Get started with Nginx, a guide for beginners
Table of contents
Install Nginx
sudo apt update
sudo apt install nginx
# once nginx install, directory `/var/www/` will be available.
Check Nginx
systemctl status nginx
systemctl stop nginx
systemctl start nginx
systemctl restart nginx
systemctl reload nginx
systemctl disable nginx
systemctl enable nginx
sudo nginx -t
Create server block for multi-hostname on 1 server.
- Create directory in
/var/www
mkdir -p /var/www/example.com/html chown -R $USER:$USER /var/www/example.com/html chmod -R 755 /var/www/example.com nano /var/www/example.com/html/index.html
-
Set up blocks in `/etc/nginx
Option 1
nano /etc/nginx/sites-available/example.com # use template `listen 80` ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/ nano /etc/nginx/nginx.conf # take `hashtag #` away from: `server_names_hash_bucket_size 64;`
Option 2
-
Remove the
default
file.rm /etc/nginx/sites-enabled/default
-
Create a new
default.conf
file under/etc/nginx/conf.d/
directory, copy and paste config content from Default Server Block.vim /etc/nginx/conf.d/default.conf
-
Once done, check syntax and reload
nginx -t systemctl reload nginx
-
Remove Nginx
sudo apt-get remove nginx nginx-common
# remove all but config files
sudo apt-get purge nginx nginx-common
# remove everything, after using any of the above commands,
# this command will remove dependencies used by nginx.
sudo apt-get autoremove
Remove URL’s HTML extension
rewrite ^(/.*)\.html(\?.*)?$ $1$2 permanent;
rewrite ^/(.*)/$ /$1 permanent;
location / {
try_files $uri/index.html $uri.html $uri/ $uri =404;
}
Remove URL’s PHP extension
- Change location to:
location / { try_files $uri/index.html $uri.html $uri/ @extensionless-php; }
- Add new location:
location @extensionless-php { rewrite ^(.*)$ $1.php last; }
- Change to pass the PHP scripts to FastCGI
location ~ \.php$ { try_files $uri =404; fastcgi_intercept_errors on; fastcgi_pass unix:/run/php/php7.4-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name; include fastcgi_params; }
- deny access to .htaccess files
location ~ /\.ht { deny all; }
Enable HTTP2 support
- Inside the server config file, execute the below 3 points.
- Edit the server file:
vim /etc/nginx/sites-available/example.com
, amendlisten:port
listen [::]:443 ssl http2 ipv6only=on; listen 443 ssl http2;
-
Remove the
comment #
from a line that Certbot generated.include /etc/letsencrypt/options-ssl-nginx.conf;
-
Add
ciphers
at the end of SSLssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
Enable HSTS
vim /etc/nginx/nginx.conf
- Under this line: include /etc/nginx/sites-enabled/*;
- Add line:
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains" always;
Hide Nginx info
vim /etc/nginx/nginx.config
# remove hashtag "#" off for `server_tokens off;`
Increase upload body size
vim /etc/nginx/nginx.conf
http {
client_max_body_size 100m;
}