“This is the first day of my participation in the Gwen Challenge in November. Check out the details: The last Gwen Challenge in 2021”
Nginx (pronounced “Engine X”) is a high-performance web server. It was originally developed to solve the 10K problem, which meant serving 10.000 concurrent connections. Nginx can be used as a standalone Web server or as a reverse proxy for other Web servers.
When acting as a reverse proxy, Nginx acts as a front-end Web server, passing incoming requests to Web servers at the back end, different ports, and so on. Then Nginx can handle SSL/HTTPS, GZip, cache headers, load balancing, and much more. Subsequent Web servers do not need to know how to handle this problem. And – you only have one web server, you need to learn how to configure SSL/HTTPS, GZip, etc. – that’s Nginx. I used Nginx before Jetty. Nginx handles all SSL/HTTPS stuff, while Jetty just handles plain HTTP requests in the back.
Install Nginx
You can install Nginx on Ubuntu using the apt-get package manager, as follows:
apt-get install nginx
Copy the codeThis should install the latest version of Nginx on your Ubuntu server.
To install Nginx on other Linux distributions, do a search on Google, Bing, etc. You will easily find the command line you need to install Nginx on your desired Linux distribution.
Start the Nginx
After installing Nginx, you will need to start it. You can do this using the following command:
/etc/init.d/nginx start
Copy the codeTo verify that Nginx is running, try directing your browser to the IP address (or domain name) of your Ubuntu server. Make sure you have a firewall open on port 80.
Check if Nginx is running
Another way to check if Nginx is running is to run the following command:
htop
Copy the codeIn the output of the command, look for “Nginx main process” and “Nginx worker process” in the list. If you see these processes in the list, Nginx is running.
Restart the Nginx
You need to restart Nginx every time you change the Nginx configuration file. Restart Nginx with the following command:
/etc/init.d/nginx restart
Copy the codeOnce Nginx is restarted, the new configuration takes effect.
Restarting Nginx will fail if there is an error in your configuration file. The restart command will write a small “OK” or “Fail” at the end of the line of its output to let you know if the restart failed or succeeded. If there are any errors, correct them and restart Nginx. Then it should work again.
Nginx configuration file
The Nginx master configuration file is located at:
/etc/nginx/nginx.conf
Copy the codeNginx profiles may contain other profiles. Therefore, you can divide the configuration into multiple smaller, reusable configuration files that are contained in the Nginx master configuration file.
To configure Nginx, we must make changes to the Nginx configuration file. Make a copy of the original configuration file before making changes. That way, you can always return the original in case you mess up the copy. Here is how to copy the original Nginx configuration file:
cp /etc/nginx/nginx.conf /etc/nginx.conf.orig
Copy the codeThe file /etc/nginx.conf.orig now contains a copy of the original nginx configuration file.
Sample raw configuration files
This is what my original Nginx configuration file looks like. Wherever you see [\n], this means I inserted a newline character to make it easier to view the file in the browser compared to the original file. # is a comment.
Configure Nginx
Configuring Nginx is done through configuration files. What you configure depends on what you want Nginx to do. I’ll write more about it in the near future. Until then, this YouTube video is a good place to start:
[Setting up a web server using Nginx]
Configure Nginx as a reverse proxy using SSL/HTTPS
This is an example nginx.conf (nginx configuration file) that shows you how to configure Nginx as a reverse proxy. Also, [\n] I inserted the newline tag to make the file easier to view in the browser. Delete the [\n] and newlines in your own version of this file. More details on configuration follow the file list.
All configuration of the reverse proxy takes place on the server {… } block.
The listen 443 line indicates that Nginx listens on port 443 (the default HTTPS port).
The server_name _ indicates that all Nginx domain names match this server{… } section.
The SSL on line instructs Nginx to turn on SSL/HTTPS.
Ssl_certificate certificate-bundle. CRT points to the certificate file. The certificate file path is certificate-bundle.crt. This path can point to a single certificate file or, in my case, to a certificate package because I purchased the certificate from an intermediate certificate authority. The bundle contains my certificate as the first entry in the file, along with the remaining CA certificates thereafter (see the next section for more details).
Ssl_certificate_key private-key.pem point this is the original private key used to generate the certificate signing request. Nginx requires this key to create SSL connections using certificates.
Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; Line sets which SSL protocols are enabled. In this example, I only have TSLv1, TLSv1.1, and TLSv1.2 enabled. Note: Some SSL protocols, such as SSLv3, have security vulnerabilities, so be sure to consult the security guide before enabling all SSL protocols.
The location / {… The} section instructs Nginx to run all requests from the forward/and down site’s virtual directory structure to the Web server running http://127.0.0.1:8080, which is port 8080 on the same machine.
I used OpenSSL to generate my private key and certificate to sign the request. I have a separate tutorial on creating a private key and certificate signing request with OpenSSL for use with a Web server.
Connect the certificate to a file
If you purchase a certificate from an intermediate certificate authority (CA), your CA may send you multiple certificates. One of these certificates is yours. The other is the CA certificate. The CA may then send you chains of certificates from other cas that have been used to sign your CA certificate (which is why your CA is an “intermediate” CA rather than a root CA).
In order for Nginx to be able to use your intermediate CA’s certificates, you need to connect all of your certificates, including yours, into a certificate file. Your certificate must be the first entry in this concatenation file.
These are the two Unix commands I use with NameCheap.com SSL certificates (Comodo Positive SSL – the cheapest option) to connect certificates to a single certificate package file. [\n]+ newline is again inserted by me. Remove [\n] and newline characters, so the command is just one line.
cat AddTrustExternalCARoot.crt COMODORSAAddTrustCA.crt [\n]
COMODORSADomainValidationSecureServerCA.crt> Comodo-ca-certificate-bundle.crt
Copy the codeThe first command connects the Comodo certificate to the rest of the certificate chain.
The second command inserts your certificate (myserver-com.crt) at the top of the certificate package file:
cat myserver-com.crt comodo-ca-certificate-bundle.crt > certificate-bundle.crt
Copy the codeYou can now point to certificate-bundle. CRT from the Nginx configuration file, as shown in the previous section.