
add_header X-Frame-Options "SAMEORIGIN";
location / {
try_files $uri $uri/ =404;
}
}
EOF
2. Create Web Files
sudo mkdir -p /var/www/my_static_site
echo "<h1>Hello from Port 8888</h1>" | sudo tee /var/www/my_static_site/index.html
3. Enable Service
# Create symlink to enable
sudo ln -s /etc/nginx/sites-available/my_static_site /etc/nginx/sites-enabled/
# Test configuration and reload
sudo nginx -t && sudo systemctl reload nginx
Access: http://:8888
Proxy all requests to https://device-IP/myapp/ to a local service running on port 5000.
1. Create Proxy Configuration
# Write configuration to /etc/nginx/server_common_conf/myapp_proxy.conf
sudo tee /etc/nginx/server_common_conf/myapp_proxy.conf > /dev/null <<'EOF'
location /myapp/ {
proxy_pass http://127.0.0.1:5000/; # Note the trailing slash
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
EOF
2. Reload Nginx
sudo nginx -t && sudo systemctl reload nginx
Access: https:///myapp/ (Note: use HTTPS)
| Command | Purpose |
|---|---|
| sudo nginx -t | Preferred, check all configuration file syntax |
| sudo systemctl status nginx | View Nginx service running status |
| ss -tlnp | grep nginx |
| tail -50 /var/log/nginx/error.log | View recent error logs |
| tail -f /var/log/nginx_config_fixes.log | View system auto-fix logs |
| Issue | Possible Causes & Solutions |
|---|---|
| Configuration not taking effect | Forgot to reload: sudo systemctl reload nginx |
| 502 Bad Gateway | Backend service not running or incorrect port. Check backend service. |
| Location proxy 404 | Path configuration error or using HTTP. Must use HTTPS. |
| Port inaccessible | Port conflict or not listening. Check with ss -tlnp. |
| Configuration rolled back | Severe syntax error. Check /var/log/nginx_config_fixes.log. |
If configuration causes Nginx to fail to start, follow these steps to restore to system default configuration.
sudo systemctl stop nginx
# Remove custom symlinks and proxy configurations
sudo rm -f /etc/nginx/sites-enabled/my_static_site
sudo rm -f /etc/nginx/server_common_conf/myapp_proxy.conf
# Re-link default service
sudo ln -s /etc/nginx/sites-available/rosp_web /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl start nginx
# ... above or below proxy_pass and other directives
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
Proxy to Grafana container (port 3000) and map to /monitoring/ path.
location /monitoring/ {
# rewrite directive removes /monitoring/ prefix from URL
rewrite ^/monitoring/(.*) /$1 break;
proxy_pass http://127.0.0.1:3000;
# ... other proxy_set_header directives ...
}
Note: Some applications (like Grafana) require their own root_url configuration to support subpath access.
Protect path /admin/, requiring username and password for access.
1. Install Tools and Create Password
sudo apt-get update && sudo apt-get install -y apache2-utils
sudo htpasswd -c /etc/nginx/auth.htpasswd admin
# Enter password when prompted
2. Add Authentication in Location Configuration
location /admin/ {
auth_basic "Restricted Area";
auth_basic_user_file /etc/nginx/auth.htpasswd;
# ... proxy_pass and other directives ...
}
Nginx Official Documentation: https://nginx.org/en/docs/
Configuration File Naming: Recommend using descriptive names, such as monitoring_dashboard, rather than app1.
File Permissions: Configuration files (.conf) recommended 644, Web directories recommended 755, Web files recommended 644.