How to Install and Configure Nginx on Ubuntu 18.04 / Debian 9

Nginx is a free and open source web server, it can also be used as reverse proxy, HTTP load balancer, HTTP Cache and mail proxy. Nginx is available for all the Unix like operating systems and released under BSD-like license.

In tutorial we will learn how to install latest version of Ngnix on Ubuntu 18.04 LTS and Debian 9 Server,

Nginx Installation on Ubuntu 18.04 LTS / Debian 9

Installation steps of Nginx on both OS Ubuntu 18.04 and Debian 9 is identical, run the beneath commands one after the another from the terminal,

[email protected]:~$ sudo apt update
[email protected]:~$ sudo apt install nginx -y

Start & enable Nginx service

Run the below commands to start and enable nginx service,

[email protected]:~$ sudo systemctl start nginx
[email protected]:~$ sudo systemctl enable nginx
Synchronizing state of nginx.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable nginx
[email protected]:~$

Use below commands to verify the ngnix service status,

[email protected]:~$ sudo systemctl status nginx
[email protected]:~$ sudo systemctl is-active nginx

Output of above commands would be something like below,

Nginx-Service-status-Ubuntu

Allow Nginx Ports ( 80 & 443 ) in OS firewall

In case OS firewall is enabled and configured on your Ubuntu 18.04 and Debian 9 Server then execute the below ufw commands to allow 80 and 443 port,

[email protected]:~$ sudo ufw allow 80/tcp
Rules updated
Rules updated (v6)
[email protected]:~$ sudo ufw allow 443/tcp
Rules updated
Rules updated (v6)
[email protected]:~$

Now Verify rules using the below command,

[email protected]:~$ sudo ufw status numbered
Status: active
     To                         Action      From
     --                         ------      ----
[ 1] 80/tcp                     ALLOW IN    Anywhere
[ 2] 443/tcp                    ALLOW IN    Anywhere
[ 3] 22/tcp                     ALLOW IN    Anywhere
[ 4] 80/tcp (v6)                ALLOW IN    Anywhere (v6)
[ 5] 443/tcp (v6)               ALLOW IN    Anywhere (v6)
[ 6] 22/tcp (v6)                ALLOW IN    Anywhere (v6)
[email protected]:~$

Once you are done with above changes, let’s verify the Nginx Welcome Page!!!

Open your Web browser, type : http://{Your-Server-IP-Address}

Welcome-nginx-Page-Ubuntu

Server Block / Virtual Host in Nginx

In Apache Web Server we have virtual hosts concept where we can define details of multiple web sites, similarly in Nginx we have Server blocks means block for each web site, let’s look into the default server block (/etc/nginx/sites-available/default) and then we will create our own site’s server block,

[email protected]:~$ sudo vi /etc/nginx/sites-available/default

Default-Server-Block-Nginx

Define Your Custom Server Block

Let’s assume I want to create a custom server block for web Server www.linuxtechi.lan,

Create a document root using below command,

[email protected]:~$ sudo mkdir  /var/www/linuxtechi

Create a index.html under Web Server document root,

[email protected]:~$ sudo vi /var/www/linuxtechi/index.html
<!DOCTYPE html>
<html>
<head>
<title>Welcome to LinuxTechi</title>
</head>
<body>
<h1>Welcome to LinuxTechi</h1>
<p>LinuxTechi Test Page running on NGINX Web Server - Ubuntu 18.04</p>
</body>
</html>

Now create your server block by creating a file “linuxtechi.lan” with the following content under the folder /etc/nginx/sites-available

[email protected]:~$ sudo vi /etc/nginx/sites-available/linuxtechi.lan
server {
    listen 80;
    root /var/www/linuxtechi;
    index index.html;
    server_name www.linuxtechi.lan;
}

To activate the above created server block, create a symbolic link from “/etc/nginx/sites-available/linuxtechi.lan” to “/etc/nginx/sites-enabled

[email protected]:~$ sudo ln -s /etc/nginx/sites-available/linuxtechi.lan /etc/nginx/sites-enabled

Now restart your nginx service using below command,

[email protected]:~$ sudo systemctl restart nginx

Note: In case you don’t have DNS server then you should add below entries in hosts file of your client machine,

192.168.0.107 www.linuxtechi.lan

Now access your web server via url : http://{Web-Server-Name}

In my case , url is http://www.linuxtechi.lan

Nginx-LinuxTechi-Test-Pages

Enable SSL Certificates for Your NGINX Server

As of now our nginx web server is running on non-secure port 80, to make the web server secure then we need to install ssl certificates. You can get the SSL certificates from the trusted sources or you can also use self-signed certificates generated via openssl command.

In this tutorial I am generating the certificates for my web server using openssl command,

[email protected]:~$ sudo openssl req -x509 -days 703 -sha256 -newkey rsa:2048 -nodes -keyout /etc/ssl/private/linuxtechi.key -out /etc/ssl/certs/linuxtechi-cert.pem
[sudo] password for pkumar:
Generating a 2048 bit RSA private key
........................................................................
writing new private key to '/etc/ssl/private/linuxtechi.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:Delhi
Locality Name (eg, city) []:Delhi
Organization Name (eg, company) [Internet Widgits Pty Ltd]:LinuxTechi
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:www.linuxtechi.lan
Email Address []:[email protected]
[email protected]:~$

Above command has generated the private key with “linuxtechi.key” and certificates with name “linuxtechi-cert.pem“, these certificates will be applicable for the next two years.

Now update your server block, add the key and certificate location and change the web server port from 80 to 443,

[email protected]:~$ sudo vi /etc/nginx/sites-available/linuxtechi.lan
server {
    listen 443 ssl;
    root /var/www/linuxtechi;
    index index.html;
    server_name www.linuxtechi.lan;
    ssl_certificate /etc/ssl/certs/linuxtechi-cert.pem;
    ssl_certificate_key /etc/ssl/private/linuxtechi.key;
}

Restart the nginx service using following command,

[email protected]:~$ sudo systemctl restart nginx
[email protected]:~$

Access Your Web Server on https protocol like,

https://www.linuxtechi.lan

Note: As we have installed our self-signed certificates so we have to first time check / click on  “Add Exception” and then “Confirm Security Exception” while accessing the web server on https.

Confirm-Security-Exception-Nginx-SSL-Certs

SSL-Certs-Nginx-WebServer-Ubuntu18-04

This confirms that we have successfully enabled self-signed certificates on our Nginx Web server and concludes the article, if you like article please do share your feedback and comments in below comment section.

4 Responses

  1. Nitin says:

    This is exactly what I was looking for long time. Thanks for this article. I am just starter for Linux whereas brought new Ubuntu based Dell inspiron laptop & try to gain as much Linux operational knowledge as possible.

  2. Miten Suresh Mehta says:

    please add similar information on reverse proxy and mail proxy ;-). your article is nice.

  3. Daniel says:

    Very well documented

  4. morganwill says:

    Very helpful tips,
    I will use the same to solve issues of my company Indiaaccess Servers and Hostasp Servers

    Thanks for your info

Leave a Reply to morganwill Cancel reply

Your email address will not be published. Required fields are marked *

Pin It on Pinterest