To Install Nginx
sudo apt-get install nginx
Setting up Virtual Hosts
Nginx, like Apache, supports name-based virtual hosting, where the sites are hosted according to their (sub)domain name.
Setting up a Standard Virtual Host
The default nginx config works well for a standard Virtual Host.
Lets take a look.
server {
#replace <your_ip_here> with your ip address.
#Otherwise, to listen on all interfaces on port 80 with IPv4,
#remove '<your_ip_here>:'
listen <your_ip_here>:80; ## listen for ipv4; this line is default and implied
#listen [::]:80 default ipv6only=on; ## listen for ipv6.
#location of your files, replace /srv with the location of the files that you want to serve
root /srv;
#The index files. If you want, you can add others such as index.php, index.cgi, .etc .etc
index index.html index.htm;
# The name of your domain (virtual hosts). Change 'localhost' to the domain that you are hosting
server_name localhost;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to a 404 error
try_files $uri $uri/ =404;
# uncomment the line below to enable directory indexes
# NOT recommended unless you know what you're doing.
#autoindex on;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/www;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# With php5-fpm:
# fastcgi_pass unix:/var/run/php5-fpm.sock;
# fastcgi_index index.php;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
}Following the commented instructions above; setting the ip address, the default directory, and your domain, you can create your own virtual host.
Afterwords, simply save the file in
/etc/nginx/sites-enabled
and reload the nginx configuration with
sudo service nginx reload
Setting up a Virtual Host with SSL
The default SSL Virtual Host looks something like the below.
# HTTPS server
#
server {
#If you want to listen to a particular ip address, use the format
# listen <ipaddresshere>:443
#instead.
listen 443 ssl;
#Set the domain that you are serving.
server_name localhost;
root html;
#set the files you want to use as an index if necessary.
index index.html index.htm;
#Change ssl_certificate and ssl_certificate_key to point towards your SSL Certificate and your SSL key, respectively.
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
ssl_session_timeout 5m;
# Starting in Ubuntu 15.04 and later, the ssl_protocols and ssl_prefer_server_ciphers commands
# are unnecessary, if you are using the default-shipped configuration file for the nginx
# process (/etc/ngnix/nginx.conf)
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ =404;
}
}Simply change the domain name, the path leading to the ssl certificate/key, and place it into /etc/nginx/sites-enabled. Be sure to read the commented instructions as well, if they apply to you.
Setting up a passthrough Virtual Host
Passthrough virtual hosts can be useful for serving other web applications that do not reside on port 80.
The virtual host is simple, but extremely configurable.
server {
#change to
# listen ip_address:80
# if you want to listen on a specific ip address
listen 80;
#change the server_name to the domain you are virtualhosting.
server_name localhost;
location / {
proxy_pass http://passthrough-url;
}
}Edit the passthrough-url, and save in /etc/nginx/sites-enabled.
Setting up Nginx Backends
Nginx with PHP
Nginx uses a fastcgi backend to communicate with fastcgi servers. Therefore, we install the php5 FPM server for nginx to pass php files onto.
sudo apt-get install php5-fpm
The default nginx configuration that comes with Ubuntu already contains the configuration for php-fpm. Simply remove the comments on the php block so that
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# With php5-fpm:
# fastcgi_pass unix:/var/run/php5-fpm.sock;
# fastcgi_index index.php;
# include fastcgi_params;
#}looks like
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}Afterwords, reload the nginx configuration
sudo service nginx reload
Nginx Operations
Just like Apache, nginx has a set of operations. These can be set in the main server block, or any of the location blocks (explained below)
Some common options:
allow allows a set of ip addresses with allow list_of_ip_addresses_seperated_by_commas; , and allow all; allows all ip addresses. All locations are set to allow all; by default.
deny denies a set of ip addresses with deny list_of_ip_addresses_seperated_by_commas; , and deny all; denies all ip addresses. Deny can be used in conjunction with allow to allow only certain ip addresses. i.e.
allow 192.168.1.1; deny all;
That would only allow the ip 192.168.1.1 to access the location. This can be done in cidr notation as well.autoindex controls whether a directory is indexed or not. By default, this is set to off. It can be turned on with autoindex on;
access_log and error_log allow for logging server access and errors, respectively. The access_log can be set using
log_format gzip '$remote_addr - $remote_user [$time_local] ' '"$request" $status $bytes_sent ' '"$http_referer" "$http_user_agent" "$gzip_ratio"'; access_log /path/to/log/file gzip buffer=32k;The error_log can be set using
error_log /path/to/log/file [notice | warn | error | crit | alert |emerg];