Installing nginx on linux

A web server is a software application or hardware device that stores, processes, and serves website content to users over the internet. Its primary function is to handle incoming requests from web clients (such as browsers) and respond by delivering web pages, images, scripts, or other resources. Web servers use the Hypertext Transfer Protocol (HTTP) to communicate with clients.

Nginx stands out as a robust and extensively utilized web server, recognized for its exceptional performance, stability, and adept management of concurrent connections.

In this tutorial, let’s go through the steps to install Nginx on a Linux-based system.

Ubuntu/Debian

sudo apt update
sudo apt install nginx

Centos/Redhat/fedora

sudo yum update
sudo yum install nginx

Start the nginx service

sudo systemctl start nginx
sudo systemctl enable nginx   # to start the service on boot

Installing Nginx from Source

sudo apt update
sudo apt install build-essential checkinstall libpcre3 libpcre3-dev zlib1g zlib1g-dev libssl-dev libgd-dev libxml2 libxml2-dev uuid-dev -y

Download source code

wget https://nginx.org/download/nginx-1.24.0.tar.gz
tar zxf nginx-1.24.0.tar.gz
cd nginx-1.24.0

Download headers-more-nginx-module for extras.

git clone https://github.com/openresty/headers-more-nginx-module.git

Run commands

./configure --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --error-log-path=/var/log/nginx/error.log --with-pcre --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-http_ssl_module --with-http_image_filter_module=dynamic --modules-path=/etc/nginx/modules --with-http_v2_module --with-stream=dynamic --with-http_addition_module --with-http_mp4_module --with-compat --with-debug --with-pcre-jit --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module --add-module=../headers-more-nginx-module/

make
sudo make install

Nginx extras

“nginx-extras” typically refers to additional modules or features that can be added to the Nginx web server to enhance its functionality. Below we will install nginx-extras

Ubuntu/Debian

sudo apt install nginx-extras

Centos/Redhat/fedora

sudo yum install nginx-extras

Sample Nginx config with security measures applied

# Set the user and group that Nginx will run as
user nginx;
worker_processes auto;

# Error log and access log paths
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

# Events block defines settings that affect how Nginx handles connections
events {
    worker_connections 1024;
}

http {
    # Basic settings
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;

    # MIME types
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    # Logging
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    # Gzip settings
    gzip on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    # SSL settings
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers off;
    ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384';

    # SSL session cache
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;

    # Enable HSTS (HTTP Strict Transport Security)
    add_header Strict-Transport-Security "max-age=31536000" always;

    # Disable server information in response headers
    server_tokens off;

    # Disable unnecessary server features
    server_name_in_redirect off;
    port_in_redirect off;

    # Prevent Clickjacking
    add_header X-Frame-Options "SAMEORIGIN" always;

    # Prevent MIME sniffing
    add_header X-Content-Type-Options "nosniff" always;

    # Cross-site scripting (XSS) protection
    add_header X-XSS-Protection "1; mode=block" always;

    # Content Security Policy (CSP)
    # add_header Content-Security-Policy "..." always;

    # Deny access to hidden files
    location ~ /\. {
        deny all;
        access_log off;
        log_not_found off;
    }

    # Deny access to specific directories
    location ~* (?:uploads|files)/.*\.php$ {
        deny all;
    }

    # Allow only secure ciphers
    ssl_dhparam /etc/nginx/dhparam.pem;

    # Include additional configuration files
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

About The Author