Ubuntu 20.04 - Manage Nginx 1.18

Hope this article help to install and manage Nginx in Ubuntu.

Result

Thumbnail

This is result if nginx successfuly installed.

Step by Step


1. update package list

sudo apt update

2. install required package

sudo apt install nginx

Service Check


check status service

sudo systemctl status nginx

restart service

sudo systemctl restart nginx

start service

sudo systemctl start nginx

stop service

sudo systemctl stop nginx

Adjust Firewall :


check status firewall

sudo ufw status

check list firewall

sudo ufw app list

Enable firewall

sudo ufw enable

Disable firewall

sudo ufw disable

Allow protocol port when firewall active

As demonstrated by the output, there are three profiles available for Nginx:

  • Nginx Full: This profile opens both port 80 (normal, unencrypted web traffic) and port 443 (TLS/SSL encrypted traffic)
  • Nginx HTTP: This profile opens only port 80 (normal, unencrypted web traffic)
  • Nginx HTTPS: This profile opens only port 443 (TLS/SSL encrypted traffic)
sudo ufw allow 'Nginx HTTP'

Deploy multiple website(Tested on Golang Gin, Python FastAPI that running on Docker) :


create configuration on website

sudo nano /etc/nginx/sites-available/{create-domain.conf}

copy this code


# comment server syntax this if server there not running on https (from listen 80 to return 301)
server {
    listen 80;
    server_name {create-domain}; # server name (give the valid domain)
    return 301 https://$host$request_uri;
}
server {
    # listen 80; # uncomment this if server not running on http
    # listen [::]:80; # uncomment this if server not running on http
    listen 443 ssl; # to ssl (comment this if server not running on https)
    server_name {create-domain}; # give the valid domain or comment this to running from ip and port
    ssl_certificate /etc/letsencrypt/live/{create-domain}/fullchain.pem; # comment this if there no cert ssl
    ssl_certificate_key /etc/letsencrypt/live/{create-domain}/privkey.pem; # comment this if there no cert ssl

    location / {
        proxy_pass http://localhost:{port}; # change this port with valid port
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto $scheme;
    }
}

Activate symbioc

sudo ln -s /etc/nginx/sites-available/{create-domain.conf} /etc/nginx/sites-enabled/

Remove symbioc

sudo rm /etc/nginx/sites-enabled/{create-domain.conf}

Check configuration

sudo nginx -t

Restart service

sudo systemctl restart nginx

Configure HTTPS using Free Encrypt


1. update package list

sudo apt update

2. install required package

sudo apt install certbot

3. stop nginx service

sudo systemctl stop nginx

4. add certificate for specific domain url

sudo certbot certonly --standalone -d {create-domain}

first time you will need to register your email and other confirmation.

5. start nginx service

sudo systemctl start nginx

certificate location default

cd /etc/letsencrypt/live/{create-domain}/

automatic schedule renew certificate by cron job

sudo crontab -e

put this code

30 2 * * 1 /usr/bin/certbot renew --quiet

This will run Certbot every Monday at 2:30 AM and automatically renew the certificates if they are close to expiration.


Edit : automatic schedule renew certificate rarely not working

Reference

  • GPT-3.5