How to configure and use NGINX web server in Ubuntu 16.04

Nginx is specially developed for performance optimization. Its most well-known advantages are its stability and low system resource consumption, as well as its high processing capability for concurrent connections (a single physical server can Supports 30,000 to 50,000 concurrent connections), is a high-performance HTTP and reverse proxy server, and is also an IMAP/POP3/SMTP proxy service.

Installing Certbot

The first step is to install certbot, a software client that can automate almost all processes. Certbot developers maintain their own Ubuntu repositories that contain newer software than what exists in the Ubuntu repositories.

Add Certbot repository:

# add-apt-repository ppa:certbot/certbot

Next, update the APT source list:

# apt-get update

At this point, you can use the following apt command to install certbot:

# apt-get install certbot

Certbot is now installed and ready to use.

Obtaining a Certificate

There are various Certbot plugins available for obtaining SSL certificates. These plugins help obtain certificates, while the installation of certificates and web server configuration are left to the administrator.

We use a plugin called Webroot to obtain the SSL certificate.

This plugin is recommended where you have the ability to modify the content being served. There is no need to stop the web server during the certificate issuance process.

Configuring NGINX

Webroot creates a temporary file for each domain in the .well-known directory under the web root. In our example, the web root is /var/www/html. Make sure this directory is accessible during Let's Encrypt authentication. To do this, edit the NGINX configuration. Open /etc/nginx/sites-available/default using a text editor:

# $EDITOR /etc/nginx/sites-available/default

In that file, inside the server block, enter the following:

location ~ /.well-known {
allow all;
}

Save, exit and check NGINX Configuration:

# nginx -t

If there are no errors, it should be displayed as follows:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Restart NGINX:

# systemctl restart nginx

Use Certbot to obtain the certificate

The next step is to use Certbot Webroot plugin obtains new certificate. In this tutorial, we will secure the example domain www.example.com. Each domain that should be protected by the certificate needs to be specified. Execute the following command:

# certbot certonly --webroot --webroot-path=/var/www/html -d www.example.com

During this process, Cerbot will ask for a valid email address for notifications. You will also be asked to share with EFF, but this is not required. After agreeing to the terms of service, it will get a new certificate.

Finally, the directory /etc/letsencrypt/archive will contain the following files:

• chain.pem: Let's Encrypt encryption chain certificate.

• cert.pem: Domain name certificate.

• fullchain.pem: The combination of cert.pem and chain.pem.

• privkey.pem: The private key of the certificate.

Certbot will also create a symbolic link to the latest certificate file in /etc/letsencrypt/live/domain_name/. This is the path we will use in the server configuration.

Configuring SSL/TLS on NGINX

The next step is server configuration. Create a new snippet in /etc/nginx/snippets/. A snippet refers to a piece of configuration that can be included in a virtual host configuration file. Create a new file as follows:

# $EDITOR /etc/nginx/snippets/secure-example.conf

The contents of this file will specify the certificate and key location. Paste the following:

ssl_certificate /etc/letsencrypt/live/domain_name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain_name/privkey.pem;

In our example, domain_name is example.com.

Edit NGINX configuration

Edit the default virtual host file:

# $EDITOR /etc/nginx/sites-available/default

As follows:

server {
listen 80 default_server;
listen [::]:80 default_server;
server_name www.example.comreturn 301 https://$server_name$request_uri;# SSL configuration#listen 443 ssl default_server;
listen [::]:443 ssl default_server;
include snippets/secure-example.conf## Note: You should disable gzip for SSL traffic.# See: https://bugs.debian.org/773332# ...}

This will enable NGINX encryption.

Save, exit and check the NGINX configuration file:

# nginx -tnginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Restart NGINX:

# systemctl restart nginx

The above is the detailed content of How to configure and use NGINX web server in Ubuntu 16.04. For more information, please follow other related articles on the PHP Chinese website!