Nginx
About
Nginx (pronounced engine-x) is web server which can also be used proxy, load balancer, mail proxy and HTTP cache. It's also a modern alternative to something like Apache, IIS, or Caddy.
Prerequisites
An nginx installation should be pretty accessible regardless of your OS. This guide is specifically written for Ubuntu Server 18.04 LTS, but should work on any other type of Unix operating system. The setup that we're using is commonly referred to as a LEMP stack (Linux, nginx, MySQL, PHP.)
- nginx/1.14.0 (Ubuntu)
- PHP 7.2.10-0ubuntu0.18.04.1 (cli)
- MySQL v14.14 Distribution 5.7.24
If you've just installed a new operating system, you'll want to update your local package index by running sudo apt-get update, and then add the Universe repository by running sudo apt-add-repository universe.
Addendum : 02/07/2023
Our team created a LEMP stack on a vm in order to troubleshoot a webserver issue.
We used a source from Digital Ocean to follow the entire process with similar prerequisites, but we had an issue with connecting our website page to the internet. The solution was to create an A HOST file in our DNS server and tie our domain to a static ip address.
Installing nginx
To start, you're going to want to install nginx using the aptitude package manager. You can do this by running sudo apt-get install nginx. Once you run that, you'll want to go through the configuration prompt that appears.
.
After nginx and its subsequent dependencies have finished installing, you'll want to let it through the firewall by running sudo ufw allow 'Nginx HTTP'. Check what your current IP is by running ifconfig, and then look for whatever interface looks correct. In this instance, the proper interface is eth0.
.
After running the command, the first indented line should say inet and then an IP address afterwards. Verify functionality of nginx by going to your web browser and typing http://{ip}/ where {ip} is what follows after inet.
If the default nginx page displays, continue to the next section.
.
.
.
.
.
Installing MySQL
The process of installing MySQL is fairly similar to installing nginx, although MySQL does require a little bit of configuration before it will function properly. Start off by running sudo apt-get install mysql-server, and then once it finishes run the setup script by typing sudo mysql_secure_installation.
.
The first thing that the installations script will ask you is if you'd like to enable the VALIDATE PASSWORD PLUGIN, but don't. If you don't care about why, then skip to the next paragraph, but if you do, keep reading. Essentially, the plugin throws errors if passwords don't meet specific criteria. This causes issues if you either a.) use weak passwords, or b.) install a package that automatically compiles and creates a default account with basic credentials. It is always good practice to use strong passwords for everything, and database credentials are no exception.
.
Say yes to the rest of the questions and use good judgement if it asks something that requires anything other than a Y/N input.
Installing PHP
Again, installing PHP is very similar to two sections preceding this one. Start off by installing the php-fpm and php-mysql packages by running sudo apt-get install php-fpm php-mysql. After it installs, you'll want to edit php.ini by running sudo vim /etc/php/7.4/fpm/php.ini.
.
Note: If the file isn't found, check the directory path by using the cd command and seeing where something doesn't exist.
.
If you're using Vim, type a ? and search for cgi.fix_pathinfo. You should be taken to a line that's commented out and says ;cgi.fix_pathinfo=0 or something similar. Press the i key to start editing and remove the ; to uncomment it. If the variable is set to 1, change it to 0. Press the escape key and type :wq to save and quit your changes. If you didn't run Vim as a superuser (if you didn't run the command with sudo), it will throw and error and the file won't save.
.
Once the file saves, run sudo systemctl restart php7.4-fpm to restart PHP.
Configuring nginx
The configuration for nginx is a little different compared to anything you might be used to. To start, there are two directories: sites-available and sites-enabled. The former directory actually contains the configuration files, while the latter contains symbolic links to the configuration files and enables them.
.
To start, lets say that we wanted to configure our nginx server to work with the domain example.ms. First, we'd want to verify that the directory /var/www/example.ms exists. Move to the sites-available directory by entering the command cd /etc/nginx/sites-available. Next, you'll want to create a new configuration file with the name of the domain. You can either by running sudo touch example.ms && sudo vim example.ms or simply by running sudo vim example.ms since Vim creates the file if it doesn't exist. Again, press i to edit the file. Once you're in edit mode, you'll want the contents to look something like this:
server {
listen 80;
listen [::]:80;
# this is a comment! you don't have to include this, but if you're not
# going to be using a domain, then you can replace it with an IP
server_name example.ms;
root /var/www/example.ms;
index index.php index.html index.htm;
location = /favicon.io {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_intercept_errors on;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}
Tip: You can periodically save your configuration file by pressing escape, typing :w , and then pressing i again to edit the file.
Tip: If you are adding another domain the listen 80; and listen [::]:80; isn't needed and you can go from server { to server_name example.ms;
.
Once you're completely done editing, save and quit the file by pressing the escape key and typing :wq. Finally, you can check your configuration file for errors by running sudo nginx -t. If there are any errors, refer back to your configuration file and see where you went wrong. In the event that nginx threw an error, review your configuration file and look for any missing {, }, or ;. Every line that doesn't have curly brackets should end in a semicolon, which is probably the issue. If that isn't, then refer to your favorite search engine and start researching.
.
If nothing went wrong, and your configuration file is completely free of errors, run cd ../sites-enabled to move to the sites-enabled directory. Finally, to enable your website, run sudo ln -s /etc/nginx/sites-available/example.ms ./ to create the symbolic link to your configuration file, and then run sudo systemctl restart nginx to restart nginx and make your changes go live.
Verifying Functionality
Of course, you'll want to make sure that everything you just did actually works. Run cd /var/www/example.ms && sudo vim info.php to move to your websites home directory and create the file info.php. Inside of the file, type the following:
<?php
phpinfo();
?>
... and then save and quit the file by pressing escape and typing :wq. Now, go to http://example.ms/info.php. If you didn't configure the nameservers for your domain to point to your new nginx server, then just replace the domain name with the IP of the server (refer to the ifconfig part of the Installing nginx section if you don't know how.)
If everything worked properly, you should see a PHP information page with a bunch of library authors and enabled modules. If it doesn't, research!
Troubleshooting
Over time we have run into a few quirks with this server that we listed here....
Resetting the IP address
Unfortunately we have found that from time to time on server reboots the server forgets the IP address for the webserver. Here is what you need to do to fix it.
Open up the ESXI sesson on .2 and access the webserver. Login with the server admin credentials, ask Chamberlain if you don't know. Enter the following commands...
sudo ifconfig ens32 x.x.x.11 netmask 255.255.255.0 (where x.x.x are the network address of our subnet)
sudo route add default gw x.x.x.1 ens32 (where x.x.x are the network address of our subnet)
Conclusion
By now, your nginx server should be up and fully operational. As always, if you're having any issues please STFW before you ask people for advice!
Thank you,
- Tyler & Luke