Оффлайн
- Регистрация
- 1 Мар 2015
- Сообщения
- 1,481
- Баллы
- 155
Introduction
Nginx is a powerful, high-performance web server that can also function as a reverse proxy, load balancer, and HTTP cache. In this guide, we'll walk through a step-by-step process of installing Nginx, configuring your domain, and setting up SSL to secure your web application.
Prerequisites
Before we begin, ensure you have:
For Ubuntu/Debian:
# Update package lists
sudo apt update
# Install Nginx
sudo apt install nginx
# Start Nginx service
sudo systemctl start nginx
# Enable Nginx to start on boot
sudo systemctl enable nginx
# Check Nginx status
sudo systemctl status nginx
For CentOS/RHEL:
# Install Nginx
sudo yum install epel-release
sudo yum install nginx
# Start Nginx service
sudo systemctl start nginx
# Enable Nginx to start on boot
sudo systemctl enable nginx
# Check Nginx status
sudo systemctl status nginx
Step 2: Firewall Configuration
Open HTTP and HTTPS ports to allow web traffic:
For UFW (Uncomplicated Firewall):
# Allow HTTP and HTTPS
sudo ufw allow 'Nginx Full'
For FirewallD:
# Open HTTP and HTTPS ports
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
Step 3: Domain Configuration
Create a Server Block
Create a new server block configuration for your domain:
# Create directory for your domain
sudo mkdir -p /var/www/yourdomain.com/html
# Set proper permissions
sudo chown -R $USER:$USER /var/www/yourdomain.com/html
sudo chmod -R 755 /var/www/yourdomain.com
Create Nginx configuration file:
sudo nano /etc/nginx/sites-available/yourdomain.com
Add the following configuration:
server {
listen 80;
listen [::]:80;
server_name yourdomain.com www.yourdomain.com;
root /var/www/yourdomain.com/html;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
}
Create a symlink to enable the site:
# Create symlink
sudo ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled/
# Test Nginx configuration
sudo nginx -t
# Restart Nginx
sudo systemctl restart nginx
Step 4: SSL Setup with Certbot
Install Certbot
# For Ubuntu
sudo apt update
sudo apt install certbot python3-certbot-nginx
# For CentOS
sudo yum install certbot python3-certbot-nginx
Obtain SSL Certificate
# Obtain and install certificate
sudo certbot --nginx -d yourdomain.com -d
During installation, Certbot will:
# Test renewal process
sudo certbot renew --dry-run
Step 5: Additional Security Configurations
Update your Nginx configuration for enhanced security:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name yourdomain.com www.yourdomain.com;
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
# Strong SSL settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve secp384r1;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
# Redirect HTTP to HTTPS
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
}
Conclusion
Congratulations! You've successfully installed Nginx, configured your domain, and set up SSL encryption. Your web server is now secure, performant, and ready to host your applications.
Additional Tips
Happy hosting!
Nginx is a powerful, high-performance web server that can also function as a reverse proxy, load balancer, and HTTP cache. In this guide, we'll walk through a step-by-step process of installing Nginx, configuring your domain, and setting up SSL to secure your web application.
Prerequisites
Before we begin, ensure you have:
- A Linux server (Ubuntu/Debian recommended)
- Root or sudo access
- Basic terminal knowledge
- A registered domain name
For Ubuntu/Debian:
# Update package lists
sudo apt update
# Install Nginx
sudo apt install nginx
# Start Nginx service
sudo systemctl start nginx
# Enable Nginx to start on boot
sudo systemctl enable nginx
# Check Nginx status
sudo systemctl status nginx
For CentOS/RHEL:
# Install Nginx
sudo yum install epel-release
sudo yum install nginx
# Start Nginx service
sudo systemctl start nginx
# Enable Nginx to start on boot
sudo systemctl enable nginx
# Check Nginx status
sudo systemctl status nginx
Step 2: Firewall Configuration
Open HTTP and HTTPS ports to allow web traffic:
For UFW (Uncomplicated Firewall):
# Allow HTTP and HTTPS
sudo ufw allow 'Nginx Full'
For FirewallD:
# Open HTTP and HTTPS ports
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
Step 3: Domain Configuration
Create a Server Block
Create a new server block configuration for your domain:
# Create directory for your domain
sudo mkdir -p /var/www/yourdomain.com/html
# Set proper permissions
sudo chown -R $USER:$USER /var/www/yourdomain.com/html
sudo chmod -R 755 /var/www/yourdomain.com
Create Nginx configuration file:
sudo nano /etc/nginx/sites-available/yourdomain.com
Add the following configuration:
server {
listen 80;
listen [::]:80;
server_name yourdomain.com www.yourdomain.com;
root /var/www/yourdomain.com/html;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
}
Create a symlink to enable the site:
# Create symlink
sudo ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled/
# Test Nginx configuration
sudo nginx -t
# Restart Nginx
sudo systemctl restart nginx
Step 4: SSL Setup with Certbot
Install Certbot
# For Ubuntu
sudo apt update
sudo apt install certbot python3-certbot-nginx
# For CentOS
sudo yum install certbot python3-certbot-nginx
Obtain SSL Certificate
# Obtain and install certificate
sudo certbot --nginx -d yourdomain.com -d
During installation, Certbot will:
- Validate domain ownership
- Generate SSL certificates
- Update Nginx configuration automatically
- Set up automatic certificate renewal
# Test renewal process
sudo certbot renew --dry-run
Step 5: Additional Security Configurations
Update your Nginx configuration for enhanced security:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name yourdomain.com www.yourdomain.com;
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
# Strong SSL settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve secp384r1;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
# Redirect HTTP to HTTPS
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
}
Conclusion
Congratulations! You've successfully installed Nginx, configured your domain, and set up SSL encryption. Your web server is now secure, performant, and ready to host your applications.
Additional Tips
- Regularly update Nginx and your system
- Monitor server logs
- Keep SSL certificates up to date
- Consider implementing additional security measures like fail2ban
- Check Nginx logs: sudo tail -f /var/log/nginx/error.log
- Verify configuration: sudo nginx -t
- Restart service: sudo systemctl restart nginx
Happy hosting!