Installing and Configuring Nginx as an External Web Server: Difference between revisions
No edit summary |
|||
| Line 60: | Line 60: | ||
'''Note''': If you are getting a 403 Forbidden response, nginx cannot access the files. Usually this means the user (www-data) is lacking ''execute'' permission on the server, mods, deathmatch, resource-cache, http-client-files folders. | '''Note''': If you are getting a 403 Forbidden response, nginx cannot access the files. Usually this means the user (www-data) is lacking ''execute'' permission on the server, mods, deathmatch, resource-cache, http-client-files folders. | ||
==If using Pterodactyl Panel: Fixing 403 Forbidden Errors== | |||
'''Note''': If you are getting a ''403 Forbidden'' error and your MTA:SA server is hosted on Pterodactyl Panel, it is almost certainly caused by Pterodactyl's secure-by-default file permissions. This prevents the ''nginx'' user (''www-data'' on Debian/Ubuntu) from accessing the server files located in ''/var/lib/pterodactyl/''. | |||
Here is a complete solution to grant the necessary permissions safely. | |||
'''Step 1: Add Nginx User to Pterodactyl Group'''<br/> | |||
First, add the ''www-data'' user to the ''pterodactyl'' group. This allows Nginx to inherit the group's read permissions on the server files. | |||
<syntaxhighlight lang="bash"> | |||
sudo usermod -aG pterodactyl www-data | |||
</syntaxhighlight> | |||
'''Step 2: Check Parent Directory Permissions'''<br/> | |||
The 403 error often persists if Nginx lacks permission to ''enter'' the parent directories of your server files. You can check the permissions for the entire path with a single command. | |||
* Run the ''namei'' command, replacing ''<your-server-UUID>'' with the actual UUID of your server instance found in ''/var/lib/pterodactyl/volumes/''. | |||
<syntaxhighlight lang="bash"> | |||
namei -om /var/lib/pterodactyl/volumes/<your-server-UUID>/mods/deathmatch/resource-cache/http-client-files | |||
</syntaxhighlight> | |||
* Look for '''drwx------''' in the output. This permission scheme is the source of the problem. | |||
<syntaxhighlight lang="text"> | |||
f: /var/lib/pterodactyl/volumes/<your-server-UUID>/... | |||
drwxr-xr-x root root / | |||
drwxr-xr-x root root var | |||
drwxr-xr-x root root lib | |||
drwx------ root root pterodactyl <-- PROBLEM HERE | |||
drwx------ root root volumes <-- PROBLEM HERE | |||
drwxr-xr-x pterodactyl pterodactyl <your-server-UUID> | |||
... | |||
</syntaxhighlight> | |||
'''Step 3: Fix Parent Directory Permissions'''<br/> | |||
To fix this, grant ''execute'' permission to ''others'' on the two directories identified above. This allows the Nginx user to pass through them without granting read access, maintaining security. | |||
<syntaxhighlight lang="bash"> | |||
sudo chmod o+x /var/lib/pterodactyl | |||
sudo chmod o+x /var/lib/pterodactyl/volumes | |||
</syntaxhighlight> | |||
'''Step 4: Restart Nginx'''<br/> | |||
Finally, restart Nginx to apply all the changes. It is also recommended to reboot the server to ensure the group membership changes for ''www-data'' are fully applied. | |||
<syntaxhighlight lang="bash"> | |||
sudo systemctl restart nginx | |||
</syntaxhighlight> | |||
=====Test #2===== | =====Test #2===== | ||
Revision as of 08:54, 11 June 2025
Internal vs External
The MTA:SA server comes with a built-in 'internal' HTTP server which clients use to automatically download resource files. It is only a basic HTTP server which does not support compression or multiple client connections. By adding an external HTTP server such as nginx or lighttpd, resource download speed can be increased and bandwidth usage (and player waiting time) decreased. Note that the external HTTP server can be on the same machine as the MTA server.
nginx vs Apache
We recommend nginx or lighttpd as they are better suited to handle the hundreds of file requests that MTA:SA clients will generate. Apache can be used, but will require settings tweaking and the mtaserver.conf setting <httpmaxconnectionsperclient> may have to be reduced to prevent timeouts.
