Nginx is a free and open source web server software that can also be used as a caching server, load balancer, reverse proxy, mail proxy and more. It is known for its high performance, highly scalable, and highly available capability. Generally, it is used as a reverse proxy and load balancer to manage the traffic and distribute them across the multiple backend servers. NGINX consistently gaining popularity and now supports all the components of the modern Web including, HTTP/2, WebSocket, and gRPC. Currently, it is used by some of the largest and highest-traffic sites on the internet including, Hulu, Netflix, CloudFlare, GitHub, WordPress, and more.
Nginx is lightweight and built for low memory usage and high concurrency. It uses an asynchronous and event-driven approach rather than creating new processes for each web request. In Nginx, one worker connection can take care of up to 1024 similar requests. Thus it can handle thousands of requests without any difficulties.
Installing Nginx is a very straightforward process in Ubuntu. Because Nginx is available in Ubuntu’s default repository. It can be installed by just running the following command:
apt-get install nginx -y
After the successful installation, verify the Nginx version using the command below:
nginx -v
Sample output:
nginx version: nginx/1.18.0 (Ubuntu)
Nginx service will start automatically after the installation. You can check the Nginx listening port using the following command:
At this point, Nginx is installed and running on port 80. By default, the Nginx service is managed by systemd. You can start, stop, enable and check the status of the Nginx easily with systemd.
To stop the Nginx service, run:
systemctl stop nginx
To start the Nginx service, run:
systemctl start nginx
To restart the Nginx service, run:
systemctl restart nginx
To enable the Nginx service to start after the system reboot, run:
systemctl enable nginx
To check the status of the Nginx service, run:
systemctl status nginx
Sample output:
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2021-09-02 14:36:37 UTC; 33s ago
Docs: man:nginx(8)
Main PID: 1292 (nginx)
Tasks: 2 (limit: 2353)
Memory: 6.7M
CGroup: /system.slice/nginx.service
├─1292 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
└─1293 nginx: worker process
Sep 02 14:36:37 ubuntu systemd[1]: Starting A high performance web server and a reverse proxy server...
Sep 02 14:36:37 ubuntu systemd[1]: Started A high performance web server and a reverse proxy server.
Now, you will need to verify the Nginx web server through the web browser. Open a web browser and type the URL http://your-server-ip in the address bar. If everything is fine, you should see the Nginx test page in the following screen:
Setting Up Nginx Virtual Host
Virtual Host allows you to host multiple websites on a single machine. This way you don’t need to purchase a separate machine for a new website. In this section, we will create a new virtual host and host a website on domain example.com.
First, create a directory named example.com to hold the website data:
mkdir /var/www/html/example.com
Next, create an index.html file inside your website directory:
nano /var/www/html/example.com/index.html
Add the following content:
Welcome to Nginx Web Server!
This message confirms that your Nginx web server is working.
Save and close the file then change the ownership of the example.com directory to www-data:
Next, you will need to create a virtual host configuration file for Nginx to serve the above content. You can create it inside /etc/nginx/conf.d/ directory:
At this point, your website is hosted on the example.com domain. To verify it, open your web browser and type the URL http://example.com. You should see your example.com default HTML page on the following screen:
Secure Nginx with Let's Encrypt SSL
If you are hosting a website using Nginx in a production environment, it is recommended to secure it using the Let’s Encrypt SSL. Let’s Encrypt is an open certificate authority and nonprofit Internet Security Research Group. It runs for the public’s benefit and provides a free SSL certificate to enable HTTPS (SSL/TLS) for websites.
In order to obtain a free SSL certificate from Let’s Encrypt, you will need to install the Certbot client package in your system. Certbot is a certificate installer that allows you to download and a certificate to your site in just a couple of minutes.
You can install the Certbot client package for Nginx using the following command:
apt-get install python3-certbot-nginx -y
After installing Certbot package, run the following command to download and add a certificate to your website:
certbot --nginx -d example.com
You will be asked to provide a valid email address and accept the term of service as shown below:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): hitjethva@gmail.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for example.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/example.com
Next, choose whether or not to redirect HTTP traffic to HTTPS as shown below:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Type 2 and hit Enter to finish the installation. You should see the following output:
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://example.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com/privkey.pem
Your cert will expire on 2020-10-30. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
- We were unable to subscribe you the EFF mailing list because your
e-mail address appears to be invalid. You can try again later by
visiting https://act.eff.org.
Now, your Nginx website is secured with Let’s Encrypt SSL. You can access it securely using the URL https://example.com.
In the above guide, we explained how to set up an Nginx web server on Ubuntu. We also explained how to use virtual hosting to host a website using a domain name. I hope you have now enough knowledge to host your own website using Nginx.
I am a fan of open source technology and have more than 10 years of experience working with Linux and Open Source technologies. I am one of the Linux technical writers for Cloud Infrastructure Services.