How to Install and Configure the Nginx Web Server on Cloud VPS: A Step-by-Step Guide" class="internal-post-link">Step-by-Step Guide

In this article, we will thoroughly explore the process of installing and configuring the Nginx web server on a cloud VPS. We’ll go through all the steps, from connecting to the server and updating the system to setting up virtual hosts and ensuring security. Whether you are a novice system administrator or an experienced developer, this guide will help you quickly and efficiently configure your web server for optimal performance.

The following topics will be covered in this article:

  1. Preparing the server for Nginx installation
  2. Installing Nginx on VPS
  3. Basic Nginx configuration and virtual hosts
  4. Ensuring Nginx security
  5. Checking and debugging Nginx operation

Preparing the server for Nginx installation

How to install and configure a web server on Cloud VPS? - Screenshot of connecting to VPS via SSH.

Before proceeding with the installation of Nginx, you need to make sure that your server is ready for operation. This includes connecting to the server, updating the package list, and installing the necessary utilities.

VPS Hosting

Virtual servers with guaranteed resources

Choose VPS

Connecting to VPS via SSH

The first step is to connect to your VPS via SSH (Secure Shell). For this, you will need an SSH client, such as PuTTY (for Windows) or a built-in terminal (for macOS and Linux). You will need the IP address of your server, username (usually `root` or a username created during server setup), and password.

Example command to connect via SSH (Linux/macOS):

ssh user@your_server_ip

Replace `user` with your username and `your_server_ip` with the IP address of your server. After entering the command, you will be prompted to enter the password. Enter the password and press Enter.

Example of connecting via PuTTY (Windows):

  • Run PuTTY.
  • In the «Host Name (or IP address)» field, enter the IP address of your server.
  • Make sure the port is specified as 22 (the standard port for SSH).
  • Click the «Open» button.
  • In the terminal window that opens, enter the username and password.

Updating the package list and installed packages

After connecting to the server, you need to update the package list and the installed packages. This will ensure that you have the latest versions of the software installed and that you have access to the latest versions of Nginx.

For Debian/Ubuntu:

sudo apt update
sudo apt upgrade

`sudo apt update` updates the list of available packages. `sudo apt upgrade` updates installed packages to the latest versions. It is recommended to reboot the server after the update if the system kernel has been updated.

For CentOS/RHEL/Fedora:

sudo yum update

Or, for newer versions of Fedora:

sudo dnf update

`sudo yum update` or `sudo dnf update` updates all installed packages to the latest versions. You may also need to reboot the server.

Installing the necessary utilities

To further work with the server and Nginx, you may need additional utilities, such as `nano` or `vim` (text editors), `curl` or `wget` (for downloading files), `unzip` (for unpacking archives), and others.

Example of installing utilities on Debian/Ubuntu:

sudo apt install nano curl wget unzip

Example of installing utilities on CentOS/RHEL/Fedora:

sudo yum install nano curl wget unzip

Install the utilities you need to work with the server.

Expert tip: Always update the system before installing new software. This will help avoid dependency issues and ensure the stable operation of your server.

Installing Nginx on VPS

How to install and configure a web server on Cloud VPS? - Screenshot of installing Nginx via the terminal.

After preparing the server, you can proceed to install Nginx. The process of installing Nginx depends on the operating system used.

Installing Nginx on Debian/Ubuntu

To install Nginx on Debian/Ubuntu, use the following command:

sudo apt install nginx

During the installation, you may be prompted to confirm the installation. Enter `y` and press Enter.

After the installation is complete, Nginx will start automatically. To verify that Nginx is running, open a web browser and go to the IP address of your server. You should see the standard Nginx welcome page.

Example command to check Nginx status:

sudo systemctl status nginx

This command will show the current status of Nginx (running or stopped), as well as the latest logs.

Installing Nginx on CentOS/RHEL/Fedora

To install Nginx on CentOS/RHEL/Fedora, use the following command:

sudo yum install nginx

Or, for newer versions of Fedora:

sudo dnf install nginx

After installation, you need to start Nginx and enable its automatic startup when the system boots:

sudo systemctl start nginx
sudo systemctl enable nginx

`sudo systemctl start nginx` starts Nginx. `sudo systemctl enable nginx` enables the automatic start of Nginx when the system boots.

As with Debian/Ubuntu, you can check the status of Nginx with the command `sudo systemctl status nginx` and open a web browser to the IP address of your server to see the Nginx welcome page.

Configuring the Firewall

After installing Nginx, you need to configure the firewall to allow access to the web server from the outside. By default, Nginx uses ports 80 (HTTP) and 443 (HTTPS).

For UFW (Uncomplicated Firewall) on Debian/Ubuntu:

sudo ufw allow 'Nginx HTTP'
sudo ufw allow 'Nginx HTTPS'
sudo ufw enable

`sudo ufw allow ‘Nginx HTTP’` allows access to port 80. `sudo ufw allow ‘Nginx HTTPS’` allows access to port 443. `sudo ufw enable` enables the firewall.

