Keyboard shortcuts

Press ← or β†’ to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

🌐 NGINX Setup Notes

Prerequisites

  • Base VPS security setup completed (SSH, UFW, Fail2Ban)
  • Domain name pointed to your VPS IP (optional, for production use)

1. πŸ“¦ Installation

Install NGINX:

sudo apt update
sudo apt install -y nginx

Check version:

nginx -v

Enable and start service:

sudo systemctl enable nginx
sudo systemctl start nginx
sudo systemctl status nginx

2. πŸ”₯ Firewall Rules

Allow HTTP and HTTPS:

sudo ufw allow 'Nginx Full'

Or allow individually:

sudo ufw allow 80/tcp   # HTTP
sudo ufw allow 443/tcp  # HTTPS

Check firewall status:

sudo ufw status

3. πŸ§ͺ Test Installation

Visit your VPS IP in browser:

http://<your_vps_ip>

You should see the default NGINX welcome page.

4. πŸ“ Important Directories

  • Config files: /etc/nginx/
  • Main config: /etc/nginx/nginx.conf
  • Sites available: /etc/nginx/sites-available/
  • Sites enabled: /etc/nginx/sites-enabled/
  • Web root: /var/www/html/
  • Logs: /var/log/nginx/

5. πŸ”§ Basic Server Block (Virtual Host)

Create new site config:

sudo vim /etc/nginx/sites-available/<your_domain>

Basic configuration:

server {
    listen 80;
    listen [::]:80;

    server_name <your_domain>;

    root /var/www/<your_domain>;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }

    access_log /var/log/nginx/<your_domain>.access.log;
    error_log /var/log/nginx/<your_domain>.error.log;
}

Create web root directory:

sudo mkdir -p /var/www/<your_domain>
sudo chown -R $USER:$USER /var/www/<your_domain>

Create a test page:

echo "<h1>Welcome to <your_domain></h1>" > /var/www/<your_domain>/index.html

Enable the site:

sudo ln -s /etc/nginx/sites-available/<your_domain> /etc/nginx/sites-enabled/

Test configuration:

sudo nginx -t

Reload NGINX:

sudo systemctl reload nginx

6. πŸ”„ Reverse Proxy (Optional)

For apps running on localhost:

server {
    listen 80;
    server_name <your_domain>;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

7. πŸ”’ SSL with Let’s Encrypt

Install Certbot:

sudo apt install -y certbot python3-certbot-nginx

Get SSL certificate for a domain:

sudo certbot --nginx -d <your_domain>

For multiple domains/subdomains at once:

sudo certbot --nginx -d example.com -d www.example.com -d api.example.com

Adding SSL to a new subdomain later:

sudo certbot --nginx -d new-subdomain.example.com

Auto-renewal is enabled by default. Test it:

sudo certbot renew --dry-run

List all certificates:

sudo certbot certificates

8. πŸ› οΈ Common Commands

# Test configuration
sudo nginx -t

# Reload (graceful, no downtime)
sudo systemctl reload nginx

# Restart
sudo systemctl restart nginx

# Stop
sudo systemctl stop nginx

# View access logs
sudo tail -f /var/log/nginx/access.log

# View error logs
sudo tail -f /var/log/nginx/error.log

Result βœ…

  • NGINX installed and running
  • Firewall configured for web traffic
  • Ready to serve websites or act as reverse proxy