Sign in Subscribe

Nginx: Installation, Configuration, and SSL Setup on Ubuntu

Krzysztof Duszyński

6 min read

Overview

Nginx (pronounced "engine-x") is a high-performance web server and reverse proxy known for its efficiency in handling a large number of concurrent connections. It's widely used for serving static content, load balancing, and acting as a reverse proxy for HTTP and other protocols. Nginx's event-driven architecture allows it to outperform traditional servers like Apache in high-traffic scenarios with minimal resource consumption. Incorporating Nginx into your stack is highly recommended if you're looking to optimize your web server's speed, scalability, and reliability.

Basic Concepts of Nginx

At its core, Nginx is designed around an asynchronous, non-blocking, event-driven connection handling algorithm. This means it can manage thousands of connections within a single processing thread, making it highly scalable. Key concepts include:

  • Worker Processes: Nginx uses a master process and several worker processes. The master process manages the worker processes, while the workers handle the actual processing of requests.
  • Modules: Nginx's functionality can be extended through modules, which can be included at compile-time. These modules handle tasks like rewriting URLs, SSL/TLS encryption, and gzip compression.
  • Server Blocks: Similar to virtual hosts in Apache, server blocks allow you to host multiple websites on a single server by defining configurations for each site.

Installation and Configuration on Ubuntu

Assuming you're using Ubuntu (20.04 or later), here's how to install and perform basic configuration of Nginx.

Step 1: Update Package Index

sudo apt update

Explanation: Updates the local package index to ensure you have the latest information on available packages.

Effect: Prepares your system for new installations by fetching the latest package lists.

Step 2: Install Nginx

sudo apt install nginx

Explanation: Installs Nginx from the Ubuntu repositories.

Effect: Downloads and installs Nginx along with any necessary dependencies.

Step 3: Start and Enable Nginx Service

sudo systemctl start nginx
sudo systemctl enable nginx

Explanation:

  • start nginx: Immediately starts the Nginx service.
  • enable nginx: Configures Nginx to start on boot.

Effect: Nginx is now running and will automatically start when the server reboots.

Nginx Folder Structure

Understanding the directory layout is crucial for effective configuration.

  • /etc/nginx/: Main configuration directory.
    • nginx.conf: The primary configuration file.
    • sites-available/: Stores configuration files for available sites.
    • sites-enabled/: Holds symlinks to the active site configurations in sites-available/.
    • conf.d/: Contains additional configuration files.
    • snippets/: Holds reusable configuration snippets.
  • /var/www/: Default directory for website files.
  • /var/log/nginx/: Stores access and error logs.

The most important directories for users are sites-available/ and sites-enabled/. You define your site configurations in sites-available/ and enable them by creating symlinks in sites-enabled/.

Setting Up a Domain to Redirect to a Page on Your Server

Here's a detailed mini-tutorial on setting up a domain to point to a page hosted on your Nginx server.

Prerequisites

  • A registered domain name (e.g., example.com).
  • Your server's public IP address.
  • Basic knowledge of Unix command-line operations.

Step 1: Point Your Domain to Your Server

First, you need to configure your domain's DNS settings so that your domain name (example.com) resolves to your server's public IP address.

Action: Update your domain's DNS A record to point to your server's public IP address. This is typically done through your domain registrar or DNS provider's management panel.

Effect: After DNS propagation (which can take up to 48 hours but usually happens faster), when someone visits example.com, it will direct them to your server.

Step 2: Create a Directory for Your Site

On your server, create a directory to hold your website files.

sudo mkdir -p /var/www/example.com/html

Explanation:

  • sudo: Runs the command with superuser privileges.
  • mkdir: Creates a new directory.
  • -p: Creates parent directories as needed.
  • /var/www/example.com/html: The path where your website files will reside.

Effect: You now have a directory structure to store your website's files.

Step 3: Set Permissions

Set the appropriate ownership and permissions for the website directory.

sudo chown -R $USER:$USER /var/www/example.com/html
sudo chmod -R 755 /var/www/example.com

Explanation:

  • chown -R $USER:$USER: Changes the ownership to your user account recursively.
  • chmod -R 755: Sets the permissions so that the owner can read, write, and execute; others can read and execute.

Effect: Ensures you have write access to the directory, and the web server can read the files.

Step 4: Create a Test Web Page

Create a simple HTML file to verify that Nginx is serving content correctly.

nano /var/www/example.com/html/index.html

Explanation: Opens the Nano text editor to create or edit index.html.

Add the following content:

<!DOCTYPE html>
<html>
<head>
    <title>Welcome to example.com!</title>
</head>
<body>
    <h1>Success! Nginx is serving your domain.</h1>
</body>
</html>

Save and exit: Press Ctrl+X, then Y, and Enter.

Effect: You have a test page that can be used to verify your Nginx setup.

Step 5: Create a Server Block Configuration

Server blocks allow you to host multiple websites on a single server.

