[{"data":1,"prerenderedAt":2756},["ShallowReactive",2],{"wiki-nginx-setup":3},{"id":4,"title":5,"body":6,"description":2745,"extension":2746,"meta":2747,"navigation":332,"path":2752,"seo":2753,"stem":2754,"__hash__":2755},"wiki/wiki/nginx-setup.md","Полная настройка Nginx на Ubuntu и Debian",{"type":7,"value":8,"toc":2697},"minimark",[9,14,18,23,63,66,70,75,130,134,168,172,197,204,208,235,237,241,249,271,273,277,284,299,598,602,672,674,678,682,697,701,715,718,831,835,856,860,915,919,945,952,954,958,962,967,988,993,1011,1015,1040,1043,1055,1059,1062,1078,1081,1098,1100,1104,1107,1121,1218,1220,1224,1227,1241,1340,1344,1418,1420,1424,1436,1762,1765,1789,1791,1795,1798,1802,1952,1954,1958,1967,2027,2030,2085,2138,2140,2144,2147,2208,2215,2217,2221,2225,2350,2354,2361,2374,2376,2380,2461,2463,2467,2470,2539,2550,2552,2556,2564,2567,2587,2591,2594,2632,2636,2643,2652,2656,2693],[10,11,13],"h1",{"id":12},"полная-настройка-nginx","Полная настройка Nginx",[15,16,17],"p",{},"Подробное руководство по установке, настройке и защите Nginx на Ubuntu и Debian. Покрываем всё: от базовой установки до продвинутой конфигурации с SSL, HTTP/2, rate limiting и заголовками безопасности.",[19,20,22],"h2",{"id":21},"требования","Требования",[24,25,26,34,44,50],"ul",{},[27,28,29,33],"li",{},[30,31,32],"strong",{},"ОС",": Ubuntu 22.04 / 24.04 LTS или Debian 12 (Bookworm)",[27,35,36,39,40],{},[30,37,38],{},"Доступ",": root или пользователь с ",[41,42,43],"code",{},"sudo",[27,45,46,49],{},[30,47,48],{},"Домен",": направленный на IP-адрес сервера (для SSL)",[27,51,52,55,56,59,60],{},[30,53,54],{},"Порты",": открытые ",[41,57,58],{},"80"," и ",[41,61,62],{},"443",[64,65],"hr",{},[19,67,69],{"id":68},"установка-nginx","Установка Nginx",[71,72,74],"h3",{"id":73},"ubuntu","Ubuntu",[76,77,82],"pre",{"className":78,"code":79,"language":80,"meta":81,"style":81},"language-bash shiki shiki-themes github-dark","sudo apt update && sudo apt upgrade -y\nsudo apt install -y nginx\n","bash","",[41,83,84,114],{"__ignoreMap":81},[85,86,89,92,96,99,103,105,107,110],"span",{"class":87,"line":88},"line",1,[85,90,43],{"class":91},"svObZ",[85,93,95],{"class":94},"sU2Wk"," apt",[85,97,98],{"class":94}," update",[85,100,102],{"class":101},"s95oV"," && ",[85,104,43],{"class":91},[85,106,95],{"class":94},[85,108,109],{"class":94}," upgrade",[85,111,113],{"class":112},"sDLfK"," -y\n",[85,115,117,119,121,124,127],{"class":87,"line":116},2,[85,118,43],{"class":91},[85,120,95],{"class":94},[85,122,123],{"class":94}," install",[85,125,126],{"class":112}," -y",[85,128,129],{"class":94}," nginx\n",[71,131,133],{"id":132},"debian","Debian",[76,135,136],{"className":78,"code":79,"language":80,"meta":81,"style":81},[41,137,138,156],{"__ignoreMap":81},[85,139,140,142,144,146,148,150,152,154],{"class":87,"line":88},[85,141,43],{"class":91},[85,143,95],{"class":94},[85,145,98],{"class":94},[85,147,102],{"class":101},[85,149,43],{"class":91},[85,151,95],{"class":94},[85,153,109],{"class":94},[85,155,113],{"class":112},[85,157,158,160,162,164,166],{"class":87,"line":116},[85,159,43],{"class":91},[85,161,95],{"class":94},[85,163,123],{"class":94},[85,165,126],{"class":112},[85,167,129],{"class":94},[71,169,171],{"id":170},"проверка-установки","Проверка установки",[76,173,175],{"className":78,"code":174,"language":80,"meta":81,"style":81},"nginx -v\nsudo systemctl status nginx\n",[41,176,177,185],{"__ignoreMap":81},[85,178,179,182],{"class":87,"line":88},[85,180,181],{"class":91},"nginx",[85,183,184],{"class":112}," -v\n",[85,186,187,189,192,195],{"class":87,"line":116},[85,188,43],{"class":91},[85,190,191],{"class":94}," systemctl",[85,193,194],{"class":94}," status",[85,196,129],{"class":94},[15,198,199,200,203],{},"Если Nginx запущен, откройте в браузере ",[41,201,202],{},"http://ваш_ip"," — вы увидите страницу «Welcome to nginx!».",[71,205,207],{"id":206},"автозапуск","Автозапуск",[76,209,211],{"className":78,"code":210,"language":80,"meta":81,"style":81},"sudo systemctl enable nginx\nsudo systemctl start nginx\n",[41,212,213,224],{"__ignoreMap":81},[85,214,215,217,219,222],{"class":87,"line":88},[85,216,43],{"class":91},[85,218,191],{"class":94},[85,220,221],{"class":94}," enable",[85,223,129],{"class":94},[85,225,226,228,230,233],{"class":87,"line":116},[85,227,43],{"class":91},[85,229,191],{"class":94},[85,231,232],{"class":94}," start",[85,234,129],{"class":94},[64,236],{},[19,238,240],{"id":239},"структура-каталогов","Структура каталогов",[76,242,247],{"className":243,"code":245,"language":246},[244],"language-text","/etc/nginx/\n├── nginx.conf              # Главный конфиг\n├── sites-available/        # Доступные конфигурации сайтов\n├── sites-enabled/          # Активные конфигурации (симлинки)\n├── snippets/               # Переиспользуемые фрагменты\n├── conf.d/                 # Дополнительные конфиги\n└── mime.types              # MIME-типы\n","text",[41,248,245],{"__ignoreMap":81},[24,250,251,257,265],{},[27,252,253,256],{},[30,254,255],{},"sites-available/"," — здесь лежат конфиги всех сайтов",[27,258,259,262,263],{},[30,260,261],{},"sites-enabled/"," — симлинки на активные конфиги из ",[41,264,255],{},[27,266,267,270],{},[30,268,269],{},"snippets/"," — сюда удобно выносить повторяющиеся блоки (SSL, заголовки)",[64,272],{},[19,274,276],{"id":275},"настройка-главного-конфига","Настройка главного конфига",[15,278,279,280,283],{},"Отредактируйте ",[41,281,282],{},"/etc/nginx/nginx.conf",":",[76,285,287],{"className":78,"code":286,"language":80,"meta":81,"style":81},"sudo nano /etc/nginx/nginx.conf\n",[41,288,289],{"__ignoreMap":81},[85,290,291,293,296],{"class":87,"line":88},[85,292,43],{"class":91},[85,294,295],{"class":94}," nano",[85,297,298],{"class":94}," /etc/nginx/nginx.conf\n",[76,300,303],{"className":301,"code":302,"language":181,"meta":81,"style":81},"language-nginx shiki shiki-themes github-dark","user www-data;\nworker_processes auto;\npid /run/nginx.pid;\nerror_log /var/log/nginx/error.log warn;\n\nevents {\n    worker_connections 1024;\n    multi_accept on;\n    use epoll;\n}\n\nhttp {\n    # Базовые настройки\n    sendfile on;\n    tcp_nopush on;\n    tcp_nodelay on;\n    keepalive_timeout 65;\n    types_hash_max_size 2048;\n    server_tokens off;\n    client_max_body_size 64m;\n\n    # MIME\n    include /etc/nginx/mime.types;\n    default_type application/octet-stream;\n\n    # Логи\n    access_log /var/log/nginx/access.log;\n    error_log /var/log/nginx/error.log;\n\n    # Gzip-сжатие\n    gzip on;\n    gzip_vary on;\n    gzip_proxied any;\n    gzip_comp_level 5;\n    gzip_min_length 256;\n    gzip_types\n        text/plain\n        text/css\n        text/javascript\n        application/javascript\n        application/json\n        application/xml\n        application/xml+rss\n        image/svg+xml\n        font/woff2;\n\n    # Подключение конфигов\n    include /etc/nginx/conf.d/*.conf;\n    include /etc/nginx/sites-enabled/*;\n}\n",[41,304,305,310,315,321,327,334,340,346,352,358,364,369,375,381,387,393,399,405,411,417,423,428,434,440,446,451,457,463,469,474,480,486,492,498,504,510,516,522,528,534,540,546,552,558,564,570,575,581,587,593],{"__ignoreMap":81},[85,306,307],{"class":87,"line":88},[85,308,309],{},"user www-data;\n",[85,311,312],{"class":87,"line":116},[85,313,314],{},"worker_processes