Nginx, as pronounced 'engine-ex', is a powerful Web Server also able to perform as Load Balancer and Reverse Proxy. It is currently used by some heavyweight companies such as Google, Adobe, IBM, Microsoft Salesforce etc.
Nginx was designed to offer very low memory usage in a heavy concurrent environment. Because of this Nginx has an edge over other mainstream web servers when it comes to static content.
In this guide, we are going to see how to install Nginx on Ubuntu 18.04.
Step 1: Securing Server
Since Nginx faces the incoming connections from Internet head-on, it is important to secure the server itself. There are few easy to implement security measure we can take to increase overall security as much as possible. Following are some recommendation which can be configured with little effort. Note that, this is not an exhaustive list and only meant to serve as a guide:
Add Limited Privilege User
Restrict root access for management of the server by adding a limited privilege user.
Create and apply password protection to the privileged user:
$ adduser <user>
$ passwd <user>
Add the user to wheel group for sudo:
$ adduser <user> sudo
Security Hardened SSH Access
Almost all configuration and management of Linux based server is done over SSH. So it is crucial to secure the SSH access from intrusion. There are several ways we can secure SSH:
- Disable root logins and password authentication on SSH by editing
/etc/ssh/sshd_config
and making the following change:
PermitRootLogin no
PasswordAuthentication no
- Configure Key-Pair Authentication.
- Use non-standard port for SSH by changing the port number in
/etc/ssh/sshd_config
. Following example shows SSH configured on port 5422:
Port 5422
Configure UFW Firewall
Ubuntu 18.04 comes with preinstalled firewall UFW. If for any reason it is not installed, it can be installed using the following command:
$ apt install ufw
If the firewall is enabled, we can enable it as follows:
$ sudo ufw enable
The importance of a properly configured firewall cannot be stressed enough. It blocks unwanted traffic into the server while allowing only what is allowed. A deeper knowledge of firewalls can help reduce the attack surface of a server.
Step 2: Update Ubuntu 18.04
Update and/or upgrade Ubuntu before proceeding to install Nginx:
$ apt update
$ apt dist-upgrade
Step 3: Install Nginx
Nginx is already included in the Ubuntu 18.05 repositories. We can install it using the following command:
$ apt install nginx
Start and enable nginx to auto start after a reboot:
$ systemctl enable nginx
$ systemctl start nginx
Step 4: Add A Test Site
We are going to add a simple site to test nginx web server. Each hosted site resides in a directory under /var/www/
. We will create a directory for our test site mydomain.com:
$ mkdir /var/www/mydomain.com
Create a test HTML index file and the following content, which will be presented when accessing the site:
$ nano /var/www/mydomain.com/index.html
<!DOCTYPE html>
<html>
<head>
<title>Nginx test Site</title>
</head>
<body>
<h1>Welcome to Nginx Test Site</h1>
</body>
</html>
Step 5: Configure Test Site
Nginx installs a configuration for the default site during installation. We are going to disable it using the following command:
$ unlink /etc/nginx/sites-enabled/default
Any site hosted on Nginx is configured under /etc/nginx/sites-available
and symlinked to /etc/nginx/sites-enabled to activate them. We are going to create a configuration file with the following content for our test site in /etc/nginx/sites-available/mydomain.com
:
$ nano /etc/nginx/sites-available/mydomain.com
server {
listen 80;
listen [::]:80;
server_name mydomain.com;
root /var/www/mydomain.com;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
The following command will create the symlink to /etc/nginx/sites-enabled/
to enable the test site:
$ ln -s /etc/nginx/sites-available/mydomain.com /etc/nginx/sites-enabled/
Step 6: Test Nginx Configuration
Before loading site configuration we can test to ensure there is no syntax error or misconfiguration:
$ nginx -t
Syntax OK
If there is an error during the test, Nginx will prevent the service from restarting.
Step 7: Reload vs Restart Nginx Service
There are two ways we can activate site configurations:
$ systemctl reload nginx
or
$ systemctl restart nginx
The reload option gracefully restarts Nginx service with minimal disruption when there are active connections from users. The restart option, on the other hand, stops then restarts the Nginx service. On a busy Nginx server, it is best to use reload.
We can check the Nginx service status using the following command:
$ systemctl status nginx