The default installation of the Nginx Web Server simply uses the port 80 over the HTTP protocol to communicate with the clients. In case it's a fresh install, it will show the welcome page as shown in Fig 1. We can also install SSL certificates and configure the Nginx server to encrypt the traffic between the server and client and the secure communication will be done using the port 443 over HTTPS protocol.
In this tutorial, we will discuss the steps required to add a Virtual Host also called Server Block to host a website using the Nginx Web Server. We will also secure the Nginx Web Server by configuring the virtual host to redirect all the communication over HTTP to HTTPS in the later sections of this tutorial. This tutorial provides the steps required to add virtual hosts on the popular Linux distribution Ubuntu. It provides all the steps required to add virtual hosts on Ubuntu 18.04 LTS. The steps should be similar for other Linux systems and Ubuntu versions.
Prerequisites
You must have the below-listed software installed on your system to continue with this tutorial.
Ubuntu Server - This tutorial is written for Ubuntu 18.04 LTS, though it can be any other Linux system. The steps should be the same on other systems. You can also follow Complete Guide To Install Ubuntu 18.04 LTS (Bionic Beaver) to install the desktop version of Ubuntu.
Nginx Web Server - It assumes that the Nginx is already installed on the system and it's configured properly to access it using the IP address. It can be easily done on your local system in case you have a static IP address. You must be able to view the Welcome Screen by simply navigating to http://xx.xx.xx.xx (xx.xx.xx.xx is your IP address pointing to your server) in case the default virtual host is available. You can also follow How To Install And Configure Nginx on Ubuntu 18.04 LTS to install the Nginx Web Server.
Domain - A valid domain properly configured at your domain registrar pointing to your server. I have used example.com in this tutorial for reference. Make sure to replace it with your own domain.
Firewall - Ports 80 and 443 are open to
Add Virtual Host (Server Block)
In this section, we will add the virtual host and enable it to access the application using the domain. We can start the site configuration using the default config as shown below. I have used the domain example.com for the examples. Make sure to replace it with your own domain.
# Create the directories if does not exist sudo mkdir /etc/nginx/sites-available sudo mkdir /etc/nginx/sites-enabled
# Copy the default config
sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/example.com
# OR
sudo cp /etc/nginx/conf.d/default.conf /etc/nginx/sites-available/example.com
Now update the configuration to configure your domain and the system path having site files. The configuration should look like the one as shown below.
# Update configuration /etc/nginx/sites-available/example.com
# Content
server {
listen 80;
server_name example.com www.example.com;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / { root /var/www/example.com/html; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; }
# proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #}
# deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} }
# Save and exit the editor
# Create the site directory and update permissions
sudo mkdir /var/www/example.com/html
sudo chmod -R 755 /var/www/example.com
Use the below-mentioned commands to enable or disable the site configuration.
# Enable Site - Create the symlink sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
# Disable Site sudo rm /etc/nginx/sites-enabled/example.com # OR sudo unlink /etc/nginx/sites-enabled/example.com
Apply the configuration using the below-mentioned commands.
# Check configurations sudo nginx -t
# Reload configuration
sudo nginx -s reload
# OR
sudo systemctl reload nginx
Now add the index.html file having content as shown below.
# Add index.html sudo nano /var/www/example.com/html/index.html
# Content
<!DOCTYPE html>
<html lang="en">
<head>
<title>My Domain</title>
</head>
<body>
<h1>Welcome to My Domain.</h1>
</body>
</html>
# Save and exit the editor
This is all about configuring the site. You may fine-tune the configuration by adding error pages, SSL certificate, etc based on your site needs. Now open your site using the URL - http://example.com or http://www.example.com. It should show your site. Make sure that the domain record is configured properly to use your server. The domain should point to the correct IP address of your server.
Secure Virtual Host
Now we will update the Virtual Host to process HTTPS requests over the secure channel. Update the Virtual Host as shown below.
# Update configuration /etc/nginx/sites-available/example.com
# Content
server {
listen 443 ssl;
server_name example.com www.example.com;
Also, add your SSL certificate configurations at the bottom of the server block as shown below.
# Update configuration sudo nano /etc/nginx/sites-available/example.com
ssl_certificate <Domain Certificate>; ssl_certificate_key <Private Key>;
}
Make sure to provide a valid path to the SSL certificate and key file based on your certificate authority. You can also follow How To Install Let's Encrypt For Nginx On Ubuntu to install a free SSL certificate from Let's Encrypt. Below mentioned are some of the standard configurations.
# Let's Encrypt for Nginx ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
# Comodo
ssl_certificate /path/to/ssl-bundle.crt ssl_certificate_key /path/to/your_private.key
Save your server block and apply the configuration using the below-mentioned commands.
# Check configurations sudo nginx -t
# Reload configuration
sudo nginx -s reload
# OR sudo systemctl reload nginx
This is how we can configure the SSL certificate for a virtual host in Nginx. You must be able to access it from the browser by navigating to https://www.example.com.
Redirect HTTP to HTTPS
In the last section of this tutorial, we will add the redirection from the HTTP requests to HTTPS requests to secure all the client requests for the domain. It can be done by updating the virtual host configuration as shown below.
# Update Virtual Host sudo nano /etc/nginx/sites-available/example.com
# Add at the last .... .... }
server { if ($host = example.com) { return 301 https://$host$request_uri; }
listen 80; server_name example.com; return 404; } # Save and exit the editor
# Test configuration
sudo nginx -t
# Reload configuration
sudo nginx -s reload
# OR
sudo systemctl reload nginx
Now if you try to open the URL - http://www.example.com, it must redirect you to https://www.example.com. Make sure that your firewall allows communication on port 443.
This is how we can secure an entire website or application using the SSL certificate for secure communication over the Nginx Web Server and the clients(Browser etc).
Summary
In this tutorial, we have discussed the steps required to add and update the virtual host for both HTTP and HTTPS protocols on the Nginx Web Server. In the last section, we have also secured the site by redirecting all the HTTP requests to HTTPS.