auto;\n",[85,316,318],{"class":87,"line":317},3,[85,319,320],{},"pid /run/nginx.pid;\n",[85,322,324],{"class":87,"line":323},4,[85,325,326],{},"error_log /var/log/nginx/error.log warn;\n",[85,328,330],{"class":87,"line":329},5,[85,331,333],{"emptyLinePlaceholder":332},true,"\n",[85,335,337],{"class":87,"line":336},6,[85,338,339],{},"events {\n",[85,341,343],{"class":87,"line":342},7,[85,344,345],{},"    worker_connections 1024;\n",[85,347,349],{"class":87,"line":348},8,[85,350,351],{},"    multi_accept on;\n",[85,353,355],{"class":87,"line":354},9,[85,356,357],{},"    use epoll;\n",[85,359,361],{"class":87,"line":360},10,[85,362,363],{},"}\n",[85,365,367],{"class":87,"line":366},11,[85,368,333],{"emptyLinePlaceholder":332},[85,370,372],{"class":87,"line":371},12,[85,373,374],{},"http {\n",[85,376,378],{"class":87,"line":377},13,[85,379,380],{},"    # Базовые настройки\n",[85,382,384],{"class":87,"line":383},14,[85,385,386],{},"    sendfile on;\n",[85,388,390],{"class":87,"line":389},15,[85,391,392],{},"    tcp_nopush on;\n",[85,394,396],{"class":87,"line":395},16,[85,397,398],{},"    tcp_nodelay on;\n",[85,400,402],{"class":87,"line":401},17,[85,403,404],{},"    keepalive_timeout 65;\n",[85,406,408],{"class":87,"line":407},18,[85,409,410],{},"    types_hash_max_size 2048;\n",[85,412,414],{"class":87,"line":413},19,[85,415,416],{},"    server_tokens off;\n",[85,418,420],{"class":87,"line":419},20,[85,421,422],{},"    client_max_body_size 64m;\n",[85,424,426],{"class":87,"line":425},21,[85,427,333],{"emptyLinePlaceholder":332},[85,429,431],{"class":87,"line":430},22,[85,432,433],{},"    # MIME\n",[85,435,437],{"class":87,"line":436},23,[85,438,439],{},"    include /etc/nginx/mime.types;\n",[85,441,443],{"class":87,"line":442},24,[85,444,445],{},"    default_type application/octet-stream;\n",[85,447,449],{"class":87,"line":448},25,[85,450,333],{"emptyLinePlaceholder":332},[85,452,454],{"class":87,"line":453},26,[85,455,456],{},"    # Логи\n",[85,458,460],{"class":87,"line":459},27,[85,461,462],{},"    access_log /var/log/nginx/access.log;\n",[85,464,466],{"class":87,"line":465},28,[85,467,468],{},"    error_log /var/log/nginx/error.log;\n",[85,470,472],{"class":87,"line":471},29,[85,473,333],{"emptyLinePlaceholder":332},[85,475,477],{"class":87,"line":476},30,[85,478,479],{},"    # Gzip-сжатие\n",[85,481,483],{"class":87,"line":482},31,[85,484,485],{},"    gzip on;\n",[85,487,489],{"class":87,"line":488},32,[85,490,491],{},"    gzip_vary on;\n",[85,493,495],{"class":87,"line":494},33,[85,496,497],{},"    gzip_proxied any;\n",[85,499,501],{"class":87,"line":500},34,[85,502,503],{},"    gzip_comp_level 5;\n",[85,505,507],{"class":87,"line":506},35,[85,508,509],{},"    gzip_min_length 256;\n",[85,511,513],{"class":87,"line":512},36,[85,514,515],{},"    gzip_types\n",[85,517,519],{"class":87,"line":518},37,[85,520,521],{},"        text/plain\n",[85,523,525],{"class":87,"line":524},38,[85,526,527],{},"        text/css\n",[85,529,531],{"class":87,"line":530},39,[85,532,533],{},"        text/javascript\n",[85,535,537],{"class":87,"line":536},40,[85,538,539],{},"        application/javascript\n",[85,541,543],{"class":87,"line":542},41,[85,544,545],{},"        application/json\n",[85,547,549],{"class":87,"line":548},42,[85,550,551],{},"        application/xml\n",[85,553,555],{"class":87,"line":554},43,[85,556,557],{},"        application/xml+rss\n",[85,559,561],{"class":87,"line":560},44,[85,562,563],{},"        image/svg+xml\n",[85,565,567],{"class":87,"line":566},45,[85,568,569],{},"        font/woff2;\n",[85,571,573],{"class":87,"line":572},46,[85,574,333],{"emptyLinePlaceholder":332},[85,576,578],{"class":87,"line":577},47,[85,579,580],{},"    # Подключение конфигов\n",[85,582,584],{"class":87,"line":583},48,[85,585,586],{},"    include /etc/nginx/conf.d/*.conf;\n",[85,588,590],{"class":87,"line":589},49,[85,591,592],{},"    include /etc/nginx/sites-enabled/*;\n",[85,594,596],{"class":87,"line":595},50,[85,597,363],{},[71,599,601],{"id":600},"что-здесь-важно","Что здесь важно",[603,604,605,618],"table",{},[606,607,608],"thead",{},[609,610,611,615],"tr",{},[612,613,614],"th",{},"Параметр",[612,616,617],{},"Зачем",[619,620,621,632,642,652,662],"tbody",{},[609,622,623,629],{},[624,625,626],"td",{},[41,627,628],{},"worker_processes auto",[624,630,631],{},"Использует все ядра CPU",[609,633,634,639],{},[624,635,636],{},[41,637,638],{},"server_tokens off",[624,640,641],{},"Скрывает версию Nginx в заголовках",[609,643,644,649],{},[624,645,646],{},[41,647,648],{},"client_max_body_size 64m",[624,650,651],{},"Максимальный размер загружаемого файла",[609,653,654,659],{},[624,655,656],{},[41,657,658],{},"gzip_comp_level 5",[624,660,661],{},"Баланс между сжатием и нагрузкой на CPU",[609,663,664,669],{},[624,665,666],{},[41,667,668],{},"multi_accept on",[624,670,671],{},"Принимать несколько соединений за раз",[64,673],{},[19,675,677],{"id":676},"создание-конфига-сайта","Создание конфига сайта",[71,679,681],{"id":680},"удалите-дефолтный-конфиг","Удалите дефолтный конфиг",[76,683,685],{"className":78,"code":684,"language":80,"meta":81,"style":81},"sudo rm /etc/nginx/sites-enabled/default\n",[41,686,687],{"__ignoreMap":81},[85,688,689,691,694],{"class":87,"line":88},[85,690,43],{"class":91},[85,692,693],{"class":94}," rm",[85,695,696],{"class":94}," /etc/nginx/sites-enabled/default\n",[71,698,700],{"id":699},"создайте-конфиг-для-вашего-домена","Создайте конфиг для вашего домена",[76,702,704],{"className":78,"code":703,"language":80,"meta":81,"style":81},"sudo nano /etc/nginx/sites-available/example.com\n",[41,705,706],{"__ignoreMap":81},[85,707,708,710,712],{"class":87,"line":88},[85,709,43],{"class":91},[85,711,295],{"class":94},[85,713,714],{"class":94}," /etc/nginx/sites-available/example.com\n",[15,716,717],{},"Начнём с простого HTTP-конфига (SSL добавим позже):",[76,719,721],{"className":301,"code":720,"language":181,"meta":81,"style":81},"server {\n    listen 80;\n    listen [::]:80;\n    server_name example.com www.example.com;\n\n    root /var/www/example.com/html;\n    index index.html;\n\n    # Логи\n    access_log /var/log/nginx/example.com.access.log;\n    error_log /var/log/nginx/example.com.error.log;\n\n    location / {\n        try_files $uri $uri/ =404;\n    }\n\n    # Блокируем скрытые файлы\n    location ~ /\\. {\n        deny all;\n        access_log off;\n        log_not_found off;\n    }\n}\n",[41,722,723,728,733,738,743,747,752,757,761,765,770,775,779,784,789,794,798,803,808,813,818,823,827],{"__ignoreMap":81},[85,724,725],{"class":87,"line":88},[85,726,727],{},"server {\n",[85,729,730],{"class":87,"line":116},[85,731,732],{},"    listen 80;\n",[85,734,735],{"class":87,"line":317},[85,736,737],{},"    listen [::]:80;\n",[85,739,740],{"class":87,"line":323},[85,741,742],{},"    server_name example.com www.example.com;\n",[85,744,745],{"class":87,"line":329},[85,746,333],{"emptyLinePlaceholder":332},[85,748,749],{"class":87,"line":336},[85,750,751],{},"    root /var/www/example.com/html;\n",[85,753,754],{"class":87,"line":342},[85,755,756],{},"    index index.html;\n",[85,758,759],{"class":87,"line":348},[85,760,333],{"emptyLinePlaceholder":332},[85,762,763],{"class":87,"line":354},[85,764,456],{},[85,766,767],{"class":87,"line":360},[85,768,769],{},"    