Difference in sites-available vs sites-enabled vs conf.d directories (Nginx)?
I have some experience using linux but none using nginx. I have been tasked with researching load-balancing options for an application server.
I have used apt-get to install nginx and all seems fine.
I have a couple of questions.
What is the difference between the sites-available folder and the conf.d folder. Both of those folders were INCLUDED in the default configuration setup for nginx. Tutorials use both. What are they for and what is the best practice?
What is the sites-enabled folder used for? How do I use it?
The default configuration references a www-data user? Do I have to create that user? How do I give that user optimal permissions for running nginx?
The sites-* folders are managed by nginx_ensite and nginx_dissite. For Apache httpd users who find this with a search, the equivalents is a2ensite/a2dissite.
The sites-available folder is for storing all of your vhost configurations, whether or not they're currently enabled.
The sites-enabled folder contains symlinks to files in the sites-available folder. This allows you to selectively disable vhosts by removing the symlink.
conf.d does the job, but you have to move something out of the folder, delete it, or make changes to it when you need to disable something. The sites-* folder abstraction makes things a little more organized and allows you to manage them with separate support scripts.
(unless you're like me, and one of many debian admins who just managed the symlinks directly, not knowing about the scripts...)
I would like to add to the previous answers that the most important is not how you call the directories (though that is a very useful convention), but what you actually put in nginx.conf. Example configuration:
http {
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*.conf;
include /etc/nginx/sites-enabled/my_own_conf;
...
}
The only directive used here is include, so there is no internal difference between e.g. conf.d/ and sites-enabled/.
From the documentation above:
Syntax: include file | mask;
Default: —
Context: any
Includes another file, or files matching the specified mask,
into configuration. Included files should consist of
syntactically correct directives and blocks.
So, to answer the original question: there is no internal difference, and you may use them in the best way you can, remembering advice from the other answers. And please, don't forget to choose the 'right' answer.
What's Going On?
You must be using Debian or Ubuntu, since the evil sites-available / sites-enabled logic is not used by the upstream packaging of nginx from http://nginx.org/packages/.
In either case, both are implemented as a configuration convention with the help of the standard include directive in /etc/nginx/nginx.conf.
Here's a snippet of /etc/nginx/nginx.conf from an official upstream package of nginx from nginx.org:
http {
…
include /etc/nginx/conf.d/*.conf;
}
Here's a snippet of /etc/nginx/nginx.conf from Debian/Ubuntu:
http {
…
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
So, from the point of view of NGINX, the only difference would be that files from conf.d get to be processed sooner, and, as such, if you have configurations that silently conflict with each other, then those from conf.d may take precedence over those in sites-enabled.
Best Practice Is conf.d.
You should be using /etc/nginx/conf.d, as that's a standard convention, and should work anywhere.
If you need to disable a site, simply rename the filename to no longer have a .conf suffix, very easy, straightforward and error-proof:
sudo mv -i /etc/nginx/conf.d/default.conf{,.disabled}
Or the opposite to enable a site:
sudo mv -i /etc/nginx/conf.d/example.com.conf{.disabled,}
Avoid sites-available & sites-enabled At All Costs.
I see absolutely no reason to be using sites-available / sites-enabled:
-
Some folks have mentioned
nginx_ensiteandnginx_dissitescripts — the names of these scripts are even worse than the rest of this debacle — but these scripts are also nowhere to be found — they're absent from thenginxpackage even in Debian (and probably in Ubuntu, too), and not present in a package of their own, either, plus, do you really need a whole non-standard third-party script to simply move and/or link the files between the two directories?! -
And if you're not using the scripts (which is, in fact, a smart choice as per above), then there comes the issue of how do you manage the sites:
-
Do you create symbolic links from
sites-availabletosites-enabled? -
Copy the files?
-
Move the files?
-
Edit the files in place in
sites-enabled?
The above may seem like some minor issues to tackle, until several folks start managing the system, or until you make a quick decision, only to forget about it months or years down the line…
Which brings us to:
-
Is it safe to remove a file from
sites-enabled? Is it soft link? A hard link? Or the only copy of the configuration? A prime example of configuration hell. -
Which sites have been disabled? (With
conf.d, just do an inversion search for files not ending with.conf—find /etc/nginx/conf.d -not -name "*.conf", or usegrep -v.)
Not only all of the above, but also note the specific include directive used by Debian/Ubuntu — /etc/nginx/sites-enabled/* — no filename suffix is specified for sites-enabled, unlike for conf.d.
- What this means is that if one day you decide to quickly edit a file or two within
/etc/nginx/sites-enabled, and youremacscreates a backup file likedefault~, then, suddenly, you have bothdefaultanddefault~included as active configuration, which, depending directives used, may not even give you any warnings, and cause a prolonged debugging session to take place. (Yes, it did happen to me; it was during a hackathon, and I was totally puzzled of why my conf wasn't working.)
Thus, I'm convinced that sites-enabled is pure evil!