Introduction
Nginx is a powerful, high-performance web server that can also function as a reverse proxy, load balancer, and HTTP cache. In this guide, we'll walk through a step-by-step process of installing Nginx, configuring your domain, and setting up SSL to secure your web application.
Prerequisites
Before we begin, ensure you have:
- A Linux server (Ubuntu/Debian recommended)
- Root or sudo access
- Basic terminal knowledge
- A registered domain name
Step 1: Nginx Installation
For Ubuntu/Debian:
# Update package lists
sudo apt update
# Install Nginx
sudo apt install nginx
# Start Nginx service
sudo systemctl start nginx
# Enable Nginx to start on boot
sudo systemctl enable nginx
# Check Nginx status
sudo systemctl status nginx
For CentOS/RHEL:
# Install Nginx
sudo yum install epel-release
sudo yum install nginx
# Start Nginx service
sudo systemctl start nginx
# Enable Nginx to start on boot
sudo systemctl enable nginx
# Check Nginx status
sudo systemctl status nginx
Step 2: Firewall Configuration
Open HTTP and HTTPS ports to allow web traffic:
For UFW (Uncomplicated Firewall):
# Allow HTTP and HTTPS
sudo ufw allow 'Nginx Full'
For FirewallD:
# Open HTTP and HTTPS ports
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
Step 3: Domain Configuration
Create a Server Block
Create a new server block configuration for your domain:
# Create directory for your domain
sudo mkdir -p /var/www/yourdomain.com/html
# Set proper permissions
sudo chown -R $USER:$USER /var/www/yourdomain.com/html
sudo chmod -R 755 /var/www/yourdomain.com
Create Nginx configuration file:
sudo nano /etc/nginx/sites-available/yourdomain.com
Add the following configuration:
server {
listen 80;
listen [::]:80;
server_name yourdomain.com www.yourdomain.com;
root /var/www/yourdomain.com/html;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
}
Create a symlink to enable the site:
# Create symlink
sudo ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled/
# Test Nginx configuration
sudo nginx -t
# Restart Nginx
sudo systemctl restart nginx
Step 4: SSL Setup with Certbot
Install Certbot
# For Ubuntu
sudo apt update
sudo apt install certbot python3-certbot-nginx
# For CentOS
sudo yum install certbot python3-certbot-nginx
Obtain SSL Certificate
# Obtain and install certificate
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
During installation, Certbot will:
- Validate domain ownership
- Generate SSL certificates
- Update Nginx configuration automatically
- Set up automatic certificate renewal
Verify Auto-Renewal
# Test renewal process
sudo certbot renew --dry-run
Step 5: Additional Security Configurations
Update your Nginx configuration for enhanced security:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name yourdomain.com www.yourdomain.com;
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
# Strong SSL settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve secp384r1;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
# Redirect HTTP to HTTPS
if ($scheme != "https") {
return 301 https://$host$request_uri;
}
}
Conclusion
Congratulations! You've successfully installed Nginx, configured your domain, and set up SSL encryption. Your web server is now secure, performant, and ready to host your applications.
Additional Tips
- Regularly update Nginx and your system
- Monitor server logs
- Keep SSL certificates up to date
- Consider implementing additional security measures like fail2ban
Troubleshooting
- Check Nginx logs:
sudo tail -f /var/log/nginx/error.log - Verify configuration:
sudo nginx -t - Restart service:
sudo systemctl restart nginx
Happy hosting!
Top comments (0)