NGINX: Difference between revisions
Created page with "== NGINX == == Preface == NGINX is described as a "web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache". In practice, it's a powerful alternative to Apache, as it's more memory efficient. While configuring NGINX may seem a little foreign if coming from Apache's `.htaccess` override based system, there's a lot to enjoy. == Getting Started == While NGINX can be installed on a variety of systems, we'll focus on Ubuntu. As with m..." |
No edit summary |
||
| Line 1: | Line 1: | ||
== NGINX == | == NGINX == | ||
== Preface == | === Preface === | ||
NGINX is described as a "web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache". | NGINX is described as a "web server that can also be used as a reverse proxy, load balancer, mail proxy, and HTTP cache". In practice, it's a powerful alternative to Apache, as it's more memory efficient. While configuring NGINX may seem a little foreign if coming from Apache's `.htaccess` override-based system, there's a lot to enjoy. | ||
In practice, it's a powerful alternative to Apache, as it's more memory efficient. While configuring NGINX may seem a | |||
little foreign if coming from Apache's `.htaccess` override based system, there's a lot to enjoy. | |||
== Getting Started == | === Getting Started === | ||
While NGINX can be installed on a variety of systems, we'll focus on Ubuntu. As with most installations, it's highly | While NGINX can be installed on a variety of systems, we'll focus on Ubuntu. As with most installations, it's highly recommended to update your system beforehand, using: | ||
recommended to update your system beforehand, using | <pre><code>sudo apt update && sudo apt upgrade</code></pre> | ||
Using `sudo` is equivalent to running a command with root/administrative privileges! While | Using `sudo` is equivalent to running a command with root/administrative privileges! While this tutorial relies heavily on its usage, most normal commands '''should not''' be run with the `sudo` prefix, as that's a surefire way to potentially cause irreversible damage to your system configuration. | ||
this tutorial relies heavily on its usage, most normal commands '''should not''' be run with the `sudo` prefix, as that's | |||
a surefire way to potentially cause irreversible damage to your system configuration. | |||
With our system up-to-date, we can now run | With our system up-to-date, we can now run: | ||
installation of NGINX, which means we should be able to access our VPS from a web browser...as soon as we configure our | <pre><code>sudo apt install nginx</code></pre> | ||
firewall. | This command will install and configure a default installation of NGINX, which means we should be able to access our VPS from a web browser... as soon as we configure our firewall. | ||
Using "UFW" (Universal Fire Wall), we can see using | Using "UFW" (Universal Fire Wall), we can see using: | ||
to choose from ('Nginx Full', 'Nginx HTTP', 'Nginx HTTPS'). For our purposes, we'll enable 'Nginx Full' | <pre><code>sudo ufw app list</code></pre> | ||
that NGINX has added three new profiles for us to choose from ('Nginx Full', 'Nginx HTTP', 'Nginx HTTPS'). For our purposes, we'll enable 'Nginx Full' using: | |||
either `http://[Dedicated IPv4]` or `http://vps#.heliohost.us`, and see the default NGINX landing page. | <pre><code>sudo ufw allow 'Nginx Full'</code></pre> | ||
'''Now''' we should be able to see our VPS from a web browser, using either `http://[Dedicated IPv4]` or `http://vps#.heliohost.us`, and see the default NGINX landing page. | |||
== Configuring NGINX == | === Configuring NGINX === | ||
== Creating a new content directory == | === Creating a new content directory === | ||
While being able to see the default NGINX page is great, it's time to configure NGINX's "server blocks", which will | While being able to see the default NGINX page is great, it's time to configure NGINX's "server blocks", which will allow us to define how NGINX behaves on a "per-domain" basis. Let's start by creating a new directory for our web content, using: | ||
allow us to define how NGINX behaves on a "per-domain" basis. Let's start by creating a new directory for our web | <pre><code>sudo mkdir -p /var/www/[domain name]/html</code></pre> | ||
content, using | (replace "[domain name]" with your own). In this case, `-p` is used to create any missing parent directories, while `sudo` is used as the `/var` directory is system-protected. | ||
