Ubuntu 20.04 - Manage Nginx 1.18
Hope this article help to install and manage Nginx in Ubuntu.
Result
This is result if nginx successfuly installed.
Step by Step
1. update package list
sudo apt update
2. install required package
sudo apt install nginx
Service Check
check status service
sudo systemctl status nginx
restart service
sudo systemctl restart nginx
start service
sudo systemctl start nginx
stop service
sudo systemctl stop nginx
Adjust Firewall :
check status firewall
sudo ufw status
check list firewall
sudo ufw app list
Enable firewall
sudo ufw enable
Disable firewall
sudo ufw disable
Allow protocol port when firewall active
As demonstrated by the output, there are three profiles available for Nginx:
- Nginx Full: This profile opens both port 80 (normal, unencrypted web traffic) and port 443 (TLS/SSL encrypted traffic)
- Nginx HTTP: This profile opens only port 80 (normal, unencrypted web traffic)
- Nginx HTTPS: This profile opens only port 443 (TLS/SSL encrypted traffic)
sudo ufw allow 'Nginx HTTP'
Deploy multiple website(Tested on Golang Gin, Python FastAPI that running on Docker) :
create configuration on website
sudo nano /etc/nginx/sites-available/{create-domain.conf}
copy this code
# comment server syntax this if server there not running on https (from listen 80 to return 301) server { listen 80; server_name {create-domain}; # server name (give the valid domain) return 301 https://$host$request_uri; } server { # listen 80; # uncomment this if server not running on http # listen [::]:80; # uncomment this if server not running on http listen 443 ssl; # to ssl (comment this if server not running on https) server_name {create-domain}; # give the valid domain or comment this to running from ip and port ssl_certificate /etc/letsencrypt/live/{create-domain}/fullchain.pem; # comment this if there no cert ssl ssl_certificate_key /etc/letsencrypt/live/{create-domain}/privkey.pem; # comment this if there no cert ssl location / { proxy_pass http://localhost:{port}; # change this port with valid port proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }
Activate symbioc
sudo ln -s /etc/nginx/sites-available/{create-domain.conf} /etc/nginx/sites-enabled/
Remove symbioc
sudo rm /etc/nginx/sites-enabled/{create-domain.conf}
Check configuration
sudo nginx -t
Restart service
sudo systemctl restart nginx
Configure HTTPS using Free Encrypt
1. update package list
sudo apt update
2. install required package
sudo apt install certbot
3. stop nginx service
sudo systemctl stop nginx
4. add certificate for specific domain url
sudo certbot certonly --standalone -d {create-domain}
first time you will need to register your email and other confirmation.
5. start nginx service
sudo systemctl start nginx
certificate location default
cd /etc/letsencrypt/live/{create-domain}/
automatic schedule renew certificate by cron job
sudo crontab -e
put this code
30 2 * * 1 /usr/bin/certbot renew --quiet
This will run Certbot every Monday at 2:30 AM and automatically renew the certificates if they are close to expiration.
Edit : automatic schedule renew certificate rarely not working
Reference
- GPT-3.5