access_log /var/log/nginx/example.com.access.log;\n",[85,771,772],{"class":87,"line":366},[85,773,774],{},"    error_log /var/log/nginx/example.com.error.log;\n",[85,776,777],{"class":87,"line":371},[85,778,333],{"emptyLinePlaceholder":332},[85,780,781],{"class":87,"line":377},[85,782,783],{},"    location / {\n",[85,785,786],{"class":87,"line":383},[85,787,788],{},"        try_files $uri $uri/ =404;\n",[85,790,791],{"class":87,"line":389},[85,792,793],{},"    }\n",[85,795,796],{"class":87,"line":395},[85,797,333],{"emptyLinePlaceholder":332},[85,799,800],{"class":87,"line":401},[85,801,802],{},"    # Блокируем скрытые файлы\n",[85,804,805],{"class":87,"line":407},[85,806,807],{},"    location ~ /\\. {\n",[85,809,810],{"class":87,"line":413},[85,811,812],{},"        deny all;\n",[85,814,815],{"class":87,"line":419},[85,816,817],{},"        access_log off;\n",[85,819,820],{"class":87,"line":425},[85,821,822],{},"        log_not_found off;\n",[85,824,825],{"class":87,"line":430},[85,826,793],{},[85,828,829],{"class":87,"line":436},[85,830,363],{},[71,832,834],{"id":833},"активируйте-конфиг","Активируйте конфиг",[76,836,838],{"className":78,"code":837,"language":80,"meta":81,"style":81},"sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/\n",[41,839,840],{"__ignoreMap":81},[85,841,842,844,847,850,853],{"class":87,"line":88},[85,843,43],{"class":91},[85,845,846],{"class":94}," ln",[85,848,849],{"class":112}," -s",[85,851,852],{"class":94}," /etc/nginx/sites-available/example.com",[85,854,855],{"class":94}," /etc/nginx/sites-enabled/\n",[71,857,859],{"id":858},"создайте-директорию-сайта","Создайте директорию сайта",[76,861,863],{"className":78,"code":862,"language":80,"meta":81,"style":81},"sudo mkdir -p /var/www/example.com/html\nsudo chown -R www-data:www-data /var/www/example.com\necho '\u003Ch1>It works!\u003C/h1>' | sudo tee /var/www/example.com/html/index.html\n",[41,864,865,878,894],{"__ignoreMap":81},[85,866,867,869,872,875],{"class":87,"line":88},[85,868,43],{"class":91},[85,870,871],{"class":94}," mkdir",[85,873,874],{"class":112}," -p",[85,876,877],{"class":94}," /var/www/example.com/html\n",[85,879,880,882,885,888,891],{"class":87,"line":116},[85,881,43],{"class":91},[85,883,884],{"class":94}," chown",[85,886,887],{"class":112}," -R",[85,889,890],{"class":94}," www-data:www-data",[85,892,893],{"class":94}," /var/www/example.com\n",[85,895,896,899,902,906,909,912],{"class":87,"line":317},[85,897,898],{"class":112},"echo",[85,900,901],{"class":94}," '\u003Ch1>It works!\u003C/h1>'",[85,903,905],{"class":904},"snl16"," |",[85,907,908],{"class":91}," sudo",[85,910,911],{"class":94}," tee",[85,913,914],{"class":94}," /var/www/example.com/html/index.html\n",[71,916,918],{"id":917},"проверка-и-перезагрузка","Проверка и перезагрузка",[76,920,922],{"className":78,"code":921,"language":80,"meta":81,"style":81},"sudo nginx -t\nsudo systemctl reload nginx\n",[41,923,924,934],{"__ignoreMap":81},[85,925,926,928,931],{"class":87,"line":88},[85,927,43],{"class":91},[85,929,930],{"class":94}," nginx",[85,932,933],{"class":112}," -t\n",[85,935,936,938,940,943],{"class":87,"line":116},[85,937,43],{"class":91},[85,939,191],{"class":94},[85,941,942],{"class":94}," reload",[85,944,129],{"class":94},[15,946,947,948,951],{},"Всегда проверяйте конфиг через ",[41,949,950],{},"nginx -t"," перед перезагрузкой. Если есть ошибки — Nginx покажет строку и файл.",[64,953],{},[19,955,957],{"id":956},"ssl-сертификат-с-lets-encrypt","SSL-сертификат с Let's Encrypt",[71,959,961],{"id":960},"установка-certbot","Установка Certbot",[15,963,964],{},[30,965,966],{},"Ubuntu:",[76,968,970],{"className":78,"code":969,"language":80,"meta":81,"style":81},"sudo apt install -y certbot python3-certbot-nginx\n",[41,971,972],{"__ignoreMap":81},[85,973,974,976,978,980,982,985],{"class":87,"line":88},[85,975,43],{"class":91},[85,977,95],{"class":94},[85,979,123],{"class":94},[85,981,126],{"class":112},[85,983,984],{"class":94}," certbot",[85,986,987],{"class":94}," python3-certbot-nginx\n",[15,989,990],{},[30,991,992],{},"Debian:",[76,994,995],{"className":78,"code":969,"language":80,"meta":81,"style":81},[41,996,997],{"__ignoreMap":81},[85,998,999,1001,1003,1005,1007,1009],{"class":87,"line":88},[85,1000,43],{"class":91},[85,1002,95],{"class":94},[85,1004,123],{"class":94},[85,1006,126],{"class":112},[85,1008,984],{"class":94},[85,1010,987],{"class":94},[71,1012,1014],{"id":1013},"получение-сертификата","Получение сертификата",[76,1016,1018],{"className":78,"code":1017,"language":80,"meta":81,"style":81},"sudo certbot --nginx -d example.com -d www.example.com\n",[41,1019,1020],{"__ignoreMap":81},[85,1021,1022,1024,1026,1029,1032,1035,1037],{"class":87,"line":88},[85,1023,43],{"class":91},[85,1025,984],{"class":94},[85,1027,1028],{"class":112}," --nginx",[85,1030,1031],{"class":112}," -d",[85,1033,1034],{"class":94}," example.com",[85,1036,1031],{"class":112},[85,1038,1039],{"class":94}," www.example.com\n",[15,1041,1042],{},"Certbot автоматически:",[1044,1045,1046,1049,1052],"ol",{},[27,1047,1048],{},"Получит сертификат",[27,1050,1051],{},"Обновит конфиг Nginx для HTTPS",[27,1053,1054],{},"Настроит редирект HTTP → HTTPS",[71,1056,1058],{"id":1057},"автоматическое-продление","Автоматическое продление",[15,1060,1061],{},"Certbot ставит таймер автопродления. Проверьте:",[76,1063,1065],{"className":78,"code":1064,"language":80,"meta":81,"style":81},"sudo systemctl status certbot.timer\n",[41,1066,1067],{"__ignoreMap":81},[85,1068,1069,1071,1073,1075],{"class":87,"line":88},[85,1070,43],{"class":91},[85,1072,191],{"class":94},[85,1074,194],{"class":94},[85,1076,1077],{"class":94}," certbot.timer\n",[15,1079,1080],{},"Тестовый прогон продления:",[76,1082,1084],{"className":78,"code":1083,"language":80,"meta":81,"style":81},"sudo certbot renew --dry-run\n",[41,1085,1086],{"__ignoreMap":81},[85,1087,1088,1090,1092,1095],{"class":87,"line":88},[85,1089,43],{"class":91},[85,1091,984],{"class":94},[85,1093,1094],{"class":94}," renew",[85,1096,1097],{"class":112}," --dry-run\n",[64,1099],{},[19,1101,1103],{"id":1102},"продвинутая-https-конфигурация","Продвинутая HTTPS-конфигурация",[15,1105,1106],{},"После получения сертификата улучшим SSL-настройки. Создадим сниппет:",[76,1108,1110],{"className":78,"code":1109,"language":80,"meta":81,"style":81},"sudo nano /etc/nginx/snippets/ssl-params.conf\n",[41,1111,1112],{"__ignoreMap":81},[85,1113,1114,1116,1118],{"class":87,"line":88},[85,1115,43],{"class":91},[85,1117,295],{"class":94},[85,1119,1120],{"class":94}," /etc/nginx/snippets/ssl-params.conf\n",[76,1122,1124],{"className":301,"code":1123,"language":181,"meta":81,"style":81},"# Протоколы и шифры\nssl_protocols TLSv1.2 TLSv1.3;\nssl_prefer_server_ciphers off;\nssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;\n\n# OCSP Stapling\nssl_stapling on;\nssl_stapling_verify on;\nresolver 1.1.1.1 8.8.8.8 valid=300s;\nresolver_timeout 5s;\n\n# Кэш SSL-сессий\nssl_session_cache shared:SSL:10m;\nssl_session_timeout 1d;\nssl_session_tickets off;\n\n# Diffie-Hellman (опционально, для TLS 1.2)\n# Сгенерировать: sudo openssl dhparam -out /etc/nginx/dhparam.pem 2048\n# ssl_dhparam /etc/nginx/dhparam.pem;\n",[41,1125,1126,1131,1136,1141,1146,1150,1155,1160,1165,1170,1175,1179,1184,1189,1194,1199,1203,1208,1213],{"__ignoreMap":81},[85,1127,1128],{"class":87,"line":88},[85,1129,1130],{},"# Протоколы и шифры\n",[85,1132,1133],{"class":87,"line":116},[85,1134,1135],{},"ssl_protocols TLSv1.2 TLSv1.3;\n",[85,1137,1138],{"class":87,"line":317},[85,1139,1140],{},"ssl_prefer_server_ciphers off;\n",[85,1142,1143],{"class":87,"line":323},[85,1144,1145],{},"ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;\n",[85,1147,1148],{"class":87,"line":329},[85,1149,333],{"emptyLinePlaceholder":332},[85,1151,1152],{"class":87,"line":336},[85,1153,1154],{},"# OCSP Stapling\n",[85,1156,1157],{"class":87,"line":342},[85,1158,1159],{},"ssl_stapling on;\n",[85,1161,1162],{"class":87,"line":348},[85,1163,1164],{},"ssl_stapling_verify on;\n",[85,1166,1167],{"class":87,"line":354},[85,1168,1169],{},"resolver 1.1.1.1 8.8.8.8 valid=300s;\n",[85,1171,1172],{"class":87,"line":360},[85,1173,1174],{},"resolver_timeout 5s;\n",[85,1176,1177],{"class":87,"line":366},[85,1178,333],{"emptyLinePlaceholder":332},[85,1180,1181],{"class":87,"line":371},[85,1182,1183],{},"# Кэш SSL-сессий\n",[85,1185,1186],{"class":87,"line":377},[85,1187,1188],{},"ssl_session_cache shared:SSL:10m;\n",[85,1190,1191],{"class":87,"line":383},[85,1192,1193],{},"ssl_session_timeout 1d;\n",[85,1195,1196],{"class":87,"line":389},[85,1197,1198],{},"ssl_session_tickets off;\n",[85,1200,1201],{"class":87,"line":395},[85,1202,333],{"emptyLinePlaceholder":332},[85,1204,1205],{"class":87,"line":401},[85,1206,1207],{},"# Diffie-Hellman (опционально, для TLS 1.2)\n",[85,1209,1210],{"class":87,"line":407},[85,1211,1212],{},"# Сгенерировать: sudo openssl dhparam -out /etc/nginx/dhparam.pem 2048\n",[85,1214,1215],{"class":87,"line":413},[85,1216,1217],{},"# ssl_dhparam /etc/nginx/dhparam.pem;\n",[64,1219],{},[19,1221,1223],{"id":1222},"заголовки-безопасности","Заголовки безопасности",[15,1225,1226],{},"Создайте сниппет с заголовками:",[76,1228,1230],{"className":78,"code":1229,"language":80,"meta":81,"style":81},"sudo nano /etc/nginx/snippets/security-headers.conf\n",[41,1231,1232],{"__ignoreMap":81},[85,1233,1234,1236,1238],{"class":87,"line":88},[85,1235,43],{"class":91},[85,1237,295],{"class":94},[85,1239,1240],{"class":94}," /etc/nginx/snippets/security-headers.conf\n",[76,1242,1244],{"className":301,"code":1243,"language":181,"meta":81,"style":81},"# Защита от кликджекинга\nadd_header X-Frame-Options \"SAMEORIGIN\" always;\n\n# Защита от MIME-снифинга\nadd_header X-Content-Type-Options \"nosniff\" always;\n\n# XSS-фильтр\nadd_header X-XSS-Protection \"1; mode=block\" always;\n\n# Referrer\nadd_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\n\n# Permissions Policy\nadd_header Permissions-Policy \"camera=(), microphone=(), geolocation=()\" always;\n\n# HSTS (включать только когда SSL точно работает!)\nadd_header Strict-Transport-Security \"max-age=31536000; includeSubDomains; preload\" always;\n\n# Content Security Policy (настройте под свой сайт)\n# add_header Content-Security-Policy \"default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline';\" always;\n",[41,1245,1246,1251,1256,1260,1265,1270,1274,1279,1284,1288,1293,1298,1302,1307,1312,1316,1321,1326,1330,1335],{"__ignoreMap":81},[85,1247,1248],{"class":87,"line":88},[85,1249,1250],{},"# Защита от кликджекинга\n",[85,1252,1253],{"class":87,"line":116},[85,1254,1255],{},"add_header X-Frame-Options \"SAMEORIGIN\" always;\n",[85,1257,1258],{"class":87,"line":317},[85,1259,333],{"emptyLinePlaceholder":332},[85,1261,1262],{"class":87,"line":323},[85,1263,1264],{},"# Защита от MIME-снифинга\n",[85,1266,1267],{"class":87,"line":329},[85,1268,1269],{},"add_header X-Content-Type-Options \"nosniff\" always;\n",[85,1271,1272],{"class":87,"line":336},[85,1273,333],{"emptyLinePlaceholder":332},[85,1275,1276],{"class":87,"line":342},[85,1277,1278],{},"# XSS-фильтр\n",[85,1280,1281],{"class":87,"line":348},[85,1282,1283],{},"add_header X-XSS-Protection \"1; mode=block\" always;\n",[85,1285,1286],{"class":87,"line":354},[85,1287,333],{"emptyLinePlaceholder":332},[85,1289,1290],{"class":87,"line":360},[85,1291,1292],{},"# Referrer\n",[85,1294,1295],{"class":87,"line":366},[85,1296,1297],{},"add_header Referrer-Policy \"strict-origin-when-cross-origin\" always;\n",[85,1299,1300],{"class":87,"line":371},[85,1301,333],{"emptyLinePlaceholder":332},[85,1303,1304],{"class":87,"line":377},[85,1305,1306],{},"# Permissions Policy\n",[85,1308,1309],{"class":87,"line":383},[85,1310,1311],{},"add_header Permissions-Policy \"camera=(), microphone=(), geolocation=()\" always;\n",[85,1313,1314],{"class":87,"line":389},[85,1315,333],{"emptyLinePlaceholder":332},[85,1317,1318],{"class":87,"line":395},[85,1319,1320],{},"# HSTS (включать только когда SSL точно работает!)\n",[85,1322,1323],{"class":87,"line":401},[85,1324,1325],{},"add_header Strict-Transport-Security \"max-age=31536000; includeSubDomains; preload\" always;\n",[85,1327,1328],{"class":87,"line":407},[85,1329,333],{"emptyLinePlaceholder":332},[85,1331,1332],{"class":87,"line":413},[85,1333,1334],{},"# Content Security Policy (настройте под свой сайт)\n",[85,1336,1337],{"class":87,"line":419},[85,1338,1339],{},"# add_header Content-Security-Policy \"default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline';\" always;\n",[71,1341,1343],{"id":1342},"что-делает-каждый-заголовок","Что делает каждый заголовок",[603,1345,1346,1356],{},[606,1347,1348],{},[609,1349,1350,1353],{},[612,1351,1352],{},"Заголовок",[612,1354,1355],{},"Защита от",[619,1357,1358,1368,1378,1388,1398,1408],{},[609,1359,1360,1365],{},[624,1361,1362],{},[41,1363,1364],{},"X-Frame-Options",[624,1366,1367],{},"Встраивание сайта через iframe (кликджекинг)",[609,1369,1370,1375],{},[624,1371,1372],{},[41,1373,1374],{},"X-Content-Type-Options",[624,1376,1377],{},"Подмена MIME-типа браузером",[609,1379,1380,1385],{},[624,1381,1382],{},[41,1383,1384],{},"X-XSS-Protection",[624,1386,1387],{},"Отражённые XSS-атаки",[609,1389,1390,1395],{},[624,1391,1392],{},[41,1393,1394],{},"Referrer-Policy",[624,1396,1397],{},"Утечка URL при переходах на другие сайты",[609,1399,1400,1405],{},[624,1401,1402],{},[41,1403,1404],{},"Permissions-Policy",[624,1406,1407],{},"Доступ к камере, микрофону, геолокации",[609,1409,1410,1415],{},[624,1411,1412],{},[41,1413,1414],{},"HSTS",[624,1416,1417],{},"Даунгрейд с HTTPS на HTTP",[64,1419],{},[19,1421,1423],{"id":1422},"итоговый-конфиг-сайта-с-ssl","Итоговый конфиг сайта с SSL",[76,1425,1426],{"className":78,"code":703,"language":80,"meta":81,"style":81},[41,1427,1428],{"__ignoreMap":81},[85,1429,1430,1432,1434],{"class":87,"line":88},[85,1431,43],{"class":91},[85,1433,295],{"class":94},[85,1435,714],{"class":94},[76,1437,1439],{"className":301,"code":1438,"language":181,"meta":81,"style":81},"# Редирект HTTP → HTTPS\nserver {\n    listen 80;\n    listen [::]:80;\n    server_name example.com www.example.com;\n    return 301 https://$server_name$request_uri;\n}\n\n# Редирект www → без www\nserver {\n    listen 443 ssl;\n    listen [::]:443 ssl;\n    http2 on;\n\n    server_name www.example.com;\n\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;\n\n    return 301 https://example.com$request_uri;\n}\n\n# Основной сайт\nserver {\n    listen 443 ssl;\n    listen [::]:443 ssl;\n    http2 on;\n\n    server_name example.com;\n\n    # SSL\n    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;\n    include snippets/ssl-params.conf;\n\n    # Заголовки безопасности\n    include snippets/security-headers.conf;\n\n    # Корень сайта\n    root /var/www/example.com/html;\n    index index.html;\n\n    # Логи\n    access_log /var/log/nginx/example.com.access.log;\n    error_log /var/log/nginx/example.com.error.log;\n\n    # Основная маршрутизация\n    location / {\n        try_files $uri $uri/ =404;\n    }\n\n    # Кэш статики\n    location ~* \\.