How To Install Nginx on Ubuntu 18.04

Nginx, as pronounced 'engine-ex', is a powerful Web Server also able to perform as Load Balancer and Reverse Proxy. It is currently used by some heavyweight companies such as Google, Adobe, IBM, Microsoft Salesforce etc. 

Nginx was designed to offer very low memory usage in a heavy concurrent environment. Because of this Nginx has an edge over other mainstream web servers when it comes to static content. 

In this guide, we are going to see how to install Nginx on Ubuntu 18.04. 

Step 1: Securing Server

Since Nginx faces the incoming connections from Internet head-on, it is important to secure the server itself. There are few easy to implement security measure we can take to increase overall security as much as possible. Following are some recommendation which can be configured with little effort. Note that, this is not an exhaustive list and only meant to serve as a guide:

Add Limited Privilege User

Restrict root access for management of the server by adding a limited privilege user. 

Create and apply password protection to the privileged user:

$ adduser <user>
$ passwd <user>

Add the user to wheel group for sudo:
$ adduser <user> sudo

Security Hardened SSH Access

Almost all configuration and management of Linux based server is done over SSH. So it is crucial to secure the SSH access from intrusion. There are several ways we can secure SSH:

  • Disable root logins and password authentication on SSH by editing /etc/ssh/sshd_config and making the following change:

PermitRootLogin no
PasswordAuthentication no

  • Configure Key-Pair Authentication. 
  • Use non-standard port for SSH by changing the port number in /etc/ssh/sshd_config. Following example shows SSH configured on port 5422:

Port 5422

Configure UFW Firewall

Ubuntu 18.04 comes with preinstalled firewall UFW. If for any reason it is not installed, it can be installed using the following command:

$ apt install ufw

If the firewall is enabled, we can enable it as follows:

$ sudo ufw enable

The importance of a properly configured firewall cannot be stressed enough. It blocks unwanted traffic into the server while allowing only what is allowed. A deeper knowledge of firewalls can help reduce the attack surface of a server. 

Step 2: Update Ubuntu 18.04

Update and/or upgrade Ubuntu before proceeding to install Nginx:

$ apt update
$ apt dist-upgrade

Step 3: Install Nginx

Nginx is already included in the Ubuntu 18.05 repositories. We can install it using the following command:

$ apt install nginx

Start and enable nginx to auto start after a reboot:

$ systemctl enable nginx
$ systemctl start nginx

Step 4: Add A Test Site

We are going to add a simple site to test nginx web server. Each hosted site resides in a directory under /var/www/. We will create a directory for our test site mydomain.com:

$ mkdir /var/www/mydomain.com

Create a test HTML index file and the following content, which will be presented when accessing the site:

$ nano /var/www/mydomain.com/index.html

<!DOCTYPE html>
<html>
        <head>
                  <title>Nginx test Site</title>
       </head>
       <body>
                 <h1>Welcome to Nginx Test Site</h1>
       </body>
</html>

Step 5: Configure Test Site

Nginx installs a configuration for the default site during installation. We are going to disable it using the following command:

$ unlink /etc/nginx/sites-enabled/default

Any site hosted on Nginx is configured under /etc/nginx/sites-available and symlinked to /etc/nginx/sites-enabled to activate them. We are going to create a configuration file with the following content for our test site in /etc/nginx/sites-available/mydomain.com:

$ nano /etc/nginx/sites-available/mydomain.com

server {
listen 80;
listen [::]:80;
server_name mydomain.com;

root /var/www/mydomain.com;
index index.html;

location / {
try_files $uri $uri/ =404;
}
}

The following command will create the symlink to /etc/nginx/sites-enabled/ to enable the test site:

$ ln -s /etc/nginx/sites-available/mydomain.com  /etc/nginx/sites-enabled/

Step 6: Test Nginx Configuration

Before loading site configuration we can test to ensure there is no syntax error or misconfiguration:

$ nginx -t
Syntax OK

If there is an error during the test, Nginx will prevent the service from restarting. 

Step 7: Reload vs Restart Nginx Service

There are two ways we can activate site configurations:

$ systemctl reload nginx

or

$ systemctl restart nginx

The reload option gracefully restarts Nginx service with minimal disruption when there are active connections from users. The restart option, on the other hand, stops then restarts the Nginx service. On a busy Nginx server, it is best to use reload. 

We can check the Nginx service status using the following command:

$ systemctl status nginx

 

 

Latest HOW-TOs