nginx on ubuntu 18.04
reference
- nginx is one of the most popular web servers in the world and is responsible for hosting some of the largest and high-traffic sites on the internet. it is more resource-friendly than apache in most cases and can be used as a web server or reverse proxy.
- in this guild, we will discuss how to install nginx on my ubuntu 18.04 server.
step1 (install nginx)
- because nginx is available in ubuntu’s default repositories, it is possible to install it from these repositories using the apt packaging system.
- it may be the first interaction with the apt packaging system, so i’d like to update my local package index so that i have access to the most recent package listings. afterwards, i can install nginx
1
2apt update
apt install nginx - after accepting the procedure, apt will install nginx and any required dependencies to my server.
step2 (adjusting the firewall)
- before testing nginx, the firewall software needs to be adjusted to allow access to the service. nginx registers itself as a service with ufw upon installation, making it straightforward to allow nginx access.
- list the application configurations that ufw know how to work with by typing:
1
ufw app list
- you should get a listing of the application profiles.
1
2
3
4
5Available applications:
Nginx Full
Nginx HTTP
Nginx HTTPS
OpenSSH - Nginx Full: this profile opens both port 80(normal, unencrypted web traffic) and port 443(TLS/SSL encrypted traffic)
- Nginx HTTP: this profile opens only the port 80.
- Nginx HTTPS: this profile opens only port 443.
- it is recommended that you enable the most restrictive profile that will still allow the traffic you have configured. however, i have not configured SSL for my server, i will only need to allow traffic on port 80.
1
ufw enable "Nginx HTTP"
checking your web server
- at the end of the installation process, ubuntu starts nginx, the web server should already be up and running. we can check with the systemd init system to make sure the service is running by typing:
1
systemctl status nginx
- output:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2021-04-25 17:46:15 CST; 7min ago
Docs: man:nginx(8)
Process: 1156 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, s
Process: 1039 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=
Main PID: 1170 (nginx)
Tasks: 2 (limit: 2121)
CGroup: /system.slice/nginx.service
├─1170 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
└─1176 nginx: worker process
Apr 25 17:46:15 VM-4-14-ubuntu systemd[1]: Starting A high performance web server and a re
Apr 25 17:46:15 VM-4-14-ubuntu systemd[1]: nginx.service: Failed to parse PID from file /r
Apr 25 17:46:15 VM-4-14-ubuntu systemd[1]: Started A high performance web server and a rev
lines 1-15/15 (END) - as you can see above, the service appears to have started successfully, however, the best way to test this is to actually request a page from nginx.
- you can access the default nginx landing page to confirm that the software is running properly by navigating to your server’s ip address. you can get your ipv4 address on the internet by typing:
1
curl -4 icanhazip.com
- enter it to your browser’s address bar, you will see the default nginx landing page.
step4 (manager the nginx process)
1
2
3
4
5
6systemctl start nginx
systemctl stop nginx
systemctl restart nginx
systemctl reload nginx
systemctl enable nginx
systemctl disable nginxstep5 (setting up server blocks)
- when using the nginx web server, server blocks(similar to virtual hosts in apache)can be used to encapsulate configuration details and host more than one domain form a single server. i will set a domain called nginx.cuimouren.cn to test this.
- nginx on ubuntu has one server block enabled by default that is configured to serve documents out of a directory at /var/www/html. while this works well for one single site, it can become unwieldly if you are hosting multiple sites. instead of modifying /var/www/html, let’s create a directory structure within /var/www for my nginx.cuimouren.cn site, leaving /var/www/html in place as the default directory to be served if a client request does not match any other sites.
- create a directory for nginx.cuimouren.cn, using -p flag to create any necessary parent directories. i will using my github page as a test.
1
2
3
4
5
6mkdir -p /var/www/nginx.cuimouren.cn
cd /var/www/nginx.cuimouren.cn
git clone https://github.com/yishuilingbo/yishuilingbo.github.io.git
cd yishuilingbo.github.io
mv * ../
rm -rf yishuilingbo.github.io - in order for nginx to server this content, it’s necessary to create a server block with the correct directives, instead of modifying the default configuration file directly, let’s make a new one.
1
vi /etc/nginx/sites-available/nginx.cuimouren.cn
- write like these
1
2
3
4
5
6
7
8
9
10
11
12
13
14server {
listen 80;
listen [::]:80;
root /var/www/nginx.cuimouren.cn;
index index.html index.htm index.nginx-debian.html;
server_name nginx.cuimouren.cn www.nginx.cuimouren.cn;
location / {
try_files $uri $uri/ =404;
}
} - enable the file by creating a link form it to the “sites-enabled” directory, which nginx reads from during startup
1
ln -s /etc/nginx/sites-available/nginx.cuimouren.cn /etc/nginx/sites-enabled/
- test to make sure that there are no syntax error in any nginx files.
1
nginx -t
- restart nginx
1
systemctl restart nginx
- look my site on the browser.
1
nginx.cuimouren.cn
step6 securing my domain
- in this section, i will secure my domain using a let’s encrypt tls sertificate, which i will provision using certbot.
to install the lastest version of sertbot, i will need to add its package repository to my server by running the following command:1
2
3
4
5
6add-apt-repository ppa:certbot/certbot
#install its nginx plugin
apt install python-sertbot-nginx
ufw allow https
ufw reload
certbot --nginx -d mydomain - i recommand to use the second option in order to maximize security.
step7 (getting familiar with important nginx files and directories)
- now that you know how to manage the nginx service itself, you should take a few minutes to familiarize yourself with a few important directories and files.
content
- /var/www/html
the actual web content, which by default only consists of the nginx page you saw earlier, is served out of the /var/www/html directory, this can be changed by altering nginx configuration files.
server configuration
/etc/nginx
the nginx configuration direction. all of the nginx configuration files reside here.
** /etc/nginx/nginx.conf**
the main nginx configuration file. this can be modified to make changes to the nginx global configuration.
/etc/nginx/sites-available
the directory where per-site server blocks can be stored. nginx will not use the configuration files found in this directory unless they are linked to the sites-enabled directory. typically, all server block configuration is done in the directory, and then enabled by linking to the other directory.
/etc/nginx/sites-enabled
the directory where enabled per-site server blocks are stored. typically, these are created by linking to configuration files found in the sites-available directory.
/etc/nginx/snippets
this directory contains configuration fragments that can be included elsewhere in the nginx configuration. potentially repeatable configuration segments are good candidates for refactoring into snippets.
server logs
/var/log/nginx/access.log
every request to your web server is recorded in the log file unless nginx is configured to do otherwise.
/var/log/nginx/error/log
any nginx error will be recorded in this log.
