Home > Operation and Maintenance > Nginx > How to configure and use NGINX web server in Ubuntu 16.04

How to configure and use NGINX web server in Ubuntu 16.04

PHPz
Release: 2023-05-11 16:55:19
forward
1202 people have browsed it

Nginx is specially developed for performance optimization. Its most well-known advantages are its stability and low system resource consumption, as well as its high processing capability for concurrent connections (a single physical server can Supports 30,000 to 50,000 concurrent connections), is a high-performance HTTP and reverse proxy server, and is also an IMAP/POP3/SMTP proxy service. Ubuntu 16.04中怎么配置和使用NGINX Web服务器

Installing Certbot

The first step is to install certbot, a software client that can automate almost all processes. Certbot developers maintain their own Ubuntu repositories that contain newer software than what exists in the Ubuntu repositories.

Add Certbot repository:

# add-apt-repository ppa:certbot/certbot
Copy after login

Next, update the APT source list:

# apt-get update
Copy after login

At this point, you can use the following apt command to install certbot:

# apt-get install certbot
Copy after login

Certbot is now installed and ready to use.

Obtaining a Certificate

There are various Certbot plugins available for obtaining SSL certificates. These plugins help obtain certificates, while the installation of certificates and web server configuration are left to the administrator.

We use a plugin called Webroot to obtain the SSL certificate.

This plugin is recommended where you have the ability to modify the content being served. There is no need to stop the web server during the certificate issuance process.

Configuring NGINX

Webroot creates a temporary file for each domain in the .well-known directory under the web root. In our example, the web root is /var/www/html. Make sure this directory is accessible during Let's Encrypt authentication. To do this, edit the NGINX configuration. Open /etc/nginx/sites-available/default using a text editor:

# $EDITOR /etc/nginx/sites-available/default
Copy after login
Copy after login

In that file, inside the server block, enter the following:

location ~ /.well-known {
allow all;
}
Copy after login

Save, exit and check NGINX Configuration:

# nginx -t
Copy after login

If there are no errors, it should be displayed as follows:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Copy after login

Restart NGINX:

# systemctl restart nginx
Copy after login
Copy after login

Use Certbot to obtain the certificate

The next step is to use Certbot Webroot plugin obtains new certificate. In this tutorial, we will secure the example domain www.example.com. Each domain that should be protected by the certificate needs to be specified. Execute the following command:

# certbot certonly --webroot --webroot-path=/var/www/html -d www.example.com
Copy after login

During this process, Cerbot will ask for a valid email address for notifications. You will also be asked to share with EFF, but this is not required. After agreeing to the terms of service, it will get a new certificate.

Finally, the directory /etc/letsencrypt/archive will contain the following files:

  • chain.pem: Let's Encrypt encryption chain certificate.

  • cert.pem: Domain name certificate.

  • fullchain.pem: The combination of cert.pem and chain.pem.

  • privkey.pem: The private key of the certificate.

Certbot will also create a symbolic link to the latest certificate file in /etc/letsencrypt/live/domain_name/. This is the path we will use in the server configuration.

Configuring SSL/TLS on NGINX

The next step is server configuration. Create a new snippet in /etc/nginx/snippets/. A snippet refers to a piece of configuration that can be included in a virtual host configuration file. Create a new file as follows:

# $EDITOR /etc/nginx/snippets/secure-example.conf
Copy after login

The contents of this file will specify the certificate and key location. Paste the following:

ssl_certificate /etc/letsencrypt/live/domain_name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain_name/privkey.pem;
Copy after login

In our example, domain_name is example.com.

Edit NGINX configuration

Edit the default virtual host file:

# $EDITOR /etc/nginx/sites-available/default
Copy after login
Copy after login

As follows:

server {
listen 80 default_server;
listen [::]:80 default_server;
server_name www.example.comreturn 301 https://$server_name$request_uri;# SSL configuration#listen 443 ssl default_server;
listen [::]:443 ssl default_server;
include snippets/secure-example.conf## Note: You should disable gzip for SSL traffic.# See: https://bugs.debian.org/773332# ...}
Copy after login

This will enable NGINX encryption.

Save, exit and check the NGINX configuration file:

# nginx -tnginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Copy after login

Restart NGINX:

# systemctl restart nginx
Copy after login
Copy after login

The above is the detailed content of How to configure and use NGINX web server in Ubuntu 16.04. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:yisu.com
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template