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|webp|avif)$ {\n        expires 30d;\n        add_header Cache-Control \"public, immutable\";\n        access_log off;\n    }\n\n    # Запрет доступа к скрытым файлам\n    location ~ /\\. {\n        deny all;\n        access_log off;\n        log_not_found off;\n    }\n\n    # Страницы ошибок\n    error_page 404 /404.html;\n    error_page 500 502 503 504 /50x.html;\n}\n",[41,1440,1441,1446,1450,1454,1458,1462,1467,1471,1475,1480,1484,1489,1494,1499,1503,1508,1512,1517,1522,1526,1531,1535,1539,1544,1548,1552,1556,1560,1564,1569,1573,1578,1582,1586,1591,1595,1600,1605,1609,1614,1618,1622,1626,1630,1634,1638,1642,1647,1651,1655,1659,1664,1670,1676,1682,1688,1693,1698,1703,1709,1714,1719,1724,1729,1734,1739,1745,1751,1757],{"__ignoreMap":81},[85,1442,1443],{"class":87,"line":88},[85,1444,1445],{},"# Редирект HTTP → HTTPS\n",[85,1447,1448],{"class":87,"line":116},[85,1449,727],{},[85,1451,1452],{"class":87,"line":317},[85,1453,732],{},[85,1455,1456],{"class":87,"line":323},[85,1457,737],{},[85,1459,1460],{"class":87,"line":329},[85,1461,742],{},[85,1463,1464],{"class":87,"line":336},[85,1465,1466],{},"    return 301 https://$server_name$request_uri;\n",[85,1468,1469],{"class":87,"line":342},[85,1470,363],{},[85,1472,1473],{"class":87,"line":348},[85,1474,333],{"emptyLinePlaceholder":332},[85,1476,1477],{"class":87,"line":354},[85,1478,1479],{},"# Редирект www → без www\n",[85,1481,1482],{"class":87,"line":360},[85,1483,727],{},[85,1485,1486],{"class":87,"line":366},[85,1487,1488],{},"    listen 443 ssl;\n",[85,1490,1491],{"class":87,"line":371},[85,1492,1493],{},"    listen [::]:443 ssl;\n",[85,1495,1496],{"class":87,"line":377},[85,1497,1498],{},"    http2 on;\n",[85,1500,1501],{"class":87,"line":383},[85,1502,333],{"emptyLinePlaceholder":332},[85,1504,1505],{"class":87,"line":389},[85,1506,1507],{},"    server_name www.example.com;\n",[85,1509,1510],{"class":87,"line":395},[85,1511,333],{"emptyLinePlaceholder":332},[85,1513,1514],{"class":87,"line":401},[85,1515,1516],{},"    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;\n",[85,1518,1519],{"class":87,"line":407},[85,1520,1521],{},"    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;\n",[85,1523,1524],{"class":87,"line":413},[85,1525,333],{"emptyLinePlaceholder":332},[85,1527,1528],{"class":87,"line":419},[85,1529,1530],{},"    return 301 https://example.com$request_uri;\n",[85,1532,1533],{"class":87,"line":425},[85,1534,363],{},[85,1536,1537],{"class":87,"line":430},[85,1538,333],{"emptyLinePlaceholder":332},[85,1540,1541],{"class":87,"line":436},[85,1542,1543],{},"# Основной сайт\n",[85,1545,1546],{"class":87,"line":442},[85,1547,727],{},[85,1549,1550],{"class":87,"line":448},[85,1551,1488],{},[85,1553,1554],{"class":87,"line":453},[85,1555,1493],{},[85,1557,1558],{"class":87,"line":459},[85,1559,1498],{},[85,1561,1562],{"class":87,"line":465},[85,1563,333],{"emptyLinePlaceholder":332},[85,1565,1566],{"class":87,"line":471},[85,1567,1568],{},"    server_name example.com;\n",[85,1570,1571],{"class":87,"line":476},[85,1572,333],{"emptyLinePlaceholder":332},[85,1574,1575],{"class":87,"line":482},[85,1576,1577],{},"    # SSL\n",[85,1579,1580],{"class":87,"line":488},[85,1581,1516],{},[85,1583,1584],{"class":87,"line":494},[85,1585,1521],{},[85,1587,1588],{"class":87,"line":500},[85,1589,1590],{},"    include snippets/ssl-params.conf;\n",[85,1592,1593],{"class":87,"line":506},[85,1594,333],{"emptyLinePlaceholder":332},[85,1596,1597],{"class":87,"line":512},[85,1598,1599],{},"    # Заголовки безопасности\n",[85,1601,1602],{"class":87,"line":518},[85,1603,1604],{},"    include snippets/security-headers.conf;\n",[85,1606,1607],{"class":87,"line":524},[85,1608,333],{"emptyLinePlaceholder":332},[85,1610,1611],{"class":87,"line":530},[85,1612,1613],{},"    # Корень сайта\n",[85,1615,1616],{"class":87,"line":536},[85,1617,751],{},[85,1619,1620],{"class":87,"line":542},[85,1621,756],{},[85,1623,1624],{"class":87,"line":548},[85,1625,333],{"emptyLinePlaceholder":332},[85,1627,1628],{"class":87,"line":554},[85,1629,456],{},[85,1631,1632],{"class":87,"line":560},[85,1633,769],{},[85,1635,1636],{"class":87,"line":566},[85,1637,774],{},[85,1639,1640],{"class":87,"line":572},[85,1641,333],{"emptyLinePlaceholder":332},[85,1643,1644],{"class":87,"line":577},[85,1645,1646],{},"    # Основная маршрутизация\n",[85,1648,1649],{"class":87,"line":583},[85,1650,783],{},[85,1652,1653],{"class":87,"line":589},[85,1654,788],{},[85,1656,1657],{"class":87,"line":595},[85,1658,793],{},[85,1660,1662],{"class":87,"line":1661},51,[85,1663,333],{"emptyLinePlaceholder":332},[85,1665,1667],{"class":87,"line":1666},52,[85,1668,1669],{},"    # Кэш статики\n",[85,1671,1673],{"class":87,"line":1672},53,[85,1674,1675],{},"    location ~* \\.(css|js|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot|webp|avif)$ {\n",[85,1677,1679],{"class":87,"line":1678},54,[85,1680,1681],{},"        expires 30d;\n",[85,1683,1685],{"class":87,"line":1684},55,[85,1686,1687],{},"        add_header Cache-Control \"public, immutable\";\n",[85,1689,1691],{"class":87,"line":1690},56,[85,1692,817],{},[85,1694,1696],{"class":87,"line":1695},57,[85,1697,793],{},[85,1699,1701],{"class":87,"line":1700},58,[85,1702,333],{"emptyLinePlaceholder":332},[85,1704,1706],{"class":87,"line":1705},59,[85,1707,1708],{},"    # Запрет доступа к скрытым файлам\n",[85,1710,1712],{"class":87,"line":1711},60,[85,1713,807],{},[85,1715,1717],{"class":87,"line":1716},61,[85,1718,812],{},[85,1720,1722],{"class":87,"line":1721},62,[85,1723,817],{},[85,1725,1727],{"class":87,"line":1726},63,[85,1728,822],{},[85,1730,1732],{"class":87,"line":1731},64,[85,1733,793],{},[85,1735,1737],{"class":87,"line":1736},65,[85,1738,333],{"emptyLinePlaceholder":332},[85,1740,1742],{"class":87,"line":1741},66,[85,1743,1744],{},"    # Страницы ошибок\n",[85,1746,1748],{"class":87,"line":1747},67,[85,1749,1750],{},"    error_page 404 /404.html;\n",[85,1752,1754],{"class":87,"line":1753},68,[85,1755,1756],{},"    error_page 500 502 503 504 /50x.html;\n",[85,1758,1760],{"class":87,"line":1759},69,[85,1761,363],{},[15,1763,1764],{},"Проверка и применение:",[76,1766,1768],{"className":78,"code":1767,"language":80,"meta":81,"style":81},"sudo nginx -t && sudo systemctl reload nginx\n",[41,1769,1770],{"__ignoreMap":81},[85,1771,1772,1774,1776,1779,1781,1783,1785,1787],{"class":87,"line":88},[85,1773,43],{"class":91},[85,1775,930],{"class":94},[85,1777,1778],{"class":112}," -t",[85,1780,102],{"class":101},[85,1782,43],{"class":91},[85,1784,191],{"class":94},[85,1786,942],{"class":94},[85,1788,129],{"class":94},[64,1790],{},[19,1792,1794],{"id":1793},"reverse-proxy-проксирование-приложений","Reverse