Nginx is one of the most popular web servers in the world and is responsible for hosting some of the largest and highest-traffic sites on the internet. It is more resource-friendly than Apache in most cases and can be used as a web server or reverse proxy.
In this guide, we’ll discuss how to install Nginx on your Ubuntu 18.04 server.
Step 1: Securing Server
Since Nginx faces the incoming connections from Internet head-on, it is important to secure the server itself. There are few easy to implement security measure we can take to increase overall security as much as possible. Following are some recommendation which can be configured with little effort. Note that, this is not an exhaustive list and only meant to serve as a guide:
Add Limited Privilege User
Restrict root access for management of the server by adding a limited privilege user.
Create and apply password protection to the privileged user:
$ adduser <user>$ passwd <user>
Add the user to wheel group for sudo:
$ adduser <user> sudo
Security Hardened SSH Access
Almost all configuration and management of Linux based server is done over SSH. So it is crucial to secure the SSH access from intrusion. There are several ways we can secure SSH:
- Disable root logins and password authentication on SSH by editing
/etc/ssh/sshd_configand making the following change:
PermitRootLogin no
PasswordAuthentication no
- Configure Key-Pair Authentication.
- Use non-standard port for SSH by changing the port number in
/etc/ssh/sshd_config. Following example shows SSH configured on port 5422:
Port 5422
Configure UFW Firewall
Ubuntu 18.04 comes with preinstalled firewall UFW. If for any reason it is not installed, it can be installed using the following command:
$ apt install ufw
If the firewall is enabled, we can enable it as follows:
$ sudo ufw enable
The importance of a properly configured firewall cannot be stressed enough. It blocks unwanted traffic into the server while allowing only what is allowed. A deeper knowledge of firewalls can help reduce the attack surface of a server.
Step 2: Update Ubuntu 18.04
Update and/or upgrade Ubuntu before proceeding to install Nginx:
$ apt update
$ apt dist-upgrade
Step 3: Install Nginx
Nginx is already included in the Ubuntu 18.05 repositories. We can install it using the following command:
$ apt install nginx
Start and enable nginx to auto start after a reboot:
$ systemctl enable nginx
$ systemctl start nginx
Step 4: Add A Test Site
We are going to add a simple site to test nginx web server. Each hosted site resides in a directory under /var/www/. We will create a directory for our test site mydomain.com:
$ mkdir /var/www/mydomain.com
Create a test HTML index file and the following content, which will be presented when accessing the site:
$ nano /var/www/mydomain.com/index.html
<!DOCTYPE html> <html> <head> <title>Nginx test Site</title> </head> <body> <h1>Welcome to Nginx Test Site</h1> </body> </html>
Step 5: Configure Test Site
Nginx installs a configuration for the default site during installation. We are going to disable it using the following command:
$ unlink /etc/nginx/sites-enabled/default
Any site hosted on Nginx is configured under /etc/nginx/sites-available and symlinked to /etc/nginx/sites-enabled to activate them. We are going to create a configuration file with the following content for our test site in /etc/nginx/sites-available/mydomain.com:
$ nano /etc/nginx/sites-available/mydomain.com
server {
listen 80;
listen [::]:80;
server_name mydomain.com;
root /var/www/mydomain.com;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}The following command will create the symlink to /etc/nginx/sites-enabled/ to enable the test site:
$ ln -s /etc/nginx/sites-available/mydomain.com /etc/nginx/sites-enabled/
Step 6: Test Nginx Configuration
Before loading site configuration we can test to ensure there is no syntax error or misconfiguration:
$ nginx -t
Syntax OK
If there is an error during the test, Nginx will prevent the service from restarting.
Step 7: Reload vs Restart Nginx Service
There are two ways we can activate site configurations:
$ systemctl reload nginx
or
$ systemctl restart nginx
The reload option gracefully restarts Nginx service with minimal disruption when there are active connections from users. The restart option, on the other hand, stops then restarts the Nginx service. On a busy Nginx server, it is best to use reload.
We can check the Nginx service status using the following command:
$ systemctl status nginx