For FirewallD on CentOS/RHEL/Fedora:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

`sudo firewall-cmd —permanent —add-service=http` allows access to port 80. `sudo firewall-cmd —permanent —add-service=https` allows access to port 443. `—permanent` makes the changes permanent after reboot. `sudo firewall-cmd —reload` reloads the firewall, applying the changes.

Example command to check FirewallD status:

sudo firewall-cmd --list-all

This command will show the current firewall rules.

Basic Nginx configuration and virtual hosts

After installing Nginx, you need to configure it to work with your sites. This includes setting up virtual hosts and basic Nginx parameters.

Basic Nginx configuration files

The main Nginx configuration file is located at `/etc/nginx/nginx.conf`. This file contains general Nginx settings, such as the number of worker processes, the maximum number of connections, and other parameters.

Virtual host configuration files are located in the `/etc/nginx/conf.d/` directory (on CentOS/RHEL/Fedora) or `/etc/nginx/sites-available/` and `/etc/nginx/sites-enabled/` (on Debian/Ubuntu). On Debian/Ubuntu, `/etc/nginx/sites-available/` stores virtual host configuration files, and `/etc/nginx/sites-enabled/` contains symbolic links to files from `/etc/nginx/sites-available/`, which determine which virtual hosts are active.

Example directory structure on Debian/Ubuntu:

/etc/nginx/
├── nginx.conf  # Main configuration file
├── sites-available/
│   └── default  # Example virtual host configuration file
├── sites-enabled/
│   └── default  # Symbolic link to default from sites-available

Configuring a virtual host

A virtual host allows you to run multiple sites on one server. A separate configuration file is created for each site.

Example virtual host configuration file (Debian/Ubuntu):

server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;

    root /var/www/yourdomain.com;
    index index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }
}

Replace `yourdomain.com` with your domain name. `root /var/www/yourdomain.com` points to the root directory of the site. `index index.html index.htm` defines the files that will be used as the main page. `location /` determines how Nginx handles requests to the site.

Steps to create and activate a virtual host (Debian/Ubuntu):

  • Create a virtual host configuration file: sudo nano /etc/nginx/sites-available/yourdomain.com
  • Paste the contents of the example configuration file and replace `yourdomain.com` with your domain name.
  • Create a symbolic link to this file in the `/etc/nginx/sites-enabled/` directory: sudo ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled/
  • Remove the default virtual host: sudo rm /etc/nginx/sites-enabled/default
  • Restart Nginx: sudo systemctl restart nginx

Example virtual host configuration file (CentOS/RHEL/Fedora):

server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;

    root /usr/share/nginx/html/yourdomain.com;
    index index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }
}

Steps to create and activate a virtual host (CentOS/RHEL/Fedora):

  • Create a virtual host configuration file: sudo nano /etc/nginx/conf.d/yourdomain.com.conf
  • Paste the contents of the example configuration file and replace `yourdomain.com` with your domain name.
  • Restart Nginx: sudo systemctl restart nginx

Testing Nginx configuration

Before restarting Nginx, it is recommended to check the configuration for errors. This can be done with the following command:

sudo nginx -t

If there are errors in the configuration, the command will output an error message indicating the file and line where the error is located. Fix the errors and repeat the check.

Example of a successful configuration check result:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Expert tip: Use a version control system (e.g., Git) to store Nginx configuration files. This will allow you to easily roll back to previous versions in case of problems.

Ensuring Nginx security

Ensuring the security of Nginx is an important aspect of setting up a web server. This includes setting up SSL/TLS, restricting access, and protecting against DDoS attacks.

Configuring SSL/TLS with Let’s Encrypt

SSL/TLS encryption provides secure data transfer between the server and the client. Let’s Encrypt is a free certificate authority that allows you to get SSL/TLS certificates for your site.

Installing Certbot (Let’s Encrypt client):

For Debian/Ubuntu:

sudo apt install certbot python3-certbot-nginx

For CentOS/RHEL/Fedora:

sudo yum install certbot python3-certbot-nginx

Or, if yum does not find the package:

sudo dnf install certbot python3-certbot-nginx

Getting and installing an SSL/TLS certificate:

sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

Replace `yourdomain.com` with your domain name. Certbot will automatically configure Nginx to use SSL/TLS and set up automatic certificate renewal.

While Certbot is running, you will be prompted to enter an email address and accept the terms of use. You will also be prompted to redirect HTTP traffic to HTTPS. It is recommended to choose this option to improve security.

Restricting access to administrative panels

If you have administrative panels installed on your server (for example, phpMyAdmin), it is recommended to restrict access to them to prevent unauthorized access.