Proxy (проксирование приложений)",[15,1796,1797],{},"Если на сервере работает Node.js, Python или другое приложение, Nginx может проксировать трафик к нему.",[71,1799,1801],{"id":1800},"пример-проксирование-на-nodejs-порт-3000","Пример: проксирование на Node.js (порт 3000)",[76,1803,1805],{"className":301,"code":1804,"language":181,"meta":81,"style":81},"server {\n    listen 443 ssl;\n    listen [::]:443 ssl;\n    http2 on;\n\n    server_name app.example.com;\n\n    ssl_certificate /etc/letsencrypt/live/app.example.com/fullchain.pem;\n    ssl_certificate_key /etc/letsencrypt/live/app.example.com/privkey.pem;\n    include snippets/ssl-params.conf;\n    include snippets/security-headers.conf;\n\n    location / {\n        proxy_pass http://127.0.0.1:3000;\n        proxy_http_version 1.1;\n\n        # WebSocket поддержка\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection \"upgrade\";\n\n        # Передача реального IP\n        proxy_set_header Host $host;\n        proxy_set_header X-Real-IP $remote_addr;\n        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n        proxy_set_header X-Forwarded-Proto $scheme;\n\n        # Таймауты\n        proxy_connect_timeout 60s;\n        proxy_send_timeout 60s;\n        proxy_read_timeout 60s;\n    }\n}\n",[41,1806,1807,1811,1815,1819,1823,1827,1832,1836,1841,1846,1850,1854,1858,1862,1867,1872,1876,1881,1886,1891,1895,1900,1905,1910,1915,1920,1924,1929,1934,1939,1944,1948],{"__ignoreMap":81},[85,1808,1809],{"class":87,"line":88},[85,1810,727],{},[85,1812,1813],{"class":87,"line":116},[85,1814,1488],{},[85,1816,1817],{"class":87,"line":317},[85,1818,1493],{},[85,1820,1821],{"class":87,"line":323},[85,1822,1498],{},[85,1824,1825],{"class":87,"line":329},[85,1826,333],{"emptyLinePlaceholder":332},[85,1828,1829],{"class":87,"line":336},[85,1830,1831],{},"    server_name app.example.com;\n",[85,1833,1834],{"class":87,"line":342},[85,1835,333],{"emptyLinePlaceholder":332},[85,1837,1838],{"class":87,"line":348},[85,1839,1840],{},"    ssl_certificate /etc/letsencrypt/live/app.example.com/fullchain.pem;\n",[85,1842,1843],{"class":87,"line":354},[85,1844,1845],{},"    ssl_certificate_key /etc/letsencrypt/live/app.example.com/privkey.pem;\n",[85,1847,1848],{"class":87,"line":360},[85,1849,1590],{},[85,1851,1852],{"class":87,"line":366},[85,1853,1604],{},[85,1855,1856],{"class":87,"line":371},[85,1857,333],{"emptyLinePlaceholder":332},[85,1859,1860],{"class":87,"line":377},[85,1861,783],{},[85,1863,1864],{"class":87,"line":383},[85,1865,1866],{},"        proxy_pass http://127.0.0.1:3000;\n",[85,1868,1869],{"class":87,"line":389},[85,1870,1871],{},"        proxy_http_version 1.1;\n",[85,1873,1874],{"class":87,"line":395},[85,1875,333],{"emptyLinePlaceholder":332},[85,1877,1878],{"class":87,"line":401},[85,1879,1880],{},"        # WebSocket поддержка\n",[85,1882,1883],{"class":87,"line":407},[85,1884,1885],{},"        proxy_set_header Upgrade $http_upgrade;\n",[85,1887,1888],{"class":87,"line":413},[85,1889,1890],{},"        proxy_set_header Connection \"upgrade\";\n",[85,1892,1893],{"class":87,"line":419},[85,1894,333],{"emptyLinePlaceholder":332},[85,1896,1897],{"class":87,"line":425},[85,1898,1899],{},"        # Передача реального IP\n",[85,1901,1902],{"class":87,"line":430},[85,1903,1904],{},"        proxy_set_header Host $host;\n",[85,1906,1907],{"class":87,"line":436},[85,1908,1909],{},"        proxy_set_header X-Real-IP $remote_addr;\n",[85,1911,1912],{"class":87,"line":442},[85,1913,1914],{},"        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n",[85,1916,1917],{"class":87,"line":448},[85,1918,1919],{},"        proxy_set_header X-Forwarded-Proto $scheme;\n",[85,1921,1922],{"class":87,"line":453},[85,1923,333],{"emptyLinePlaceholder":332},[85,1925,1926],{"class":87,"line":459},[85,1927,1928],{},"        # Таймауты\n",[85,1930,1931],{"class":87,"line":465},[85,1932,1933],{},"        proxy_connect_timeout 60s;\n",[85,1935,1936],{"class":87,"line":471},[85,1937,1938],{},"        proxy_send_timeout 60s;\n",[85,1940,1941],{"class":87,"line":476},[85,1942,1943],{},"        proxy_read_timeout 60s;\n",[85,1945,1946],{"class":87,"line":482},[85,1947,793],{},[85,1949,1950],{"class":87,"line":488},[85,1951,363],{},[64,1953],{},[19,1955,1957],{"id":1956},"rate-limiting-защита-от-ddosбрутфорса","Rate Limiting (защита от DDoS/брутфорса)",[15,1959,1960,1961,1964,1965,283],{},"Добавьте в ",[41,1962,1963],{},"http {}"," блок ",[41,1966,282],{},[76,1968,1970],{"className":301,"code":1969,"language":181,"meta":81,"style":81},"http {\n    # Лимит запросов: 10 запросов в секунду с одного IP\n    limit_req_zone $binary_remote_addr zone=general:10m rate=10r/s;\n\n    # Лимит для логин-страниц: 5 в минуту\n    limit_req_zone $binary_remote_addr zone=login:10m rate=5r/m;\n\n    # Лимит соединений\n    limit_conn_zone $binary_remote_addr zone=addr:10m;\n\n    # ...остальной конфиг\n}\n",[41,1971,1972,1976,1981,1986,1990,1995,2000,2004,2009,2014,2018,2023],{"__ignoreMap":81},[85,1973,1974],{"class":87,"line":88},[85,1975,374],{},[85,1977,1978],{"class":87,"line":116},[85,1979,1980],{},"    # Лимит запросов: 10 запросов в секунду с одного IP\n",[85,1982,1983],{"class":87,"line":317},[85,1984,1985],{},"    limit_req_zone $binary_remote_addr zone=general:10m rate=10r/s;\n",[85,1987,1988],{"class":87,"line":323},[85,1989,333],{"emptyLinePlaceholder":332},[85,1991,1992],{"class":87,"line":329},[85,1993,1994],{},"    # Лимит для логин-страниц: 5 в минуту\n",[85,1996,1997],{"class":87,"line":336},[85,1998,1999],{},"    limit_req_zone $binary_remote_addr zone=login:10m rate=5r/m;\n",[85,2001,2002],{"class":87,"line":342},[85,2003,333],{"emptyLinePlaceholder":332},[85,2005,2006],{"class":87,"line":348},[85,2007,2008],{},"    # Лимит соединений\n",[85,2010,2011],{"class":87,"line":354},[85,2012,2013],{},"    limit_conn_zone $binary_remote_addr zone=addr:10m;\n",[85,2015,2016],{"class":87,"line":360},[85,2017,333],{"emptyLinePlaceholder":332},[85,2019,2020],{"class":87,"line":366},[85,2021,2022],{},"    # ...остальной конфиг\n",[85,2024,2025],{"class":87,"line":371},[85,2026,363],{},[15,2028,2029],{},"Применение в конфиге сайта:",[76,2031,2033],{"className":301,"code":2032,"language":181,"meta":81,"style":81},"server {\n    # Общий лимит\n    limit_req zone=general burst=20 nodelay;\n    limit_conn addr 100;\n\n    # Строгий лимит для авторизации\n    location /login {\n        limit_req zone=login burst=3 nodelay;\n        proxy_pass http://127.0.0.1:3000;\n    }\n}\n",[41,2034,2035,2039,2044,2049,2054,2058,2063,2068,2073,2077,2081],{"__ignoreMap":81},[85,2036,2037],{"class":87,"line":88},[85,2038,727],{},[85,2040,2041],{"class":87,"line":116},[85,2042,2043],{},"    # Общий лимит\n",[85,2045,2046],{"class":87,"line":317},[85,2047,2048],{},"    limit_req zone=general burst=20 nodelay;\n",[85,2050,2051],{"class":87,"line":323},[85,2052,2053],{},"    limit_conn addr 100;\n",[85,2055,2056],{"class":87,"line":329},[85,2057,333],{"emptyLinePlaceholder":332},[85,2059,2060],{"class":87,"line":336},[85,2061,2062],{},"    # Строгий лимит для авторизации\n",[85,2064,2065],{"class":87,"line":342},[85,2066,2067],{},"    