In this tutorial, I'll be explaining how to set up Nginx's latest mainline version as well as Letsencrypt Certbot on Debian 11.
This is something a few friends and I have been needing to do recently, and I wanted to make sure there was an easy to understand resource to go through the setup as it isn't as easy as simply running sudo apt install nginx.
Why not just use the default version of Nginx?
As you should be aware by now, Debian has official package releases of Nginx that can be downloaded by simply running sudo apt update, sudo apt upgrade and sudo apt install nginx. These aren't usually up to date, however. As of right now, the latest version of Nginx is 1.21.6, while the package included with Debian is version 1.18.0, which was released almost two years ago.
A lot can happen in two years, and its always good to have the latest bug fixes, security patches, and feature updates anyways. So in this article, we're going to make sure everything's always going to be updated, as well as securing your website with SSL encryption with Certbot.
Make sure you've removed all old Nginx installations
If you're starting fresh, and you don't have nginx installed already, you can skip directly to the nginx install section below.
First we're going to make sure you're running under root. This makes it so you'll have full permission over your system. Type
sudo suStop Nginx using
systemctl stop nginxCopy your nginx.conf file in case its modified in the update by typing
cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.oldThen remove Nginx by typing
apt remove --purge nginxNginx Install
Adding the repository
Personally, I like to use the repository from sury.org when using Debian 11 systems, because its constantly updated with the latest fixes. If you would rather use the Debian default repositories, feel free to skip this step.
Download the script by typing
wget -O install-nginx.sh https://packages.sury.org/nginx-mainline/README.txt
chmod +x install-nginx.shNext, run the script by typing
./install-nginx.shUpdating and Installing Nginx
Type
apt updateto refresh apt, then type
apt install nginxto install it.
You might be prompted to keep or replace your nginx.conf file that we copied at the beginning of the guide. I would recommend that you keep it in order to save your old settings if they existed in the first place.
Check Nginx's Version to Ensure it Installed Properly
To check the version, type
sudo nginx -vMaking Sure Nginx Starts On Boot
To make sure Nginx starts on Boot, type
systemctl enable nginxTo start it now, type
systemctl start nginxVisit Your Server's Address In a Browser
After enabling and starting Nginx, make sure you can view the "Welcome to Nginx!" page in your browser. Visit your server's IP address or domain name in your computer's web browser.
If it doesn't work, you may want to run
systemctl status nginxand see what the error is.
Nginx Configuration
While having a single website is fine for most people, some people need more than that. Say you have a Blog as well as an online web app... You're not going to put that all on one site, are you?
This portion of the article deals with that problem
Stopping Nginx
First, before we do anything else, its good to stop Nginx so that it won't be working while we're editing files and changing settings. We'll start it back up in a minute when we're all done, but for now its better that we stop the service so nothing can break.
To do this, type
systemctl stop nginxEditing your nginx.conf configuration file
In order to make things easier, you'll want to edit your Nginx configuration file, located at /etc/nginx/nginx.conf
Type
nano /etc/nginx/nginx.confto load into the file.
On the line that reads
user nginx;
you'll want to change the nginx value to www-data, making the line look like this.
user www-data;This makes sure that the Nginx process runs under the www-data user rather than the Nginx user.
Now, in the same file, find the line that reads
include /etc/nginx/conf.d/*.conf;
and if it is not already there,replace it with this.
include /etc/nginx/sites-enabled/*;Then, close nano using control + X and press y and enter to save your changes.
Creating your folders
Sometimes, your Debian machine won't come with a few folders that are better to have when working with web servers. For example, /var/www, /etc/nginx/sites-available and sites-enabled, and a few more.
We're going to make sure your machine has those folders created, if not we're going to create them. Run the following command to make sure
mkdir -p /var/www && mkdir -p /etc/nginx/sites-available && mkdir /etc/nginx/sites-enabledNow that you've created your folders, you may need to create a few more.
Inside /var/www, you'll want to make a few subfolders. Each subfolder you make will be the name of a site. For example, I could have /var/www/example.com, /var/www/example.net, and /var/www/example.org folders.
Inside the site folders, you'll want to make a subfolder called public_html and another called logs. The public_html folder is where your site's content should be placed and the logs directory is where your site's access and error logs will be stored.
Here's the example commands to set up a site called example.com.
mkdir -p /var/www/example.com && mkdir /var/www/example.com/public_html && mkdir /var/www/example.com/logsTelling Nginx about your Site
Similar to Apache's virtual hosts, Nginx uses server blocks. These are files that go in your /etc/nginx/sites-enabled folder and tell Nginx how it should handle your site and its content.
Here is an example Server Block file that you can base yours off of.
server {
listen 80 default_server;
listen [::]:80 default_server;
access_log /var/www/default/logs/access.log;
error_log /var/www/default/logs/error.log;
server_name default;
root /var/www/default/public_html;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}To make a new site, open Nano to /etc/nginx/sites-enabled/
nano /etc/nginx/sites-enabled/Make sure the root directory in each file matches the folder where your web content is stored, and don't forget to remove default_server from the line starting with listen if the site you're creating is not the default for your machine.
If you need to use autoindexing for files in your entire site, type the following lines.
autoindex on;
autoindex_localtime on;
autoindex_exact_size off;If you would only like files inside a specific folder to be indexed, type the same lines, but within a specific location directive.
Location directives usually look like this.
location / {
autoindex on;
autoindex_localtime on;
autoindex_exact_size off;
} After editing the file to your liking, save and close Nano by typing Control + X and pressing Y and Enter.
If you need more than one site, just repeat this process again.
Securing your site with Letsencrypt
Before we start, you should already have a domain name set up and pointing at your server. You can't use a server IP address for this.
Before we start, make sure port 80 is forwarded for HTTP and port 443 is forwarded for secure traffic using HTTPS.
Installing the Program
You'll need to run
apt install python3-certbot-nginxto install the certbot client.
Setting up your site
To add your site to Certbot, type the following
sudo certbot --nginx -d yoursite.comMake sure you replace yoursite with the name of your site. For example, example.com. Don't use https or http in the name. If you'd like to use something like www.example.com as well as example.com, your command would look like this.
sudo certbot --nginx -d yoursite.com -d www.yoursite.comIt may prompt you for an email address for renewal notifications and it may also prompt you to allow notifications for new products for the company, EFF.
That's it!
You should be all done.
In the future, I'll make a guide on how to install PHP and MySQL, so stay tuned for that!
Hope you appreciated this guide!
I enjoyed this artical. thanks so much!
Thanks! Glad you enjoyed it!
Could I follow these exact steps on Ubuntu with Apache? Also, do I need a paid SSL certificate?