The following guide is for installing and configuring nginx solely for MTA:SA. It assumes:
- You are not already using nginx for other web sites on your server.
- MTA:SA server is installed on the same server.
- You are using Debian 7 (but should work on other distributions in a similar way.)
Installing nginx:
Update system:
apt-get update apt-get upgrade
Install nginx:
apt-get install nginx
Ensure nginx is not running:
/etc/init.d/nginx stop
Configuring nginx:
Edit: /etc/nginx/sites-enabled/mta-server1
In the directory /etc/nginx/sites-enabled/ create a file called mta-server1 with the following content:
server {
listen 20080;
root /PATH_TO_MTA_SERVER/mods/deathmatch/resource-cache/http-client-files;
server_name localhost;
access_log off;
autoindex off;
}
**Important**: Change PATH_TO_MTA_SERVER to the actual absolute path of your MTA:SA server install directory
Edit: /etc/nginx/nginx.conf
At the top of the file, add this line to increase the max number of files that can be opened:
worker_rlimit_nofile 5000;
Find the 'worker_connections' line and change it to this:
worker_connections 5000;
Find the 'gzip' settings and make sure gzip is on:
gzip on;
and 'gzip_types' is set for any file type:
gzip_types *;
Testing nginx:
Start nginx:
/etc/init.d/nginx start
Test #1
Open your internet browser, and try this address: http://YOUR_SERVER_IP:20080/admin/conf/interiors.xml
If you see the file contents or are prompted to download a file - SUCCESS!
Note: If you are getting a 403 Forbidden response, nginx cannot access the files. Usually this means the user (www-data) is lacking execute permission on the server, mods, deathmatch, resource-cache, http-client-files folders.
If using Pterodactyl Panel: Fixing 403 Forbidden Errors
Note: If you are getting a 403 Forbidden error and your MTA:SA server is hosted on Pterodactyl Panel, it is almost certainly caused by Pterodactyl's secure-by-default file permissions. This prevents the nginx user (www-data on Debian/Ubuntu) from accessing the server files located in /var/lib/pterodactyl/.
Here is a complete solution to grant the necessary permissions safely.
Step 1: Add Nginx User to Pterodactyl Group
First, add the www-data user to the pterodactyl group. This allows Nginx to inherit the group's read permissions on the server files.
sudo usermod -aG pterodactyl www-data
Step 2: Check Parent Directory Permissions
The 403 error often persists if Nginx lacks permission to enter the parent directories of your server files. You can check the permissions for the entire path with a single command.
- Run the namei command, replacing <your-server-UUID> with the actual UUID of your server instance found in /var/lib/pterodactyl/volumes/.
namei -om /var/lib/pterodactyl/volumes/<your-server-UUID>/mods/deathmatch/resource-cache/http-client-files
- Look for drwx------ in the output. This permission scheme is the source of the problem.
f: /var/lib/pterodactyl/volumes/<your-server-UUID>/... drwxr-xr-x root root / drwxr-xr-x root root var drwxr-xr-x root root lib drwx------ root root pterodactyl <-- PROBLEM HERE drwx------ root root volumes <-- PROBLEM HERE drwxr-xr-x pterodactyl pterodactyl <your-server-UUID> ...
Step 3: Fix Parent Directory Permissions
To fix this, grant execute permission to others on the two directories identified above. This allows the Nginx user to pass through them without granting read access, maintaining security.
sudo chmod o+x /var/lib/pterodactyl sudo chmod o+x /var/lib/pterodactyl/volumes
Step 4: Restart Nginx
Finally, restart Nginx to apply all the changes. It is also recommended to reboot the server to ensure the group membership changes for www-data are fully applied.
sudo systemctl restart nginx
Test #2
To test the compression is working, go here: http://www.whatsmyip.org/http-compression-test/ and enter http://YOUR_SERVER_IP:20080/admin/conf/interiors.xml in the white box and press 'Test'.
If green tick - SUCCESS!
Configure MTA:SA server:
Edit mtaserver.conf
Set httpdownloadurl to be like this:
<httpdownloadurl>http://YOUR_SERVER_IP:20080</httpdownloadurl>
And start MTA:SA server.