is used to create any missing parent directories, while `sudo` is used as the `/var` directory is system-protected. | |||
Now, we can make our life easier by changing the owner and permissions of our new folder, so we won't have to repeatedly | Now, we can make our life easier by changing the owner and permissions of our new folder, so we won't have to repeatedly use `sudo` permissions to access our own content. Using: | ||
use `sudo` permissions to access our own content. Using | <pre><code>sudo chown -R $USER:$USER /var/www/[domain name]/html</code></pre> | ||
can "change owner" to our current user (`-R` applies the command recursively to all the contents, if applicable). We | we can "change owner" to our current user (`-R` applies the command recursively to all the contents, if applicable). We also need to set the directory's permissions, using: | ||
also need to set the directory's permissions, using | <pre><code>sudo chmod -R 755 /var/www/[domain name]</code></pre> | ||
mode", while 755 is the numerical representation of "read and execute access for everyone, write access for the owner"). | (chmod means "change mode", while 755 is the numerical representation of "read and execute access for everyone, write access for the owner"). | ||
Any file we save in this new directory will be served using NGINX. As a simple test, we'll create a simple HTML file as | Any file we save in this new directory will be served using NGINX. As a simple test, we'll create a simple HTML file as follows: | ||
follows: | |||
<syntaxhighlight lang="html"> | |||
<html lang="en"> | <html lang="en"> | ||
<head> | <head> | ||
| Line 55: | Line 49: | ||
</body> | </body> | ||
</html> | </html> | ||
</syntaxhighlight> | |||
== Creating a server block == | === Creating a server block === | ||
For every domain that is associated with your VPS, you'll want to create an NGINX configuration file, known as a "server | For every domain that is associated with your VPS, you'll want to create an NGINX configuration file, known as a "server block", located in `/etc/nginx/sites-available`. For example, we'll create one for our VPS with: | ||
block", located in `/etc/nginx/sites-available`. For example, we'll create one for our VPS | <pre><code>sudo vi /etc/nginx/sites-available/[domain name]</code></pre> | ||
(no file ending like ".txt" or ".json", only your domain name). For a brief Vim tutorial, see [[#Using_Vim|here]]. Enter "insert" mode using "i", and paste the following default code block: | |||
For a brief Vim tutorial, see [here] | |||
block: | |||
<syntaxhighlight lang="nginx"> | |||
server { | server { | ||
listen 80; | |||
listen [::]:80; | |||
root /var/www/[domain name]/html; | |||
index index.html index.htm index.nginx-debian.html; | |||
server_name yourdomain.com; | |||
location / { | |||
try_files $uri $uri/ =404; | |||
} | |||
} | } | ||
</syntaxhighlight> | |||
Once again, __make sure to edit all the references to match your own domain name__. Once you're finished, press "ESC", | Once again, __make sure to edit all the references to match your own domain name__. Once you're finished, press "ESC", followed by `:wq`. If you get an error saying "This file is readonly", make sure you are editing the file with `sudo` permissions. | ||
followed by `:wq`. If you get an error saying "This file is readonly", make sure you are editing the file with `sudo` | |||
permissions. | |||
Now you may have noticed we created this configuration file in `sites-available`, '''not''' `sites-enabled`. Let's rectify | Now you may have noticed we created this configuration file in `sites-available`, '''not''' `sites-enabled`. Let's rectify that, using a symbolic link (which is, in layman's terms, a shortcut for the system to find the original file in another path). Using: | ||
that, using a symbolic link (which is, in layman's terms, a shortcut for the system to find the original file in another | <pre><code>sudo ln -s /etc/nginx/sites-available/[domain name] /etc/nginx/sites-enabled/</code></pre> | ||
path). Using | we can accomplish that task. | ||
task. | |||
An easy way to check if everything's configured correctly | An easy way to check if everything's configured correctly is to use: | ||
configuration. | <pre><code>sudo nginx -t</code></pre> | ||
which will validate your NGINX configuration. | |||
To update our changes, we can use | To update our changes, we can use: | ||
<pre><code>sudo systemctl nginx restart</code></pre> | |||
which will restart NGINX. | |||