location /login {\n",[85,2069,2070],{"class":87,"line":348},[85,2071,2072],{},"        limit_req zone=login burst=3 nodelay;\n",[85,2074,2075],{"class":87,"line":354},[85,2076,1866],{},[85,2078,2079],{"class":87,"line":360},[85,2080,793],{},[85,2082,2083],{"class":87,"line":366},[85,2084,363],{},[603,2086,2087,2096],{},[606,2088,2089],{},[609,2090,2091,2093],{},[612,2092,614],{},[612,2094,2095],{},"Значение",[619,2097,2098,2108,2118,2128],{},[609,2099,2100,2105],{},[624,2101,2102],{},[41,2103,2104],{},"rate=10r/s",[624,2106,2107],{},"10 запросов в секунду",[609,2109,2110,2115],{},[624,2111,2112],{},[41,2113,2114],{},"burst=20",[624,2116,2117],{},"Буфер на 20 «лишних» запросов",[609,2119,2120,2125],{},[624,2121,2122],{},[41,2123,2124],{},"nodelay",[624,2126,2127],{},"Не задерживать, а сразу обрабатывать burst",[609,2129,2130,2135],{},[624,2131,2132],{},[41,2133,2134],{},"zone=general:10m",[624,2136,2137],{},"10 МБ памяти (~160 000 IP-адресов)",[64,2139],{},[19,2141,2143],{"id":2142},"блокировка-ботов-и-сканеров","Блокировка ботов и сканеров",[15,2145,2146],{},"Добавьте в конфиг сайта:",[76,2148,2150],{"className":301,"code":2149,"language":181,"meta":81,"style":81},"# Блокировка типичных сканеров\nlocation ~* (\\.php|\\.asp|\\.aspx|\\.jsp|\\.cgi|\\.env|\\.git) {\n    deny all;\n    access_log off;\n    log_not_found off;\n    return 444;\n}\n\n# Блокировка по User-Agent\nif ($http_user_agent ~* (SemrushBot|AhrefsBot|MJ12bot|DotBot|BLEXBot)) {\n    return 444;\n}\n",[41,2151,2152,2157,2162,2167,2172,2177,2182,2186,2190,2195,2200,2204],{"__ignoreMap":81},[85,2153,2154],{"class":87,"line":88},[85,2155,2156],{},"# Блокировка типичных сканеров\n",[85,2158,2159],{"class":87,"line":116},[85,2160,2161],{},"location ~* (\\.php|\\.asp|\\.aspx|\\.jsp|\\.cgi|\\.env|\\.git) {\n",[85,2163,2164],{"class":87,"line":317},[85,2165,2166],{},"    deny all;\n",[85,2168,2169],{"class":87,"line":323},[85,2170,2171],{},"    access_log off;\n",[85,2173,2174],{"class":87,"line":329},[85,2175,2176],{},"    log_not_found off;\n",[85,2178,2179],{"class":87,"line":336},[85,2180,2181],{},"    return 444;\n",[85,2183,2184],{"class":87,"line":342},[85,2185,363],{},[85,2187,2188],{"class":87,"line":348},[85,2189,333],{"emptyLinePlaceholder":332},[85,2191,2192],{"class":87,"line":354},[85,2193,2194],{},"# Блокировка по User-Agent\n",[85,2196,2197],{"class":87,"line":360},[85,2198,2199],{},"if ($http_user_agent ~* (SemrushBot|AhrefsBot|MJ12bot|DotBot|BLEXBot)) {\n",[85,2201,2202],{"class":87,"line":366},[85,2203,2181],{},[85,2205,2206],{"class":87,"line":371},[85,2207,363],{},[15,2209,2210,2211,2214],{},"Код ",[41,2212,2213],{},"444"," — специальный код Nginx, который мгновенно закрывает соединение без отправки ответа.",[64,2216],{},[19,2218,2220],{"id":2219},"мониторинг-и-логи","Мониторинг и логи",[71,2222,2224],{"id":2223},"полезные-команды","Полезные команды",[76,2226,2228],{"className":78,"code":2227,"language":80,"meta":81,"style":81},"# Статус Nginx\nsudo systemctl status nginx\n\n# Последние ошибки\nsudo tail -f /var/log/nginx/error.log\n\n# Последние запросы\nsudo tail -f /var/log/nginx/example.com.access.log\n\n# Количество активных соединений\nsudo ss -tlnp | grep nginx\n\n# Тест конфигурации\nsudo nginx -t\n\n# Перезагрузка без даунтайма\nsudo systemctl reload nginx\n",[41,2229,2230,2236,2246,2250,2255,2268,2272,2277,2288,2292,2297,2314,2318,2323,2331,2335,2340],{"__ignoreMap":81},[85,2231,2232],{"class":87,"line":88},[85,2233,2235],{"class":2234},"sAwPA","# Статус Nginx\n",[85,2237,2238,2240,2242,2244],{"class":87,"line":116},[85,2239,43],{"class":91},[85,2241,191],{"class":94},[85,2243,194],{"class":94},[85,2245,129],{"class":94},[85,2247,2248],{"class":87,"line":317},[85,2249,333],{"emptyLinePlaceholder":332},[85,2251,2252],{"class":87,"line":323},[85,2253,2254],{"class":2234},"# Последние ошибки\n",[85,2256,2257,2259,2262,2265],{"class":87,"line":329},[85,2258,43],{"class":91},[85,2260,2261],{"class":94}," tail",[85,2263,2264],{"class":112}," -f",[85,2266,2267],{"class":94}," /var/log/nginx/error.log\n",[85,2269,2270],{"class":87,"line":336},[85,2271,333],{"emptyLinePlaceholder":332},[85,2273,2274],{"class":87,"line":342},[85,2275,2276],{"class":2234},"# Последние запросы\n",[85,2278,2279,2281,2283,2285],{"class":87,"line":348},[85,2280,43],{"class":91},[85,2282,2261],{"class":94},[85,2284,2264],{"class":112},[85,2286,2287],{"class":94}," /var/log/nginx/example.com.access.log\n",[85,2289,2290],{"class":87,"line":354},[85,2291,333],{"emptyLinePlaceholder":332},[85,2293,2294],{"class":87,"line":360},[85,2295,2296],{"class":2234},"# Количество активных соединений\n",[85,2298,2299,2301,2304,2307,2309,2312],{"class":87,"line":366},[85,2300,43],{"class":91},[85,2302,2303],{"class":94}," ss",[85,2305,2306],{"class":112}," -tlnp",[85,2308,905],{"class":904},[85,2310,2311],{"class":91}," grep",[85,2313,129],{"class":94},[85,2315,2316],{"class":87,"line":371},[85,2317,333],{"emptyLinePlaceholder":332},[85,2319,2320],{"class":87,"line":377},[85,2321,2322],{"class":2234},"# Тест конфигурации\n",[85,2324,2325,2327,2329],{"class":87,"line":383},[85,2326,43],{"class":91},[85,2328,930],{"class":94},[85,2330,933],{"class":112},[85,2332,2333],{"class":87,"line":389},[85,2334,333],{"emptyLinePlaceholder":332},[85,2336,2337],{"class":87,"line":395},[85,2338,2339],{"class":2234},"# Перезагрузка без даунтайма\n",[85,2341,2342,2344,2346,2348],{"class":87,"line":401},[85,2343,43],{"class":91},[85,2345,191],{"class":94},[85,2347,942],{"class":94},[85,2349,129],{"class":94},[71,2351,2353],{"id":2352},"ротация-логов","Ротация логов",[15,2355,2356,2357,2360],{},"Ubuntu и Debian автоматически ротируют логи через ",[41,2358,2359],{},"logrotate",". Проверьте конфиг:",[76,2362,2364],{"className":78,"code":2363,"language":80,"meta":81,"style":81},"cat /etc/logrotate.d/nginx\n",[41,2365,2366],{"__ignoreMap":81},[85,2367,2368,2371],{"class":87,"line":88},[85,2369,2370],{"class":91},"cat",[85,2372,2373],{"class":94}," /etc/logrotate.d/nginx\n",[64,2375],{},[19,2377,2379],{"id":2378},"файрвол-ufw","Файрвол (UFW)",[76,2381,2383],{"className":78,"code":2382,"language":80,"meta":81,"style":81},"# Разрешить HTTP и HTTPS\nsudo ufw allow 'Nginx Full'\n\n# Или по отдельности\nsudo ufw allow 80/tcp\nsudo ufw allow 443/tcp\n\n# Включить файрвол\nsudo ufw enable\nsudo ufw status\n",[41,2384,2385,2390,2403,2407,2412,2423,2434,2438,2443,2452],{"__ignoreMap":81},[85,2386,2387],{"class":87,"line":88},[85,2388,2389],{"class":2234},"# Разрешить HTTP и HTTPS\n",[85,2391,2392,2394,2397,2400],{"class":87,"line":116},[85,2393,43],{"class":91},[85,2395,2396],{"class":94}," ufw",[85,2398,2399],{"class":94}," allow",[85,2401,2402],{"class":94}," 'Nginx Full'\n",[85,2404,2405],{"class":87,"line":317},[85,2406,333],{"emptyLinePlaceholder":332},[85,2408,2409],{"class":87,"line":323},[85,2410,2411],{"class":2234},"# Или по отдельности\n",[85,2413,2414,2416,2418,2420],{"class":87,"line":329},[85,2415,43],{"class":91},[85,2417,2396],{"class":94},[85,2419,2399],{"class":94},[85,2421,2422],{"class":94}," 80/tcp\n",[85,2424,2425,2427,2429,2431],{"class":87,"line":336},[85,2426,43],{"class":91},[85,2428,2396],{"class":94},[85,2430,2399],{"class":94},[85,2432,2433],{"class":94}," 