Understanding Nginx Configuration: A Beginner’s Guide
Nginx is a powerful web server and reverse proxy, but its configuration can seem complex at first. This guide will walk you through the basics of Nginx configuration and some common use cases.
Nginx Configuration File Structure
Nginx configuration files are usually located in /etc/nginx/. The main config file is:
/etc/nginx/nginx.conf
However, most virtual host settings and individual site configurations are placed in:
/etc/nginx/sites-available/
and symlinked to:
/etc/nginx/sites-enabled/
Basic Nginx Configuration
Here’s a simple Nginx configuration for serving a static website:
server {
listen 80;
server_name example.com www.example.com;
root /var/www/example;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
Explanation:
[] listen 80; – Listens on port 80 (HTTP).
[] server_name example.com www.example.com; – Defines the domain names.
[] root /var/www/example; – Sets the root directory for web files.
[] index index.html; – Specifies the default file to serve.
-
location / { try_files $uri $uri/ =404; } – Ensures that only existing files are served.
Setting Up Nginx as a Reverse Proxy
Nginx can be used to forward requests to another server, like a backend application.
Example:
server {
listen 80;
server_name api.example.com;
location / {
proxy_pass http://127.0.0.1:5000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
`}
How it works:
Enabling HTTPS with Nginx
If you have SSL certificates from Let’s Encrypt (or another provider), you can configure Nginx to use HTTPS:
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
try_files $uri $uri/ =404;
}
}
server {
listen 80;
server_name example.com;
return 301 https://$host$request_uri;
}
What this does:
Optimizing Nginx Performance
To improve performance, consider:
worker_processes auto;
worker_connections 1024;
keepalive_timeout 65;
gzip on;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
Testing and Restarting Nginx
Before applying changes, test your configuration:
sudo nginx -t
If no errors are found, restart Nginx:
sudo systemctl restart nginx
How Certbot Integrates with Nginx
When running Certbot with the –nginx option:
sudo certbot --nginx -d your-domain.com -d www.your-domain.com
Certbot automatically modifies your Nginx configuration file to include the SSL certificate and force HTTPS. After running the command, Certbot will:
Obtain an SSL certificate from Let’s Encrypt.
Modify your existing Nginx configuration by adding:
listen 443 ssl; to enable HTTPS.
ssl_certificate and ssl_certificate_key paths pointing to the generated certificate.
A redirect rule to force HTTP to HTTPS.
You can verify the changes by inspecting your Nginx config file, typically located at:
/etc/nginx/sites-available/your-domain.com
If you prefer to manually set up SSL, you can use the certificate files from:
/etc/letsencrypt/live/your-domain.com/fullchain.pem
/etc/letsencrypt/live/your-domain.com/privkey.pem
Then, update your Nginx configuration with these paths as shown in the previous example.
Conclusion
Nginx is a powerful and flexible server. By understanding its configuration, you can optimize performance, improve security, and use it as a reverse proxy.