Nginx is a free, open-source and powerful web server developed by Igor Sysoev and published in 2004. It is also used as a reverse proxy, HTTP load balancer and e-mail proxy for IMAP, POP3 and SMTP. Nginx uses an event-driven and asynchronous architecture instead of the traditional process-driven architecture. It is considered the most reliable server due to its ability to handle massive connections, speed and scalability. Nginx offers a variety of features such as load balancing, IPv6 support, reverse proxy with caching, FastCGI support with caching, WebSockets and more.
In this article, we will show you how to install the Nginx web server with Let's Encrypt SSL on Ubuntu 22.04.
By default, the Nginx web server package is included in the standard repository of Ubuntu 22.04. You can install it with the following command:
apt install nginx -y
Once Nginx is installed, start the Nginx service and enable it so that it starts when the system reboots:
systemctl start nginx systemctl enable nginx
You can check the status of Nginx with the following command:
systemctl status nginx
You should see the following output:
? nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2022-05-12 15:29:57 UTC; 9s ago
Docs: man:nginx(8)
Process: 2627 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 2628 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 2719 (nginx)
Tasks: 2 (limit: 2292)
Memory: 4.4M
CPU: 36ms
CGroup: /system.slice/nginx.service
??2719 "nginx: master process /usr/sbin/nginx -g daemon on; master_process on;"
??2722 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""
May 12 15:29:57 ubuntu systemd[1]: Starting A high performance web server and a reverse proxy server...
May 12 15:29:57 ubuntu systemd[1]: Started A high performance web server and a reverse proxy server.
To check the Nginx version, run the following command:
nginx -v
You will get the Nginx version in the following output:
nginx version: nginx/1.18.0 (Ubuntu)
By default, the UFW firewall is not installed on the Ubuntu 22.04 server. You can install it by executing the following command:
apt install ufw -y
Once the UFW firewall is installed, list all applications with the following command:
ufw app list
In the following output, you will get a list of all available applications in the UFW:
Available applications: Nginx Full Nginx HTTP Nginx HTTPS OpenSSH
Now allow Nginx and OpenSSH in the UFW firewall with the following command:
ufw allow 'Nginx Full' ufw allow OpenSSH
Now activate the UFW firewall so that it starts after the system reboot:
ufw enable
Next, check the status of the UFW with the following command:
ufw status
You should see all UFW rules in the following output:
Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere Nginx Full ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6) Nginx Full (v6) ALLOW Anywhere (v6)
Now open your web browser and access the Nginx web server test page via the URL http://test.example.com . You should see the Nginx test page on the following screen:
Nginx offers virtual hosting features that allow you to host multiple websites on a single server. In this section, we'll show you how to set up an Nginx virtual host on Ubuntu 22.04.
First, you need to create a directory for your website. We'll create a directory for a website called test.example.com.
mkdir -p /var/www/html/test.example.com/
Next, change the ownership of the created directory to the www-data user and the www-data group.
chown -R www-data:www-data /var/www/html/test.example.com/ chmod -R 755 /var/www/html/test.example.com/
Next, create a simple HTML page for your website:
nano /var/www/html/test.example.com/index.html
Paste the following code:
<html> <head> <title>Welcome to Nginx Webserver</title> </head> <body> <h1>Success! Nginx is working on test.example.com</h1> </body> </html>
Save and close the file when you're done.
Next, you need to create an Nginx Virtual Host configuration to host the test.example.com website. You can create it with the following command:
nano /etc/nginx/conf.d/test.example.com.conf
Add the following configuration:
server {
listen 80;
root /var/www/html/test.example.com/;
index index.html index.htm index.nginx-debian.html;
server_name test.example.com;
location / {
try_files $uri $uri/ =404;
}
}
Save and close the file when you're done and check Nginx for configuration errors:
nginx -t
The output should be that there are no errors in the syntax:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
Next, restart the Nginx service to apply the changes:
systemctl restart nginx
You can now check the status of Nginx with the following command:
systemctl status nginx
Now open your web browser and check your website with the URL http://test.example.com. You should see the index.html page on the following screen:
By default, the Nginx web server is not secured. Therefore, it is a good idea to install Let's Encrypt SSL to secure the communication.
First install the Certbot client package to manage the SSL certificate:
apt install certbot python3-certbot-nginx -y
Once Certbot is installed, run the following command to install and configure Let's Encrypt SSL for your website.
certbot --nginx -d test.example.com
You will be asked to provide a valid email address and accept the terms of use (see below):
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): hitjethva@gmail.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Obtaining a new certificate Performing the following challenges: http-01 challenge for test.example.com Waiting for verification... Cleaning up challenges Deploying Certificate to VirtualHost /etc/nginx/conf.d/test.example.com.conf
Next, select whether or not to redirect HTTP traffic to HTTPS (see below):
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Enter 2 and press Enter to complete the installation. You should see the following output:
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/test.example.com.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://test.example.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=test.example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/test.example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/test.example.com/privkey.pem Your cert will expire on 2022-08-11. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le - We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org.
Now your website is secured with Let's Encrypt SSL. You can access it securely via the URL https://test.example.com .
Congratulations! You have successfully installed the Nginx web server with Let's Encrypt SSL on Ubuntu 22.04. Now you can use Nginx as a reverse proxy, web server or load balancer.
Magento is a free and open-source e-commerce platform written in PHP. It is simple, easy…
ISPConfig is an open-source control panel that allows users to manage multiple servers from a…
As a Linux administrator, you may find it necessary to troubleshoot or test your Simple…
Ubuntu 24.04, like many modern Linux distributions, relies on the NetworkManager for managing network connections.…
Restic is a modern, open-source backup program designed for efficiency, security, and simplicity. It enables…
phpMyAdmin is a popular free tool written in PHP intended to administer MySQL and MariaDB…