NGINX is an open-source software used in web serving. Some of its other uses include reverse proxying, caching, load balancing, media streaming and more. It is similar to Apache and the main difference is NGINX uses an event-driven architecture handling multiple requests within a single thread. Apache is process-driven creating a thread per each request. This allows NGINX to have generally better performance.Setting Up
Prerequisites:
We will be exploring the process of setting up NGINX to serve static pages from our Ubuntu server.
Installing NGINX on your Ubuntu server:
Open the terminal and update the package index:
sudo apt update
Install NGINX:
sudo apt install nginx
Configure NGINX to serve your website:
Create a root directory for your website and add all static files there:
sudo mkdir /var/www/your-domain.com
Create a new NGINX server block configuration file for your domain name:
sudo vi /etc/nginx/sites-available/your-domain.com
Add the following config replacing ‘your-domain.com’ with your actual domain name and at root the path to the root directory of your static files:
server {
listen 80;
server_name your-domain.com www.your-domain.com;
root /var/www/your-domain.com;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
Create a symbolic link from the sites-available directory to the sites-enabled directory:
sudo ln -s /etc/nginx/sites-available/your-domain.com /etc/nginx/sites-enabled/
Restart NGINX to apply the changes:
sudo systemctl restart nginx
sudo systemctl reload nginx
In case you visit the domain and you find:
There might be an error with permissions check the errors here:
vi /var/log/nginx/nginx_error.log
If you see the permission error edit the NGINX config and add the username of your user at user:
vi /etc/nginx/nginx.conf
user your_user;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
Then add access rights to the user:
sudo chown -R $USER:$USER /var/www/your-project-dir
If this does not work then make sure your user can access the directory. Check this StackOverflow answer.
With that, you should be able to see your static pages when you visit your domain.
Set up SSL for your site
SSL gives peace of mind to the visitor of your site. Secure Sockets Layer is a standard technology for keeping an internet connection secure and safeguarding any sensitive data.
We will use certbot to get a free SSL with letsEncrypt.
Prerequisite:
- A registered domain name.
- Both your DNS record e.g example.com and example.com should be pointing to your server’s public IP address.
- Have NGINX installed on your server.
Installing Certbot:
Open the terminal and install the following:
sudo apt install certbot python3-certbot-nginx
Check if NGINx syntax is ok by running it should output OK:
sudo nginx -t
Reload NGINX:
sudo systemctl reload nginx
Allow HTTPS through the firewall:
Check the current status of NGINX:
sudo ufw status
Status: active
To Action From
— —— —-
OpenSSH ALLOW Anywhere
Nginx HTTP ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Nginx HTTP (v6) ALLOW Anywhere (v6)
Currently, HTTPS is not supported run these commands:
sudo ufw allow ‘Nginx Full’
sudo ufw delete allow ‘Nginx HTTP’
Status: active
To Action From
— —— —-
OpenSSH ALLOW Anywhere
Nginx Full ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
Now we can get an SSL Certificate:
Use certbot to get your certificate:
sudo certbot –nginx -d example.com -d www.example.com
Give your email and accept all the let’s encrypt terms.
Cert bot’s autorenewal:
sudo systemctl status certbot.timer
● certbot.timer – Run certbot twice daily
Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: enabled)
Active: active (waiting) since Mon 2020-05-04 20:04:36 UTC; 2 weeks 1 days ago
Trigger: Thu 2020-05-21 05:22:32 UTC; 9h left
Triggers: ● certbot.service
You can also test its renewal using a dry run:
sudo certbot renew –dry-run
Reload NGINX:
sudo systemctl reload nginx
Now your site should be secure.
Common ERRORS
If you want to check NGINX logs use:
sudo /var/log/nginx/access.log
- Too many levels of symbolic links
open() “/etc/nginx/sites-enabled/boostctr” failed (40: Too many levels of symbolic links) in /etc/nginx/nginx.conf:60You can solve this by removing your site config at site-enabled:
sudo rm -rf /etc/nginx/sites-enabled/your-site.comThen create a new symbolic link;
sudo ln -s /etc/nginx/sites-available/you-site.com /etc/nginx/sites-enabled/your-site.com - You accidentally delete your site config in sites-available:
You can start by removing its symbolic link in sites-enabled. Then create a new config for your site as we saw earlier in the article.
Now run this command to reinstall your SSL certificates:
sudo certbot –nginxFollow the prompts and your certificates will be reinstalled by certbot.
Hope that was helpful to get you started. Happy coding 🙂
Source: hashnode.com