Table of Contents
NGINX Server
Nginx, a popular open-source web server, excels at handling high traffic websites efficiently. One of its powerful features is the ability to host multiple websites on a single server using server blocks. This allows you to manage different domains or applications on the same machine, maximizing resource utilization.
This guide will walk you through setting up secure Nginx server blocks on Ubuntu 22.04. We’ll cover essential steps, security best practices, and additional recommendations for a robust web hosting environment.
Prerequisites
- Ubuntu 22.04 server with root or sudo privileges (You can explore providers like Alibaba Cloud, Linode etc.)
- A domain name pointed to your server’s IP address (you can use a dynamic DNS service if your IP is not static, for example No-IP is DDNS provider.)
- Basic understanding of command line and text editing (for example Nano text editor)
1. Install Nginx
Begin by updating your system’s package list and installing Nginx:
sudo apt update sudo apt install nginx
2. Adjust Firewall Rules (if applicable)
If you have a firewall enabled (like UFW), you’ll need to allow access to port 80 (default HTTP port) for Nginx to function:
sudo ufw allow http sudo ufw enable
3. Verify Nginx Installation
Open a web browser and navigate to your server’s IP address. You should see the default Nginx welcome page.
4. Create Server Block Directories
Nginx stores server block configurations in separate files. Let’s create a directory structure for your website:
sudo mkdir -p /var/www/<your_domain_name>/html sudo mkdir -p /etc/nginx/sites-available/<your_domain_name>
<your_domain_name> with your actual domain name.5. Set Directory Permissions
sudo chown -R www-data:www-data /var/www/<your_domain_name> sudo chmod 755 /var/www/<your_domain_name>
www-data user (used by Nginx) and sets appropriate permissions for file access.6. Create a Sample HTML Page (Optional)
nano /var/www/<your_domain_name>/html/index.html
<!DOCTYPE html>
<html>
<head>
<title>Welcome to your website!</title>
</head>
<body>
<h1>Your website is up and running!</h1>
</body>
</html>
7. Configure the Server Block
sudo nano /etc/nginx/sites-available/<your_domain_name>
server {
listen 80; # Adjust port if needed
server_name <your_domain_name>; # Your domain name
location / {
root /var/www/<your_domain_name>/html;
index index.html index.htm;
}
# Security Recommendations (add these sections)
access_log /var/log/nginx/<your_domain_name>-access.log;
error_log /var/log/nginx/<your_domain_name>-error.log;
}
Explanation of Directives:
listen: Defines the port on which the server block listens for incoming connections.server_name: Specifies the domain name(s) that this server block serves.location /: Defines how requests for a specific location (URI) are handled.root: Sets the directory that contains the website’s files.index: Lists files that Nginx should serve when a directory is requested without a specific filename.
Security Recommendations:
- Access Logging: The
access_logdirective enables logging of all requests to the specified file. This helps with troubleshooting and security analysis. - Error Logging: The
error_logdirective logs any errors encountered by Nginx while processing requests. This aids in identifying issues with your website or server configuration.
Additional Security Measures:
- Disable Unnecessary Modules: Review the installed Nginx modules and disable any you don’t require. This reduces the server’s attack surface.
- HTTPS Implementation: Consider using Let’s Encrypt for free SSL/TLS
Nginx Optimization for Improved Performance
While a well-configured server block lays the groundwork for your website, Nginx itself offers optimization options to handle traffic more efficiently. Here are some key areas to consider:
1. Worker Processes and Connections:
- worker_processes: This directive in the main Nginx configuration file (
/etc/nginx/nginx.conf) specifies the number of worker processes that Nginx can spawn. These processes handle incoming connections and requests. Tuning this value based on your server’s hardware (CPU cores) can optimize resource utilization. - worker_connections: This directive within a server block configuration defines the maximum number of simultaneous connections a worker process can manage. Adjusting this value based on your expected traffic volume can improve performance.
2. Caching:
- Caching static content: Frequently accessed static files like images, CSS, and JavaScript can be cached by Nginx, reducing the load on your backend server and improving response times. The
proxy_cachedirective enables caching functionality.
3. Compression:
- Gzip compression: Nginx can compress content on the fly using Gzip, reducing file sizes and improving transfer speeds for clients with compatible browsers. The
gzipdirective within a server block activates this feature.
4. Buffering:
- Buffering: Nginx can use buffers to temporarily store incoming data before processing. Adjusting buffer sizes for client requests and responses can optimize data flow, especially for larger files. Directives like
client_buffer_sizeandproxy_buffer_sizecontrol these settings.
5. Logging:
- Logging level: While access logs provide valuable data, excessive logging can strain resources. Consider adjusting the logging level (debug, info, etc.) to a balance that meets your needs.
Remember: Optimization is an ongoing process. Monitor your server performance using tools like top or htop to identify bottlenecks and experiment with different configurations to find the optimal settings for your specific website and traffic patterns.
You can see our article about comparison of NGINX with other web servers.