How to install and config Nginx
All my websites use this
pretty much just…
sudo apt install nginx
Make sure ufw allows http and https
sudo ufw allow http
sudo ufw allow https
Setting up the sites is a different story
All of the sites are in /var/www/website.net Create a new directory for each site and plop the data in there ALso change the permissions so nginx can read, you can run this to guarantee access
sudo chmod 777 ./website.net
To actually make the site avilable make sure to 1st purge any content in this directory
/etc/nginx/sites-available
and then create a new file in this directory
vim ./newsite.net
Here are some sample config:
Subsite One:
server {
# redirect HTTP to HTTPS
listen 80;
server_name subsite1.mainsite.net;
return 301 https://subsite1.mainsite.net$request_uri;
}
server {
listen 443 ssl ;
listen [::]:443 ssl ;
server_name subsite1.mainsite.net;
root /var/www/subsite1.mainsite.net/dist;
index index.html index.htm index.nginx-debian.html ;
ssl on ;
ssl_certificate /etc/ssl/certs/origincert.pem ;
ssl_certificate_key /etc/ssl/private/serverprivatekey.key ;
location / {
try_files $uri $uri/ /index.html;
}
}
Subsite Two: (This one runs a .NET Web API)
server {
listen 80;
server_name subsite2.mainsite.net;
return 301 https://subsite2.mainsite.net$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name subsite2.mainsite.net;
root /var/www/subsite2.mainsite.net/net8.0;
ssl on;
ssl_certificate /etc/ssl/certs/origincert.pem ;
ssl_certificate_key /etc/ssl/private/serverprivatekey.key ;
location / {
proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Main Site:
server {
# redirect HTTP to HTTPS
listen 80;
server_name mainsite.net www.mainsite.net;
return 301 https://mainsite.net$request_uri;
}
server {
listen 443 ssl ;
listen [::]:443 ssl ;
server_name mainsite.net www.mainsite.net;
root /var/www/mainsite.net ;
index index.html index.htm index.nginx-debian.html ;
ssl on ;
ssl_certificate /etc/ssl/certs/origincert.pem ;
ssl_certificate_key /etc/ssl/private/serverprivatekey.key ;
location / {
try_files $uri $uri/ =404 ;
}
}
Subsite3:
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name subsite3.mainsite.net
access_log off;
error_log /var/log/nginx/error.log crit;
ssl_certificate /etc/ssl/certs/origincert.pem;
ssl_certificate_key /etc/ssl/private/serverprivatekey.key;
location / {
proxy_pass http://127.0.0.1:3007;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host; # so Invidious knows domain
proxy_http_version 1.1; # to keep alive
proxy_set_header Connection ""; # to keep alive
}
if ($https = '') { return 301 https://$host$request_uri; } # if not connected to HTTPS, perma-redirect to HTTPS
}
Make sure to do a systemctl resart nginx for changes to take place
Also, Here are some links regarding the certificates, I don’t use certbot and LetsEncrypt