Nginx
About
Nginx (pronounced engine-x) is web server which can also be used proxy, load balancer, mail proxy and HTTP cache. It's also a modern alternative to something like Apache, IIS, or Caddy.
Prerequisites
An nginx installation should be pretty accessible regardless of your OS. This guide is specifically written for Ubuntu Server 18.04 LTS, but should work on any other type of Unix operating system. The setup that we're using is commonly referred to as a LEMP stack (Linux, nginx, MySQL, PHP.)
- nginx/1.14.0 (Ubuntu)
- PHP 7.2.10-0ubuntu0.18.04.1 (cli)
- MySQL v14.14 Distribution 5.7.24
If you've just installed a new operating system, you'll want to update your local package index by running sudo apt-get update, and then add the Universe repository by running sudo apt-add-repository universe.
Installing nginx
To start, you're going to want to install nginx using the aptitude package manager. You can do this by running sudo apt-get install nginx. Once you run that, you'll want to go through the configuration prompt that appears.
.
After nginx and its subsequent dependencies have finished installing, you'll want to let it through the firewall by running sudo ufw allow 'Nginx HTTP'. Check what your current IP is by running ifconfig, and then look for whatever interface looks correct. In this instance, the proper interface is eth0.
.
After running the command, the first indented line should say inet and then an IP address afterwards. Verify functionality of nginx by going to your web browser and typing http://{ip}/ where {ip} is what follows after inet.
If the default nginx page displays, continue to the next section.
.
.
.
.
.
Installing MySQL
The process of installing MySQL is fairly similar to installing nginx, although MySQL does require a little bit of configuration before it will function properly. Start off by running sudo apt-get install mysql-server, and then once it finishes run the setup script by typing sudo mysql_secure_installation.
.
The first thing that the installations script will ask you is if you'd like to enable the VALIDATE PASSWORD PLUGIN, but don't. If you don't care about why, then skip to the next paragraph, but if you do, keep reading. Essentially, the plugin throws errors if passwords don't meet specific criteria. This causes issues if you either a.) use weak passwords, or b.) install a package that automatically compiles and creates a default account with basic credentials. It is always good practice to use strong passwords for everything, and database credentials are no exception.
.
Say yes to the rest of the questions and use good judgement if it asks something that requires anything other than a Y/N input.
Installing PHP
Again, installing PHP is very similar to two sections preceding this one. Start off by installing the php-fpm and php-mysql packages by running sudo apt-get install php-fpm php-mysql. After it installs, you'll want to edit php.ini by running sudo vim /etc/php/7.2/fpm/php.ini.
.
Note: If the file isn't found, check the directory path by using the cd command and seeing where something doesn't exist.
.
If you're using Vim, type a ? and search for cgi.fix_pathinfo. You should be taken to a line that's commented out and says ;cgi.fix_pathinfo=0 or something similar. Press the i key to start editing and remove the ; to uncomment it. If the variable is set to 1, change it to 0. Press the escape key and type :wq to save and quit your changes. If you didn't run Vim as a superuser (if you didn't run the command with sudo), it will throw and error and the file won't save.
.
Once the file saves, run sudo systemctl restart php7.2-fpm to restart PHP.
Configuring nginx
The configuration for nginx is a little different compared to anything you might be used to. To start, there are two directories: sites-available and sites-enabled. The former directory actually contains the configuration files, while the latter contains symbolic links to the configuration files and enables them.
.
To start, lets say that we wanted to configure our nginx server to work with the domain example.ms. First, we'd want to verify that the directory /var/www/example.ms exists. Move to the sites-available directory by entering the command cd /etc/nginx/sites-available. Next, you'll want to create a new configuration file with the name of the domain. You can either by running sudo touch example.ms && sudo vim example.ms or simply by running sudo vim example.ms since Vim creates the file if it doesn't exist. Again, press i to edit the file. Once you're in edit mode, you'll want the contents to look something like this:
server {
listen 80;
listen [::]:80;
# this is a comment! you don't have to include this, but if you're not
# going to be using a domain, then you can replace it with an IP
server_name example.ms;
root /var/www/example.ms;
index index.php index.html index.htm;
location = /favicon.io {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_intercept_errors on;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}
Tip: You can periodically save your configuration file by pressing escape, typing :w , and then pressing i again to edit the file.
