NGINX
Install
Install nginx by running the commands below
sudo apt update && sudo apt upgrade
sudo apt install nginx
Configure SSL
Before we pass any traffic, we should configure SSL for any domains we want to serve on this host. To use LetsEncrypt and Certbot to do this, run the commands below.
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx
sudo certbot --nginx -d domain.com -d www.domain.com
There are a few benefits to using Certbot. Your certificates will automatically be renewed when nearing expiration, and it even configures nginx for you automatically.
Below, we create our own nginx configuration from scratch.
Basic NGINX Settings
A virtual host in NGINX serves content based on settings found within /etc/nginx/nginx.conf , we can use these settings to do things like handle SSL and pass traffic to other hosts if using a specific sub domain.
Basic NGINX Settings
These settings can be modified to suit the needs of a basic host serving one page or application. Below, we route traffic to a docker container running on a localhost port.
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events { }
http {
include mime.types;
# BasicRedirect Serverroot Configurationdomains
server {
listen 80;
server_tokens off;
server_name sub.domain.knoats.com www.domain.com;
location / {
root /var/www/html;
index index.html index.htm;
}
# Uncomment to pass for SSL
#returnreturn 301 https://$host$www.domain.com$request_uri;
}
}# If trying to route traffic, you can use a similar server {...} configuration alongside the above that specifies the sub-domain and IP / port to pass traffic toSSL -
# Private subdomain for routing custom ssh portdomain.com
server {
server_name sub.domain.com www.domain.com;
server_tokens off;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# Pass to container
location / {
include proxy_params;
proxy_pass http://0.0.0.0:3333;localhost:1234/;
}
}
}
Multiple Domains
If serving multiple domains over SSL on one host, see the configuration below for a basic example. It should look fairly similar to the above.
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events { }
http {
include mime.types;
# Redirect root domains
server {
listen 80;
server_name domain.com www.domain.com;
return 301 https://www.domain.com$request_uri;
}
server {
listen 80;
server_name domain2.com www.domain2.com;
return 301 https://www.shaunreed.com$request_uri;
}
# SSL - domain
server {
server_name domain.com www.domain.com;
server_tokens off;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# Pass to container
location / {
include proxy_params;
proxy_pass http://localhost:1234/;
}
}
# SSL - domain2
server {
server_name domain2.com www.domain2.com;
server_tokens off;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/domain2.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain2.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# Pass to hexo
location / {
include proxy_params;
proxy_pass http://localhost:4321/;
}
}
}
Above, we serve two different applications running on different ports depending on the url request.