Navigate to the Nginx configuration directory:

cd /etc/nginx/sites-available/

Create a new server block file:

sudo nano example.com

Add the following configuration:

server {
    listen 80;
    listen [::]:80;

    server_name example.com www.example.com;

    root /var/www/example.com/html;
    index index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }
}

Explanation:

  • listen 80;: Listens on port 80 (HTTP).
  • server_name example.com www.example.com;: Specifies the domain names.
  • root /var/www/example.com/html;: Sets the root directory.
  • index index.html index.htm;: Defines default index files.
  • location /: Configures how requests are processed.

Save and exit: Press Ctrl+X, then Y, and Enter.

Effect: You've created a server block configuration for your domain.

Step 6: Enable the New Server Block

Link the configuration file to the sites-enabled directory to activate it.

sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/

Explanation:

  • ln -s: Creates a symbolic link.
  • The link tells Nginx to include this configuration when it's running.

Effect: The server block is now enabled.

Step 7: Test Nginx Configuration

Before reloading Nginx, ensure the configuration syntax is correct.

sudo nginx -t

Explanation: Tests the Nginx configuration files for syntax errors.

Effect: Confirms whether your Nginx configuration is valid.

Step 8: Restart Nginx

Apply the new configuration by restarting Nginx.

sudo systemctl restart nginx

Explanation: Restarts the Nginx service to load the new configuration.

Effect: Nginx reloads its configuration files.

Step 9: Adjust Firewall Settings (If Applicable)

If you're using UFW (Uncomplicated Firewall), allow HTTP traffic.

sudo ufw allow 'Nginx Full'

Explanation: Allows both HTTP (port 80) and HTTPS (port 443) traffic through the firewall.

Effect: The firewall now permits incoming web traffic to Nginx.

Step 10: Verify Your Setup

Visit your domain to confirm everything is working.

Action: Open a web browser and navigate to http://example.com.

Expected Result: You should see the test page displaying "Success! Nginx is serving your domain."

Generating SSL Certificates Using Let's Encrypt and Certbot

Securing your website with HTTPS is essential for protecting user data and improving SEO rankings. Let's Encrypt provides free SSL/TLS certificates, and Certbot is an automated tool that simplifies the process of obtaining and renewing these certificates.

Step 1: Install Certbot

Certbot is the recommended client to automate the issuance of certificates from Let's Encrypt.

sudo apt install certbot python3-certbot-nginx

Explanation:

  • certbot: The main Certbot package.
  • python3-certbot-nginx: A plugin to integrate Certbot with Nginx.

Effect: Installs Certbot and the Nginx plugin necessary for automating certificate installation.

Step 2: Allow HTTPS Through the Firewall

If you have a firewall configured, you'll need to allow HTTPS traffic.

sudo ufw allow 'Nginx Full'
sudo ufw delete allow 'Nginx HTTP'

Explanation:

  • allow 'Nginx Full': Allows both HTTP and HTTPS traffic.
  • delete allow 'Nginx HTTP': Removes the rule that allows only HTTP traffic.

Effect: Your firewall now permits HTTPS traffic.

Step 3: Obtain an SSL Certificate

Run Certbot to obtain and install the certificate.

sudo certbot --nginx -d example.com -d www.example.com

Explanation:

  • --nginx: Uses the Nginx plugin for authentication and installation.
  • -d example.com -d www.example.com: Specifies the domain names.

Effect: Initiates the process to obtain a certificate for your domains.

During the process, you'll be prompted to:

  1. Enter your email address: Used for urgent renewal and security notices.
  2. Agree to the Terms of Service: Required to use Let's Encrypt services.
  3. Choose whether or not to share your email: Opt-in for EFF updates.
  4. Select redirection: Decide if you want HTTP requests to be redirected to HTTPS.

Step 4: Verify HTTPS is Working

After Certbot completes, verify that your site is accessible via HTTPS.

Action: Open a web browser and navigate to https://example.com.

Expected Result: You should see the secure version of your website, indicated by a padlock icon in the browser's address bar.

Step 5: Automatic Certificate Renewal

Let's Encrypt certificates are valid for 90 days. Certbot sets up automatic renewal, but it's good to test it.

Test the renewal process:

sudo certbot renew --dry-run

Explanation:

  • renew: Attempts to renew all certificates.
  • --dry-run: Simulates the renewal process without making actual changes.

Effect: Confirms that the automatic renewal will work when needed.

Conclusion

Nginx offers a robust and efficient way to serve web content, manage traffic, and enhance the performance of your applications. By securing your website with SSL/TLS certificates from Let's Encrypt, you not only protect user data but also boost your site's credibility and SEO ranking. The combination of Nginx and Certbot provides a powerful yet straightforward solution for setting up a secure web server. Whether you're hosting a simple static site or a complex application, Nginx provides the flexibility and power needed to meet your requirements.