NGINX

From DenshiWiki
Jump to navigation Jump to search

NGINX (pronounced "Engine-X") is a free/libre webserver and reverse-proxy software. It's basically what you're meant to be using instead of Apache2.

Tutorial video[edit]

Basic Setup[edit]

This section covers the base functionality and configuration of NGINX; Simply setting up a static HTML website served over encrypted HTTPS with a Let's Encrypt certificate.

Prerequisites[edit]

This guide requires:

  • Debian GNU/Linux
  • Ports 80 and 443 port-forwarded on your router
  • Your own domain/subdomain with an A DNS entry pointing to your server's public IPv4 address
  • Basic UNIX knowledge

Also be sure to run

sudo apt update && sudo apt full-upgrade

Before beginning.

Installation[edit]

On Debian, use:

sudo apt install nginx

(This guide covers NGINX configuration of Debian; Other distributions may have different or more bare-bones configurations compared to Debian, and as such may require more configuration than what is seen here.)

Configuration[edit]

By default, NGINX on Debian scans the /etc/nginx/sites-enabled/ directory for webserver configuration files. The instruction to do so is included in the /etc/nginx/nginx.conf file.


It is recommended to place server configuration files in the /etc/nginx/sites-available directory, and then symbolically linking them to /etc/nginx/sites-enabled to let NGINX see the configurations:

 # Enabling a configuration file:
sudo ln -s /etc/nginx/sites-available/YOUR_DOMAIN /etc/nginx/sites-enabled/
 # Disabling a configuration file:
sudo unlink /etc/nginx/sites-enabled/YOUR_DOMAIN

(It is generally recommended to name your configuration file in /etc/nginx/sites-available after the server name or domain name: For example, a website with a domain name such as denshi.live) would have a configuration file like /etc/nginx/sites-available/denshi.live.)

The actual configuration file at /etc/nginx/sites-available/YOUR_DOMAIN to serve a static HTML page should look like this:

server {
        listen 80;
        listen [::]:80;

        server_name YOUR_DOMAIN;

        root /var/www/YOUR_DOMAIN;
        index index.html;

        location / {
                try_files $uri $uri/ =404;
        }
}

(Once again, ensure YOUR_DOMAIN is replaced with the actual domain/subdomain you wish to use.)

Encryption with Let's Encrypt[edit]

By using Let's Encrypt's certbot tool along with the certbot-nginx extension, one can enabled encrypted traffic to their server and generate a full-chain encryption certificate.

Begin by installing Certbot and the NGINX extension for it:

sudo apt install python3-certbot python3-certbot-nginx

Then, use the following command to do the rest:

sudo certbot --nginx -d YOUR_DOMAIN

Once certificate generation is complete, this command will bring up a prompt to either disable or enable redirection of non-encrypted traffic through the encrypted port. It is recommended to enable Redirect.

Systemd Service[edit]

The nginx package on Debian includes a systemd service:

sudo systemctl restart nginx

Once restarted, NGINX should find your configuration file at /etc/nginx/sites-enabled/ and successfully serve your static HTML site!

Configuration[edit]

NGINX config files can be edited to add various functionality to a website. These options allow for NGINX to act as a powerful tool for much more than just serving static content.

Enabling File View/Indexing[edit]

While Apache2 has this feature enabled by default, file indexing is turned off in NGINX unless the user specifies otherwise. Enabling auto-indexing requires for a location to be set, from where the files will be served:

location / {
        autoindex on;
}

Proxying[edit]

NGINX can proxy traffic from any network location and serve it over the ports specified in a config. To proxy traffic, one must specify the location where the traffic is to be served, and the originating address of the traffic:

location / {
        proxy_pass http://localhost:8008;
        }