Congratulations, you should now see your HTML page served from your VPS to your browser! | Congratulations, you should now see your HTML page served from your VPS to your browser! | ||
== Adding SSL == | === Adding SSL === | ||
No website is complete (or secure) without SSL! As everyone else, we'll use [Let's Encrypt](https://letsencrypt.org/) to | No website is complete (or secure) without SSL! As everyone else, we'll use [Let's Encrypt](https://letsencrypt.org/) to achieve this. | ||
achieve this. | |||
First, we'll need to install Certbot, which is a | First, we'll need to install Certbot, which is a command-line utility for automating the process. Run: | ||
<pre><code>sudo apt install certbot python3-certbot-nginx</code></pre> | |||
Certbot and its dependencies. | ('''not the same as the Apache version'''), which will install Certbot and its dependencies. | ||
Now we can get a certificate. Run | Now we can get a certificate. Run: | ||
complete the process. Make sure you enabled SSL using UFW! | <pre><code>sudo certbot --nginx -d yourdomain.com</code></pre> | ||
and follow the on-screen instructions to complete the process. Make sure you enabled SSL using UFW! | |||
Your website will now be secure with SSL, and your SSL certificate will be automatically renewed every three months. | Your website will now be secure with SSL, and your SSL certificate will be automatically renewed every three months. | ||
== Using Vim == | === Using Vim === | ||
Vim is the default text editor for most Unix based systems. While it's a ubiquitous program, it's infamous for being | Vim is the default text editor for most Unix-based systems. While it's a ubiquitous program, it's infamous for being hard to learn, especially since saving or exiting is not as intuitive as other comparable programs. However, using it may not be as hard as it seems. | ||
hard to learn, especially since saving or exiting is not as intuitive as other comparable programs. However, using it | |||
may not be as hard as it seems. | |||
To edit a file, use | To edit a file, use: | ||
create a file instead. | <pre><code>vi file.txt</code></pre> | ||
which will open the Vim interface. If you supply a nonexistent filename, Vim will create a file instead. | |||
To enter "insert" mode, press "i". This will allow you to edit the current file, instead of running commands inside Vim. | To enter "insert" mode, press "i". This will allow you to edit the current file, instead of running commands inside Vim. To exit "insert" mode, press "ESC". | ||
To exit "insert" mode, press "ESC". | |||
To save a file, make sure you are not in "insert" mode, before entering | To save a file, make sure you are not in "insert" mode, before entering: | ||
want to exit without saving your changes, enter | <pre><code>:wq</code></pre> | ||
(which will '''write''', '''quit'''). If you want to exit without saving your changes, enter: | |||
<pre><code>:q!</code></pre> | |||
which will '''force quit'''. | |||
Revision as of 20:05, 3 October 2024
NGINX
Preface
NGINX is described as a "web server that can also be used as a reverse proxy, load balancer, mail proxy, and HTTP cache". In practice, it's a powerful alternative to Apache, as it's more memory efficient. While configuring NGINX may seem a little foreign if coming from Apache's `.htaccess` override-based system, there's a lot to enjoy.
Getting Started
While NGINX can be installed on a variety of systems, we'll focus on Ubuntu. As with most installations, it's highly recommended to update your system beforehand, using:
<code>sudo apt update && sudo apt upgrade</code>
Using `sudo` is equivalent to running a command with root/administrative privileges! While this tutorial relies heavily on its usage, most normal commands should not be run with the `sudo` prefix, as that's a surefire way to potentially cause irreversible damage to your system configuration.
With our system up-to-date, we can now run:
<code>sudo apt install nginx</code>
This command will install and configure a default installation of NGINX, which means we should be able to access our VPS from a web browser... as soon as we configure our firewall.
Using "UFW" (Universal Fire Wall), we can see using:
<code>sudo ufw app list</code>
that NGINX has added three new profiles for us to choose from ('Nginx Full', 'Nginx HTTP', 'Nginx HTTPS'). For our purposes, we'll enable 'Nginx Full' using:
<code>sudo ufw allow 'Nginx Full'</code>
Now we should be able to see our VPS from a web browser, using either `http://[Dedicated IPv4]` or `http://vps#.heliohost.us`, and see the default NGINX landing page.
