NGINX - 1 Quick and easy setup for webhosting on VPS
About
NGINX is a reverse proxy server which allows you to forward an application on localhost be able to be accessed by an external IP with added support for commonly needed protocols like http2 or SSL.
To put it simply, if you have a nextjs or python flask application on a virtual private server like google cloud or digital ocean and you launch your app. It is accessible on localhost, but when you go to your app IP address nothing happens. NGINX fixes that.
We can start by installing NGINX on linux server via:
1
sudo apt-get install nginx
Once installed. You should run your web applications on another screen before hand to test out nginx’s configurations
Configuration basics
Once installed, its time to configure the nginx settings. Go inside the settings file via nano:
1
sudo nano /etc/nginx/sites-available/default
You will see a full nginx configuration file with the following details:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# Author: Zameer Ansari
# You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# http://wiki.nginx.org/Pitfalls
# http://wiki.nginx.org/QuickStart
# http://wiki.nginx.org/Configuration
#
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
#
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
##
# Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
# proxy_pass http://localhost:8080;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection 'upgrade';
# proxy_set_header Host $host;
# proxy_cache_bypass $http_upgrade;
}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
# fastcgi_pass unix:/run/php/php7.0-fpm.sock;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# Virtual Host configuration for example.com
#
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#
#server {
# listen 80;
# listen [::]:80;
#
# server_name example.com;
#
# root /var/www/example.com;
# index index.html;
#
# location / {
# try_files $uri $uri/ =404;
# }
#}
This configuration is what is displaying the default nginx welcome page. We are going to change the configurations to point to your application running on localhost instead.
Point your attention to the following block:
1
2
3
4
5
6
7
8
9
10
11
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
# proxy_pass http://localhost:8080;
# proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection 'upgrade';
# proxy_set_header Host $host;
# proxy_cache_bypass $http_upgrade;
}
Here is where we configure our localhost application to the outside. We can do so by deleting everything here and replace with the following configurations:
1
2
3
4
location / {
include proxy_params;
proxy_pass http://localhost:5000/;
}
proxy_pass
should be the url for accessing your application.
That’s it, save and exit nano.
Getting changes into effect
First we need to run a synthax check to see if we did any mistakes in the configuration file:
1
sudo nginx -t
Running this command, a success message as the follwoing will appear:
1
2
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Once all is well, we can go ahead restart the nginx to get the settings into effect, then allow the firewall if enabled.
1
2
sudo systemctl restart nginx
sudo ufw allow 'Nginx Full'
That’s it. Run your application on localhost and you should see the site on your external IP address.
Start, Stop, and Restart Nginx with systemctl
About the restart command we did previously…
Graceful restart (reload)
If you’re refreshing Nginx after changing the configuration, it’s best to gracefully reload the service. That shuts down old processes and restarts new ones with the new configuration.
1
sudo systemctl reload nginx
Forceful restart
For major configuration changes, you can force a full restart of Nginx. This force-closes the whole service and sub-processes, and restarts the whole package.
1
sudo systemctl restart nginx
Restart vs Reload Nginx
The reload
command keeps the Nginx server running as it reloads updated configuration files. If Nginx notices a syntax error in any of the configuration files, the reload is aborted and the server keeps running based on old config files. Reloading is safer than restarting Nginx.
The restart
command will shut down the server including all related services and power it on again. Restart Nginx only when making significant configuration updates, such as changing ports or interfaces. This command will force shut down all worker processes.