Tip: If you are adding another domain the listen 80; and listen [::]:80; isn't needed and you can go from server { to server_name example.ms;
.
Once you're completely done editing, save and quit the file by pressing the escape key and typing :wq. Finally, you can check your configuration file for errors by running sudo nginx -t. If there are any errors, refer back to your configuration file and see where you went wrong. In the event that nginx threw an error, review your configuration file and look for any missing {, }, or ;. Every line that doesn't have curly brackets should end in a semicolon, which is probably the issue. If that isn't, then refer to your favorite search engine and start researching.
.
If nothing went wrong, and your configuration file is completely free of errors, run cd ../sites-enabled to move to the sites-enabled directory. Finally, to enable your website, run sudo ln -s /etc/nginx/sites-available/example.ms ./ to create the symbolic link to your configuration file, and then run sudo systemctl restart nginx to restart nginx and make your changes go live.
Verifying Functionality
Of course, you'll want to make sure that everything you just did actually works. Run cd /var/www/example.ms && sudo vim info.php to move to your websites home directory and create the file info.php. Inside of the file, type the following:
<?php
phpinfo();
?>
... and then save and quit the file by pressing escape and typing :wq. Now, go to http://example.ms/info.php. If you didn't configure the nameservers for your domain to point to your new nginx server, then just replace the domain name with the IP of the server (refer to the ifconfig part of the Installing nginx section if you don't know how.)
.
If everything worked properly, you should see a PHP information page with a bunch of library authors and enabled modules. If it doesn't, research!
Subdomains
Adding subdomains is really easy and doesn't require a lot of effort. You'll just need to remember the general process from the Configuring nginx section.
.
To start, navigate to the sites-available directory by running cd /etc/nginx/sites-available. Then, you can either copy a pre-existing configuration by running sudo cp example.ms subdomain.example.ms or creating a new file by running sudo vim subdomain.example.ms. If you copied it, edit the file by running sudo vim subdomain.example.ms.
What needs to be changed
The only important things that need to be changed are the root and server_name variables. Press i to start editing the file in Vim, and then find where the variables are located. Change the root variable to an updated path where the contents for the subdomain can be found. Generally, good practice for this is to create a new folder in the primary domains path with the name of the subdomain. So, if we were trying to create subdomain.example.ms, we'd create a new folder by running the command sudo mkdir /var/www/example.ms/subdomain. Then, we'd modify our root variable to look something like this:
# before root /var/www/example.ms; # after root /var/www/example.ms/subdomain;
The server_name variable is just as simple. Just add the subdomain prefix to the beginning of your domain:
# before server_name example.ms; # after server_name subdomain.example.ms;
Once you've made the proper changes, save and quit the file by pressing escape and typing :wq. Then, run cd ../sites-enabled && sudo ln -s /etc/nginx/sites-available/subdomain.example.ms ./ and restart nginx by running sudo systemctl restart nginx.
Adding other domains (that aren't subdomains)
The process is exactly the same as adding a subdomain, except instead of adding a prefix the value of server_name you'll just completely change the domain. Again, don't forget to create the symbolic link to the configuration file and especially don't forget to restart nginx after saving the config/creating the symbolic link. When you're creating the folder to contain the contents for the server, create a new folder that has the name of the domain. So, for instance, if I was creating example2.ms, I'd run sudo mkdir /var/www/example2.ms. Now that the domain is ready go to WordPressif you are planning on using WordPress as your editor.
Adding HTTPS to a domain with LetsEncrypt (certbot)
If you're adding a new domain to Nginx and want to enable https on a new domain, run sudo certbot --nginx -d domain.com where domain.com is the domain that you want to add. Once you've done this, check the domain and look for a lock icon in the url bar of your browser. In the event that you don't already have certbot installed, run the following commands:
sudo apt-get install certbotsudo apt-get install python-certbot-nginx
Note: It could possibly take up to 24-72 hours for it to be enabled, although at the time of writing the changes propagated almost immediately.
Conclusion
By now, your nginx server should be up and fully operational. As always, if you're having any issues please STFW before you ask people for advice!
.
Thank you,
- Tyler