Tuesday 30 March 2021

Configure nginx web server with tls and firewall in ubuntu

Install nginx


sudo apt update
sudo apt install nginx
 

after installation these are the command to operate nginx

sudo systemctl status nginx
sudo systemctl stop nginx
sudo systemctl reload nginx
sudo systemctl restart nginx
sudo systemctl start nginx
sudo systemctl disable nginx
sudo systemctl enable nginx
 

log files is here

 error_log /var/log/nginx/error.log;

change document root

sudo chown -R www-data:www-data /var/www/html/

permission may be 755 or 644
 

sudo chmod -R 755 ./

 

Configure firewall

    sudo ufw status 

    sudo ufw app list

    sudo ufw allow 'Nginx Full'
    sudo ufw allow 'OpenSSH'
 

    or
    sudo ufw allow ssh   

    This will add tcp 22 port (22/tcp (v6)    ALLOW       Anywhere (v6))

    sudo ufw logging on

    sudo ufw logging low|medium|high
    /var/log/ufw.log


Install mysql server


    sudo apt-get install mysql-server

        Any issue you can find log here

        /var/log/mysql/error.log


    sudo mysql_secure_installation

         follow steps of the above command

        use localhost for host; that is allow database access only from localhost

             Manage mysql service

             sudo service mysql start
            sudo service mysql stop


        Create new user and set privilages

        sudo mysql

            USE databasename;
            CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'your pw';
            GRANT ALL ON databasename.* TO 'newuser'@'localhost';
            FLUSH PRIVILEGES;

Install PHP

    sudo apt-get install php7.4-fpm php-mysql

    sudo systemctl restart php7.4-fpm
    sudo service mysql restart

additionally you may need zip; gd;

    sudo apt-get install php7.4-zip

 
    sudo apt-get install php7.4-curl

    sudo apt-get install php7.4-gd


    sudo curl -V

 

Lets-encrypt for nginx

     Install snapd

Snap (also known as Snappy) is a software deployment and package management system.Snapd is a REST API daemon for managing snap packages. 

    Ensure that your version of snapd is up to date

    sudo snap install core
    sudo snap refresh core

Remove any pre existing Certbot packages 

        sudo apt-get remove certbot
         sudo dnf remove certbot
         sudo yum remove certbot

        Install Certbot 

        sudo snap install --classic certbot

        sudo certbot --nginx

            Follow step by step process; example the certificate issued for the host :                         

             www.ishtabox.com,ishtabox.com

 

nginx  server block to run php

https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-in-ubuntu-16-04

 

sudo vi /etc/nginx/sites-available/default

 

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root /var/www/html;
    index index.php index.html index.htm index.nginx-debian.html;

    server_name server_domain_or_IP;

    location / {
        try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }
} 


 ==========

Test your configuration file for syntax errors:

 sudo nginx -t

 Then reload server

sudo systemctl reload nginx

now put a php file in document root  and test the site
 

Ref:

https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-20-04
https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-in-ubuntu-16-04

https://www.linode.com/docs/guides/configure-firewall-with-ufw/
https://certbot.eff.org/lets-encrypt/ubuntufocal-nginx
          
 

Posted by at

1 comment:

  1. Gunabalan.S10 October 2021 at 21:37

    Enable https traffic lightsail aws

    go to light sail instance
    and then in networking tab
    IPv4 Firewall section add https traffic

    ReplyDelete

Subscribe to: Post Comments (Atom)