Introduction
Nginx is a powerful, high-performance web server that can also function as a reverse proxy, load balancer, and HTTP cache. In this guide, we'll walk through a step-by-step process of installing Nginx, configuring your domain, and setting up SSL to secure your web application.
Prerequisites
Before we begin, ensure you have:
- A Linux server (Ubuntu/Debian recommended)
- Root or sudo access
- Basic terminal knowledge
- A registered domain name
Step 1: Nginx Installation
For Ubuntu/Debian:
# Update package lists sudo apt update # Install Nginx sudo apt install nginx # Start Nginx service sudo systemctl start nginx # Enable Nginx to start on boot sudo systemctl enable nginx # Check Nginx status sudo systemctl status nginx For CentOS/RHEL:
# Install Nginx sudo yum install epel-release sudo yum install nginx # Start Nginx service sudo systemctl start nginx # Enable Nginx to start on boot sudo systemctl enable nginx # Check Nginx status sudo systemctl status nginx Step 2: Firewall Configuration
Open HTTP and HTTPS ports to allow web traffic:
For UFW (Uncomplicated Firewall):
# Allow HTTP and HTTPS sudo ufw allow 'Nginx Full' For FirewallD:
# Open HTTP and HTTPS ports sudo firewall-cmd --permanent --add-service=http sudo firewall-cmd --permanent --add-service=https sudo firewall-cmd --reload Step 3: Domain Configuration
Create a Server Block
Create a new server block configuration for your domain:
# Create directory for your domain sudo mkdir -p /var/www/yourdomain.com/html # Set proper permissions sudo chown -R $USER:$USER /var/www/yourdomain.com/html sudo chmod -R 755 /var/www/yourdomain.com Create Nginx configuration file:
sudo nano /etc/nginx/sites-available/yourdomain.com Add the following configuration:
server { listen 80; listen [::]:80; server_name yourdomain.com www.yourdomain.com; root /var/www/yourdomain.com/html; index index.html index.htm; location / { try_files $uri $uri/ =404; } } Create a symlink to enable the site:
# Create symlink sudo ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled/ # Test Nginx configuration sudo nginx -t # Restart Nginx sudo systemctl restart nginx Step 4: SSL Setup with Certbot
Install Certbot
# For Ubuntu sudo apt update sudo apt install certbot python3-certbot-nginx # For CentOS sudo yum install certbot python3-certbot-nginx Obtain SSL Certificate
# Obtain and install certificate sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com During installation, Certbot will:
- Validate domain ownership
- Generate SSL certificates
- Update Nginx configuration automatically
- Set up automatic certificate renewal
Verify Auto-Renewal
# Test renewal process sudo certbot renew --dry-run Step 5: Additional Security Configurations
Update your Nginx configuration for enhanced security:
server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name yourdomain.com www.yourdomain.com; ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; # Strong SSL settings ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers EECDH+AESGCM:EDH+AESGCM; ssl_ecdh_curve secp384r1; ssl_session_timeout 10m; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; # Redirect HTTP to HTTPS if ($scheme != "https") { return 301 https://$host$request_uri; } } Conclusion
Congratulations! You've successfully installed Nginx, configured your domain, and set up SSL encryption. Your web server is now secure, performant, and ready to host your applications.
Additional Tips
- Regularly update Nginx and your system
- Monitor server logs
- Keep SSL certificates up to date
- Consider implementing additional security measures like fail2ban
Troubleshooting
- Check Nginx logs:
sudo tail -f /var/log/nginx/error.log - Verify configuration:
sudo nginx -t - Restart service:
sudo systemctl restart nginx
Happy hosting!
Top comments (0)