Example Nginx configuration to restrict access to phpMyAdmin:

location /phpmyadmin {
    allow 192.168.1.0/24;  # Allow access only from the local network
    allow 10.0.0.0/16;   # Allow access only from another local network
    deny all;          # Deny access to everyone else
}

Replace `192.168.1.0/24` and `10.0.0.0/16` with the IP address ranges from which you want to allow access. `deny all` denies access to all other IP addresses.

Add this block to your virtual host configuration file.

Protection against DDoS attacks

DDoS attacks (Distributed Denial of Service) can take your site down by overloading the server with a large number of requests. To protect against DDoS attacks, you can use various methods, such as limiting the number of connections from one IP address and using a CDN (Content Delivery Network).

Example Nginx configuration to limit the number of connections from one IP address:

limit_req_zone $binary_remote_addr zone=mylimit:10m rate=1r/s;

server {
    ...
    location / {
        limit_req zone=mylimit burst=5 nodelay;
        ...
    }
}

`limit_req_zone` defines a zone for storing information about the number of requests from each IP address. `zone=mylimit:10m` creates a zone named `mylimit` with a size of 10 MB. `rate=1r/s` limits the number of requests to 1 per second. `limit_req zone=mylimit burst=5 nodelay` allows the client to send up to 5 requests in a short period of time (burst) before Nginx starts limiting requests. `nodelay` disables the delay when the burst limit is exceeded.

Alternative methods of protection against DDoS attacks:

  • Using CDN: CDN distributes the content of your site across multiple servers, which reduces the load on the main server and protects against DDoS attacks.
  • Using a firewall: A firewall can block suspicious traffic and protect your server from DDoS attacks.
  • Regularly updating software: Regularly updating software allows you to close known vulnerabilities and improve the security of your server.

External link: You can learn more about Nginx security on the nginx.com website.

Checking and debugging Nginx operation

After installing and configuring Nginx, you need to check its operation and make sure that everything is configured correctly. This includes checking site availability, viewing logs, and debugging errors.

Checking site availability

The easiest way to check site availability is to open it in a web browser. Enter your domain name in the address bar and press Enter. If the site opens, it means that Nginx is working correctly and configured correctly.

If the site does not open, check the following:

  • Correctness of the domain name: Make sure you entered the domain name correctly in the address bar.
  • DNS settings: Make sure that the DNS records of your domain point to the IP address of your server.
  • Firewall settings: Make sure that the firewall allows access to ports 80 and 443.
  • Nginx status: Make sure that Nginx is running and working correctly.
  • Nginx configuration: Make sure that the Nginx configuration is configured correctly and does not contain errors.

Viewing Nginx logs

Nginx logs contain information about requests to the site and errors that occur during Nginx operation. Logs can be useful for debugging errors and analyzing traffic.

The main Nginx logs:

  • /var/log/nginx/access.log: Contains information about each request to the site.
  • /var/log/nginx/error.log: Contains information about errors that occur during Nginx operation.

Example of viewing the Nginx error log:

sudo tail -f /var/log/nginx/error.log

`sudo tail -f /var/log/nginx/error.log` outputs the last lines of the file `/var/log/nginx/error.log` and updates the output in real time, showing new errors that occur during Nginx operation.

Example of analyzing the Nginx access log using awk:

sudo awk '{print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -nr | head -10

This command outputs the 10 IP addresses from which the largest number of requests are received to your site. It uses `awk` to extract the IP address ($1), `sort` to sort the IP addresses, `uniq -c` to count the number of unique IP addresses, `sort -nr` to sort by the number of requests in reverse order, and `head -10` to output the first 10 lines.

Debugging errors

If you find errors in the Nginx logs, you need to debug them. For this, you can use various methods, such as:

  • Checking Nginx configuration: Make sure that the Nginx configuration is configured correctly and does not contain errors.
  • Checking access rights: Make sure that Nginx has access rights to the files and directories of the site.
  • Checking dependencies: Make sure that you have installed all the necessary dependencies for the site to work.
  • Using a debugger: Use a debugger for step-by-step code execution and error detection.

Example of a common error and its solution:

Error: 403 Forbidden.

Reason: Nginx does not have access rights to the site files.

Solution: Change the access rights to the site files, granting Nginx the rights to read and execute.

sudo chown -R www-data:www-data /var/www/yourdomain.com
sudo chmod -R 755 /var/www/yourdomain.com

Replace `/var/www/yourdomain.com` with the root directory of your site. `www-data` is the username and group under which Nginx runs (on Debian/Ubuntu). On CentOS/RHEL/Fedora this is usually `nginx`. `chown` changes the owner and group of files. `chmod` changes the access rights to files. `755` gives the owner the rights to read, write, and execute, and the group and other users the rights to read and execute.

Quote: «Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it.» — Brian Kernighan