443/tcp\n",[85,2435,2436],{"class":87,"line":342},[85,2437,333],{"emptyLinePlaceholder":332},[85,2439,2440],{"class":87,"line":348},[85,2441,2442],{"class":2234},"# Включить файрвол\n",[85,2444,2445,2447,2449],{"class":87,"line":354},[85,2446,43],{"class":91},[85,2448,2396],{"class":94},[85,2450,2451],{"class":94}," enable\n",[85,2453,2454,2456,2458],{"class":87,"line":360},[85,2455,43],{"class":91},[85,2457,2396],{"class":94},[85,2459,2460],{"class":94}," status\n",[64,2462],{},[19,2464,2466],{"id":2465},"проверка-безопасности","Проверка безопасности",[15,2468,2469],{},"После настройки проверьте свой сайт:",[603,2471,2472,2485],{},[606,2473,2474],{},[609,2475,2476,2479,2482],{},[612,2477,2478],{},"Сервис",[612,2480,2481],{},"Что проверяет",[612,2483,2484],{},"Ссылка",[619,2486,2487,2506,2522],{},[609,2488,2489,2494,2497],{},[624,2490,2491],{},[30,2492,2493],{},"SSL Labs",[624,2495,2496],{},"Качество SSL-конфигурации",[624,2498,2499],{},[2500,2501,2505],"a",{"href":2502,"rel":2503},"https://www.ssllabs.com/ssltest/",[2504],"nofollow","ssllabs.com/ssltest",[609,2507,2508,2513,2515],{},[624,2509,2510],{},[30,2511,2512],{},"Security Headers",[624,2514,1223],{},[624,2516,2517],{},[2500,2518,2521],{"href":2519,"rel":2520},"https://securityheaders.com/",[2504],"securityheaders.com",[609,2523,2524,2529,2532],{},[624,2525,2526],{},[30,2527,2528],{},"Mozilla Observatory",[624,2530,2531],{},"Комплексная проверка",[624,2533,2534],{},[2500,2535,2538],{"href":2536,"rel":2537},"https://observatory.mozilla.org/",[2504],"observatory.mozilla.org",[15,2540,2541,2542,2545,2546,2549],{},"При правильной настройке по этому руководству вы должны получить ",[30,2543,2544],{},"A+"," на SSL Labs и ",[30,2547,2548],{},"A"," на Security Headers.",[64,2551],{},[19,2553,2555],{"id":2554},"частые-ошибки","Частые ошибки",[71,2557,2559,2560,2563],{"id":2558},"nginx-emerg-bind-to-000080-failed","«nginx: ",[85,2561,2562],{},"emerg"," bind() to 0.0.0.0:80 failed»",[15,2565,2566],{},"Порт 80 уже занят. Найдите процесс:",[76,2568,2570],{"className":78,"code":2569,"language":80,"meta":81,"style":81},"sudo ss -tlnp | grep :80\n",[41,2571,2572],{"__ignoreMap":81},[85,2573,2574,2576,2578,2580,2582,2584],{"class":87,"line":88},[85,2575,43],{"class":91},[85,2577,2303],{"class":94},[85,2579,2306],{"class":112},[85,2581,905],{"class":904},[85,2583,2311],{"class":91},[85,2585,2586],{"class":94}," :80\n",[71,2588,2590],{"id":2589},"_502-bad-gateway","«502 Bad Gateway»",[15,2592,2593],{},"Приложение за reverse proxy не отвечает. Проверьте:",[76,2595,2597],{"className":78,"code":2596,"language":80,"meta":81,"style":81},"# Работает ли приложение?\ncurl http://127.0.0.1:3000\n\n# Логи Nginx\nsudo tail -20 /var/log/nginx/error.log\n",[41,2598,2599,2604,2612,2616,2621],{"__ignoreMap":81},[85,2600,2601],{"class":87,"line":88},[85,2602,2603],{"class":2234},"# Работает ли приложение?\n",[85,2605,2606,2609],{"class":87,"line":116},[85,2607,2608],{"class":91},"curl",[85,2610,2611],{"class":94}," http://127.0.0.1:3000\n",[85,2613,2614],{"class":87,"line":317},[85,2615,333],{"emptyLinePlaceholder":332},[85,2617,2618],{"class":87,"line":323},[85,2619,2620],{"class":2234},"# Логи Nginx\n",[85,2622,2623,2625,2627,2630],{"class":87,"line":329},[85,2624,43],{"class":91},[85,2626,2261],{"class":94},[85,2628,2629],{"class":112}," -20",[85,2631,2267],{"class":94},[71,2633,2635],{"id":2634},"_413-request-entity-too-large","«413 Request Entity Too Large»",[15,2637,2638,2639,2642],{},"Увеличьте ",[41,2640,2641],{},"client_max_body_size"," в конфиге:",[76,2644,2646],{"className":301,"code":2645,"language":181,"meta":81,"style":81},"client_max_body_size 128m;\n",[41,2647,2648],{"__ignoreMap":81},[85,2649,2650],{"class":87,"line":88},[85,2651,2645],{},[71,2653,2655],{"id":2654},"изменения-не-применяются","Изменения не применяются",[76,2657,2659],{"className":78,"code":2658,"language":80,"meta":81,"style":81},"# Проверить конфиг\nsudo nginx -t\n\n# Именно reload, не restart\nsudo systemctl reload nginx\n",[41,2660,2661,2666,2674,2678,2683],{"__ignoreMap":81},[85,2662,2663],{"class":87,"line":88},[85,2664,2665],{"class":2234},"# Проверить конфиг\n",[85,2667,2668,2670,2672],{"class":87,"line":116},[85,2669,43],{"class":91},[85,2671,930],{"class":94},[85,2673,933],{"class":112},[85,2675,2676],{"class":87,"line":317},[85,2677,333],{"emptyLinePlaceholder":332},[85,2679,2680],{"class":87,"line":323},[85,2681,2682],{"class":2234},"# Именно reload, не restart\n",[85,2684,2685,2687,2689,2691],{"class":87,"line":329},[85,2686,43],{"class":91},[85,2688,191],{"class":94},[85,2690,942],{"class":94},[85,2692,129],{"class":94},[2694,2695,2696],"style",{},"html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html pre.shiki code .svObZ, html code.shiki .svObZ{--shiki-default:#B392F0}html pre.shiki code .sU2Wk, html code.shiki .sU2Wk{--shiki-default:#9ECBFF}html pre.shiki code .s95oV, html code.shiki .s95oV{--shiki-default:#E1E4E8}html pre.shiki code .sDLfK, html code.shiki .sDLfK{--shiki-default:#79B8FF}html pre.shiki code .snl16, html code.shiki .snl16{--shiki-default:#F97583}html pre.shiki code .sAwPA, html code.shiki .sAwPA{--shiki-default:#6A737D}",{"title":81,"searchDepth":116,"depth":116,"links":2698},[2699,2700,2706,2707,2710,2717,2722,2723,2726,2727,2730,2731,2732,2736,2737,2738],{"id":21,"depth":116,"text":22},{"id":68,"depth":116,"text":69,"children":2701},[2702,2703,2704,2705],{"id":73,"depth":317,"text":74},{"id":132,"depth":317,"text":133},{"id":170,"depth":317,"text":171},{"id":206,"depth":317,"text":207},{"id":239,"depth":116,"text":240},{"id":275,"depth":116,"text":276,"children":2708},[2709],{"id":600,"depth":317,"text":601},{"id":676,"depth":116,"text":677,"children":2711},[2712,2713,2714,2715,2716],{"id":680,"depth":317,"text":681},{"id":699,"depth":317,"text":700},{"id":833,"depth":317,"text":834},{"id":858,"depth":317,"text":859},{"id":917,"depth":317,"text":918},{"id":956,"depth":116,"text":957,"children":2718},[2719,2720,2721],{"id":960,"depth":317,"text":961},{"id":1013,"depth":317,"text":1014},{"id":1057,"depth":317,"text":1058},{"id":1102,"depth":116,"text":1103},{"id":1222,"depth":116,"text":1223,"children":2724},[2725],{"id":1342,"depth":317,"text":1343},{"id":1422,"depth":116,"text":1423},{"id":1793,"depth":116,"text":1794,"children":2728},[2729],{"id":1800,"depth":317,"text":1801},{"id":1956,"depth":116,"text":1957},{"id":2142,"depth":116,"text":2143},{"id":2219,"depth":116,"text":2220,"children":2733},[2734,2735],{"id":2223,"depth":317,"text":2224},{"id":2352,"depth":317,"text":2353},{"id":2378,"depth":116,"text":2379},{"id":2465,"depth":116,"text":2466},{"id":2554,"depth":116,"text":2555,"children":2739},[2740,2742,2743,2744],{"id":2558,"depth":317,"text":2741},"«nginx: emerg bind() to 0.0.0.0:80 failed»",{"id":2589,"depth":317,"text":2590},{"id":2634,"depth":317,"text":2635},{"id":2654,"depth":317,"text":2655},"Установка, настройка и защита веб-сервера Nginx на Ubuntu 22.04/24.04 и Debian 12. SSL, HTTP/2, заголовки безопасности, оптимизация производительности.","md",{"category":2748,"icon":2749,"date":2750,"image":2751},"Сервера","terminal","2026-02-14","/wiki/nginx-og.png","/wiki/nginx-setup",{"title":5,"description":2745},"wiki/nginx-setup","AI9cpca2AqzKurbvOb20Yoy195IsMknfwlsCqMmxM-A",1773002542804]