Link Search Menu Expand Document

Get started with Nginx, a guide for beginners

Table of contents

Install Nginx

sudo apt update
sudo apt install nginx
    # once nginx install, directory `/var/www/` will be available. 

Check Nginx

systemctl status nginx
systemctl stop nginx
systemctl start nginx
systemctl restart nginx
systemctl reload nginx
systemctl disable nginx
systemctl enable nginx
sudo nginx -t

Create server block for multi-hostname on 1 server.

  1. Create directory in /var/www
      mkdir -p /var/www/example.com/html
      chown -R $USER:$USER /var/www/example.com/html
      chmod -R 755 /var/www/example.com
      nano /var/www/example.com/html/index.html
    
  2. Set up blocks in `/etc/nginx

    Option 1

      nano /etc/nginx/sites-available/example.com
          # use template `listen 80`
      ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
      nano /etc/nginx/nginx.conf 
          # take `hashtag #` away from:  `server_names_hash_bucket_size 64;`
    

    Option 2

    1. Remove the default file.

       rm /etc/nginx/sites-enabled/default
      
    2. Create a new default.conf file under /etc/nginx/conf.d/ directory, copy and paste config content from Default Server Block.

       vim /etc/nginx/conf.d/default.conf
      
    3. Once done, check syntax and reload

       nginx -t
       systemctl reload nginx
      

Remove Nginx

sudo apt-get remove nginx nginx-common
    # remove all but config files
sudo apt-get purge nginx nginx-common
    # remove everything, after using any of the above commands, 
    # this command will remove dependencies used by nginx.
sudo apt-get autoremove

Remove URL’s HTML extension

rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent;
rewrite ^/(.*)/$ /$1 permanent;

location / {
    try_files $uri/index.html $uri.html $uri/ $uri =404;
}

Remove URL’s PHP extension

  1. Change location to:
     location / {
         try_files $uri/index.html $uri.html $uri/ @extensionless-php;
     }
    
  2. Add new location:
     location @extensionless-php {
         rewrite ^(.*)$ $1.php last;
     }
    
  3. Change to pass the PHP scripts to FastCGI
     location ~ \.php$ {
         try_files $uri =404;
         fastcgi_intercept_errors on;
         fastcgi_pass unix:/run/php/php7.4-fpm.sock;
         fastcgi_index index.php;
         fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
         include fastcgi_params;
     }
    
  4. deny access to .htaccess files
     location ~ /\.ht {
         deny all;
     }
    

Enable HTTP2 support

  • Inside the server config file, execute the below 3 points.
  1. Edit the server file: vim /etc/nginx/sites-available/example.com, amend listen:port
      listen [::]:443 ssl http2 ipv6only=on;
      listen 443 ssl http2;
    
  2. Remove the comment # from a line that Certbot generated.

     include /etc/letsencrypt/options-ssl-nginx.conf;
    
  3. Add ciphers at the end of SSL

     ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
    

Enable HSTS

vim /etc/nginx/nginx.conf
  1. Under this line: include /etc/nginx/sites-enabled/*;
  2. Add line: add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;

Hide Nginx info

vim /etc/nginx/nginx.config
    # remove hashtag "#" off for `server_tokens off;` 

Increase upload body size

vim /etc/nginx/nginx.conf
http {
    client_max_body_size 100m;
}