Installing and configuration of Nginx Web/(Reverse proxy) server in ubuntu

5 Min. Read
Aug 20, 2018

Installation

Install 769x430

First you will have to install ubuntu,

1
$ sudo apt install nginx

this will install the software and it will generate default configurations in /etc/nginx/sites-available folder. You can see those files there. You can modify the default.conf file.

For configuration, two folders are important and are out-of-the-box created by nginx; var/nginx/sites-available and var/nginx/sites-enabled. Draft configurations are to be placed in sites-available directory and to publish either they are to be copied or symlinked to sites-enabled directory.

Default conf is

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
# Default server configuration
#
server {
        listen 80 default_server;
        listen [::]:80 default_server;

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.htm index.nginx-debian.html;

        server_name _;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

        # pass PHP scripts to FastCGI server
        #
        #location ~ \.php$ {
        #       include snippets/fastcgi-php.conf;
        #
        #       # With php-fpm (or other unix sockets):
        #       fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
        #       # With php-cgi (or other tcp sockets):
        #       fastcgi_pass 127.0.0.1:9000;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #       deny all;
        #}
}


# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
#       listen 80;
#       listen [::]:80;
#
#       server_name example.com;
#
#       root /var/www/example.com;
#       index index.html;
#
#       location / {
#               try_files $uri $uri/ =404;
#       }
#}

Configuration for HTTP

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# /etc/nginx/sites-available/myrailsapp.conf
server {

    listen 80;
    listen [::]:80;

    server_name myrailsapp.ideabreed.net;

    # Make sure static assets in public dir is served by Nginx
    # Static assets are better served by HTTP servers, make sure you have configured your rails
    #  app accordingly. Rails 5 comes with default configuration to let nginx server static assets.
    #  see production.rb file.
    root /var/www/myrailsapp/public;

    try_files $uri/index.html $uri @app;

    location @app {
        proxy_pass http://localhost:40;

        # HTTP header info need to be passed to the rails-app-server so that it can verify the
        #  credibility of the request. Otherwise rails will reject all the form submissions.
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_redirect off;
    }

    error_page 500 502 503 504 /500.html;
    client_max_body_size 4G;
    keepalive_timeout 10;

}

For this you need to make sure your rails app is running on port 40 or similar.


Configuration for HTTPS with SSL

Http

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
server {
    server_name myrailsapp.ideabreed.net;


    # Make sure static assets in public dir is served by Nginx
    # Static assets are better served by HTTP servers, make sure you have configured your rails
    #  app accordingly. Rails 5 comes with default configuration to let nginx server static assets.
    #  see production.rb file.
    root /var/www/production/myrailsapp/public;

    try_files $uri/index.html $uri @app;

    location @app {
        proxy_pass http://localhost:40;


        # HTTP header info need to be passed to the rails-app-server so that it can verify the
        #  credibility of the request. Otherwise rails will reject all the form submissions.

        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Proto https;
        proxy_redirect off;
    }

    error_page 500 502 503 504 /500.html;
    client_max_body_size 4G;
    keepalive_timeout 10;


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/ideabreed.net/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/ideabreed.net/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}


# Permanently redirecting HTTP requests to HTTPS
server {
    if ($host = myrailsapp.ideabreed.net) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name myrailsapp.ideabreed.net;
    return 404; # managed by Certbot
}

Publish the configuration

Online publishing tools Create a symlink of the conf file to sites-enabled

1
ln -s /etc/nginx/sites-available/myrailsapp.conf /etc/nginx/sites-enabled/myrailsapp.conf  -f

Restart the nginx server

1
 sudo systemctl restart nginx

HTTPS Configuration with CertBot

Certbot logo 1a

Go to https://certbot.eff.org and select your HTTP server(eg. nginx) and OS(eg. Ubuntu 18.04).

This will re-fetch relevant info for your context. Scroll down and see how to install certbot in your machine.

Auto renewal Every Year

1
certbot --dry-run