Configuring NGINX
Creating a new content directory
While being able to see the default NGINX page is great, it's time to configure NGINX's "server blocks", which will allow us to define how NGINX behaves on a "per-domain" basis. Let's start by creating a new directory for our web content, using:
<code>sudo mkdir -p /var/www/[domain name]/html</code>
(replace "[domain name]" with your own). In this case, `-p` is used to create any missing parent directories, while `sudo` is used as the `/var` directory is system-protected.
Now, we can make our life easier by changing the owner and permissions of our new folder, so we won't have to repeatedly use `sudo` permissions to access our own content. Using:
<code>sudo chown -R $USER:$USER /var/www/[domain name]/html</code>
we can "change owner" to our current user (`-R` applies the command recursively to all the contents, if applicable). We also need to set the directory's permissions, using:
<code>sudo chmod -R 755 /var/www/[domain name]</code>
(chmod means "change mode", while 755 is the numerical representation of "read and execute access for everyone, write access for the owner").
Any file we save in this new directory will be served using NGINX. As a simple test, we'll create a simple HTML file as follows:
<syntaxhighlight lang="html"> <html lang="en"> <head>
<meta charset="UTF-8"> <title>Home</title>
</head> <body>
My NGINX Config is Working!
Pat yourself on the back, for a job well done.
</body> </html> </syntaxhighlight>
Creating a server block
For every domain that is associated with your VPS, you'll want to create an NGINX configuration file, known as a "server block", located in `/etc/nginx/sites-available`. For example, we'll create one for our VPS with:
<code>sudo vi /etc/nginx/sites-available/[domain name]</code>
(no file ending like ".txt" or ".json", only your domain name). For a brief Vim tutorial, see here. Enter "insert" mode using "i", and paste the following default code block:
<syntaxhighlight lang="nginx"> server {
listen 80; listen [::]:80;
root /var/www/[domain name]/html; index index.html index.htm index.nginx-debian.html;
server_name yourdomain.com;
location / {
try_files $uri $uri/ =404;
}
} </syntaxhighlight>
Once again, __make sure to edit all the references to match your own domain name__. Once you're finished, press "ESC", followed by `:wq`. If you get an error saying "This file is readonly", make sure you are editing the file with `sudo` permissions.
Now you may have noticed we created this configuration file in `sites-available`, not `sites-enabled`. Let's rectify that, using a symbolic link (which is, in layman's terms, a shortcut for the system to find the original file in another path). Using:
<code>sudo ln -s /etc/nginx/sites-available/[domain name] /etc/nginx/sites-enabled/</code>
we can accomplish that task.
An easy way to check if everything's configured correctly is to use:
<code>sudo nginx -t</code>
which will validate your NGINX configuration.
To update our changes, we can use:
<code>sudo systemctl nginx restart</code>
which will restart NGINX.
Congratulations, you should now see your HTML page served from your VPS to your browser!
Adding SSL
No website is complete (or secure) without SSL! As everyone else, we'll use [Let's Encrypt](https://letsencrypt.org/) to achieve this.
First, we'll need to install Certbot, which is a command-line utility for automating the process. Run:
<code>sudo apt install certbot python3-certbot-nginx</code>
(not the same as the Apache version), which will install Certbot and its dependencies.
Now we can get a certificate. Run:
<code>sudo certbot --nginx -d yourdomain.com</code>
and follow the on-screen instructions to complete the process. Make sure you enabled SSL using UFW!
Your website will now be secure with SSL, and your SSL certificate will be automatically renewed every three months.
Using Vim
Vim is the default text editor for most Unix-based systems. While it's a ubiquitous program, it's infamous for being hard to learn, especially since saving or exiting is not as intuitive as other comparable programs. However, using it may not be as hard as it seems.
To edit a file, use:
<code>vi file.txt</code>
which will open the Vim interface. If you supply a nonexistent filename, Vim will create a file instead.
To enter "insert" mode, press "i". This will allow you to edit the current file, instead of running commands inside Vim. To exit "insert" mode, press "ESC".
To save a file, make sure you are not in "insert" mode, before entering:
<code>:wq</code>
(which will write, quit). If you want to exit without saving your changes, enter:
<code>:q!</code>
which will force quit.