Skip to content

🌐 Installing NGINX

nginx_banner

nginx_logo NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. NGINX is known for its high performance, stability, rich feature set, simple configuration, and low resource consumption.

📥 Installation

📦 Install NGINX

NGINX is one of a handful of servers written to address the C10K problem. Unlike traditional servers, NGINX doesn't rely on threads to handle requests. Instead it uses a much more scalable event-driven (asynchronous) architecture. This architecture uses small, but more importantly, predictable amounts of memory under load. NGINX scales in all directions: from the smallest VPS all the way up to large clusters of servers.

# install NGINX
sudo apt-get install nginx

# check NGINX status
sudo nginx -t && sudo service nginx status

⚙️ Configure NGINX

debian places NGINX configuration files in /etc/nginx and its sub-directories. Shared configuration are kept in that root directory. Specific server setups reside in sites-available directory with symlinks in sites-enabled directory to make them active.

🚧 Install 404 webpage

404

The custom default 404 webpage is available here: download.
This configuration ensures that a 404 error page is served when a request does not match any defined virtual host.

Important

Before proceeding, define the required variable:

  • DEFAULT_404_DIR: The absolute path to the 404.html webpage.
# define the absolute path to the 404.html webpage
DEFAULT_404_DIR=/path/to/default

# check that the variable for the default 404 webpage is set, non-empty, and points to an existing directory
[ -n "${DEFAULT_404_DIR}" ] && [ -d "${DEFAULT_404_DIR}" ] || { echo "Error: DEFAULT_404_DIR is not set or not a valid directory"; exit 1; }

# download and copy 404 default webpage
cd "${DEFAULT_404_DIR}"
wget https://docs.fum-server.fr/files/default.tar.gz
tar xf default.tar.gz && rm default.tar.gz

⚙️ Configure NGINX

# check that the variable for the default 404 webpage is set, non-empty, and points to an existing directory
[ -n "${DEFAULT_404_DIR}" ] && [ -d "${DEFAULT_404_DIR}" ] || { echo "Error: DEFAULT_404_DIR is not set or not a valid directory"; exit 1; }

# configure NGINX
sudo tee /etc/nginx/nginx.conf > /dev/null <<'EOF'
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
  worker_connections 1024;
}

http {
  ##
  # Core Settings
  ##
  sendfile on;
  tcp_nopush on;
  types_hash_max_size 2048;
  proxy_headers_hash_max_size 1024;
  proxy_headers_hash_bucket_size 128;
  client_max_body_size 10M;
  proxy_intercept_errors on;
  server_tokens off;

  ##
  # MIME types; default fallback
  ##
  include /etc/nginx/mime.types;
  default_type application/octet-stream;

  ##
  # WebSocket upgrade map
  ##
  map $http_upgrade $connection_upgrade { default upgrade; '' close; }

  ##
  # One catch-all HTTP server: redirect everything to HTTPS
  ##
  server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
    return 308 https://$host$request_uri;
  }

  ##
  # TLS/SSL Settings
  ##
  ssl_protocols TLSv1.2 TLSv1.3;
  ssl_prefer_server_ciphers off;
  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout 1d;
  ssl_session_tickets off;

  ##
  # Security Headers
  ##
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
  add_header X-Content-Type-Options "nosniff" always;
  add_header X-Frame-Options "SAMEORIGIN" always;
  add_header Referrer-Policy "strict-origin-when-cross-origin" always;

  ##
  # Gzip Settings
  ##
  gzip on;
  gzip_comp_level 5;
  gzip_min_length 1400;
  gzip_vary on;
  gzip_proxied any;
  gzip_types
    application/atom+xml
    application/javascript
    application/json
    application/ld+json
    application/manifest+json
    application/wasm
    application/xhtml+xml
    application/xml
    image/svg+xml
    text/cache-manifest
    text/css
    text/plain
    text/vcard;

  ##
  # Logging Settings
  ##
  access_log /var/log/nginx/access.log;
  error_log /var/log/nginx/error.log;

  ##
  # Virtual Host Configs
  ##
  include /etc/nginx/conf.d/*.conf;
  include /etc/nginx/sites-enabled/*;
}
EOF

# fix mime type for .webmanifest files
sudo tee /etc/nginx/conf.d/webmanifest-mime.conf > /dev/null <<EOF
types {
  application/manifest+json webmanifest;
}
EOF

# check that the variable for the default 404 webpage is set, non-empty, and points to an existing directory
[ -n "${DEFAULT_404_DIR}" ] && [ -d "${DEFAULT_404_DIR}" ] || { echo "Error: DEFAULT_404_DIR is not set or not a valid directory"; exit 1; }

# configure NGINX
sudo tee /etc/nginx/snippets/error-404.conf > /dev/null <<EOF
##
# Common 404 page for all servers
##
location = /404.html {
  root ${DEFAULT_404_DIR};
  internal;
}
EOF

🛡️ Configure ACL rights

adduser adds debian to the www-data group, the same group that NGINX runs under in the default debian install. chgrp recursively updates the html directory and its children to belong to the www-data group.

Replace Fields

Set the WEB_DIR variable to the directory you want to share with NGINX:

WEB_DIR=/path/to/your/web/directory

# add current user to www-data group
sudo adduser "$USER" www-data

# set group ownership and permissions on the web directory
sudo chgrp www-data "${WEB_DIR}"
sudo chmod 775 "${WEB_DIR}"
sudo chmod g+s "${WEB_DIR}"
sudo setfacl -m group:www-data:rwx "${WEB_DIR}"
sudo setfacl -dm group:www-data:rwx "${WEB_DIR}"

Important

You need to reload your shell for the group association on your user account to take effect.
Logout and login back again.

🔄 Restart NGINX

# restart NGINX service
sudo nginx -t && sudo service nginx restart