This article was last reviewed for Debian 9 (Stretch).

Nginx installation and configuration (Debian, repository)

Nginx installation and configuration (Debian, repository)
Author:	Stefán Örvar Sigmundsson
Initial publication:	11 March 2016
Last updated:	19 July 2017
Written in:	English (United Kingdom)

Nginx is a free and open-source web server that has become very popular since its initial release in 2004. This article will demonstrate how to install and configure Nginx on Debian or its derivatives such as Ubuntu and Linux Mint. The server will be configured for the domain name example.org as a virtual server.

Installation

Nginx can be installed from the official Debian repository using APT:

root@computer:~# apt --assume-yes install nginx

After the installation is completed a directory called /var/www/html should have been created containing a single file called index.nginx-debian.html. This file should appear in a web browser on the local machine when navigated is to http://localhost.

Configuration

Nginx is stopped before beginning the configuration for the sake of simplicity:

root@computer:~# systemctl stop nginx.service

The default logs are cleared before access and error logs are created:

root@computer:~# rm --recursive /var/log/nginx/*

The default directory created by Nginx to store the data to be served is not in conformance with the Filesystem Hierarchy Standard so it is removed and a new directory is created:

root@computer:~# rm --recursive /var/www/
root@computer:~# mkdir --parents /srv/http/example.org/

There is a lot of clutter in the default configuration files even though they are operational. Clearing the configuration directories and the default directory will ensure that there is no conflict nor confusion:

root@computer:~# cd /etc/nginx/
root@computer:~# > nginx.conf
root@computer:/etc/nginx# rm --recursive fastcgi* koi* *params snippets win* sites-available/* sites-enabled/*

The default user and group created by the package are called www-data. A user and a group are created with a more descriptive name:

root@computer:~# useradd --comment "Nginx" --shell "/usr/sbin/nologin" --system --user-group nginx

nginx.conf

The nginx.conf file contains global configuration. A single default web site could be defined globally but for the sake of remaining future-proof all web sites are defined as virtual servers:

events
{
}

http
{
	error_log /var/log/nginx/error.log;

	include /etc/nginx/mime.types;

	include /etc/nginx/conf.d/*.conf;

	include /etc/nginx/sites-enabled/*;
}

user nginx;

events {}: The events block must be present but it can be empty.
http {}: The http block contains all web server blocks and directives.
error_log /var/log/nginx/error.log;: The default location and name of the error log (logs/error.log), as defined by Nginx, does not utilise the conventional directory structure of Debian. An error log can be configured per virtual server so that errors specific to the virtual servers do not go into the global error log.
include /etc/nginx/mime.types;: The default media type definitions of Nginx.
include /etc/nginx/conf.d/*.conf;: All module configuration files are included.
include /etc/nginx/sites-enabled/*;: All enabled virtual servers are included.
user nginx;: The OS user and group of Nginx is www-data by default on Debian.

conf.d/http_autoindex.conf (optional)

The conf.d/http_autoindex.conf file contains configuration for the automatic generation of indexes of the contents of directories. If a user navigates to a directory without specifying a particular file within it then the autoindex module will generate an index of the contents of the directory.

autoindex on;

conf.d/http_index.conf (optional)

The conf.d/http_index.conf file defines directory index files. If a directory index file exists in a directory and a user navigates to the directory without specifying a particular file within it then the server will return the directory index file instead of an automatically generated index of the contents of the directory by the http_autoindex module or an HTTP 403 response status code.

index index.htm index.html index.xht index.xhtml;

sites-available/example.org.conf

A file is created to contain the configuration for the example.org virtual server:

root@computer:/etc/nginx# touch sites-available/example.org.conf

The sites-available/example.org.conf file contains a virtual server declaration:

server
{
	access_log /var/log/nginx/example.org.log;

	error_log /var/log/nginx/example.org.error.log;

	listen 80 default_server;

	root /srv/http/example.org/;

	server_name example.org;
}

server {}: The server block defines a virtual server.
access_log /var/log/nginx/example.org.log;: The access log is named example.org.log and uses the default access log format.
error_log /var/log/nginx/example.org.error.log;: The error log is named example.org.error.log and uses the default error log format.
listen 80 default_server;: The port to which to listen. The virtual server is designated as the default virtual server. Any subdomains that have not been defined as virtual servers (e.g. www.example.org) will point to this virtual server.
root /srv/http/example.org/;: The virtual server root (/srv/http/example.org/) is named after the domain name. The virtual server root directory (/srv/http/example.org/) should be replaced with the relevant virtual server root directory:
server_name example.org;: The virtual server name is example.org. The server name should be replaced with the relevant server name.

The virtual server is enabled by creating a symbolic link to its configuration file in the sites-enabled directory:

root@computer:/etc/nginx# ln --symbolic /etc/nginx/sites-available/example.org.conf /etc/nginx/sites-enabled/example.org.conf

Conclusion

Log rotation

The package installs a default logrotate configuration file (/etc/logrotate.d/nginx) that can be customised:

/var/log/nginx/*.log
{
	copytruncate
	maxage 365
	missingok
	monthly
	notifempty
	rotate 12
}

/var/log/nginx/*.log: Sets the configuration scope for the subsequent section. The pattern matches all files (*) ending with the extension log in the /var/log/nginx/ directory.
copytruncate: Copy the contents of the log file being rotated into a new file and then truncate the original log file.
maxage 365: Remove log files older than 365 days.
missingok: Do not consider it an error if a log file is missing.
monthly: Perform a log rotation monthly.
notifempty: Do not perform a log rotation on an empty log file.
rotate 12: Perform 12 log rotations before older log files are removed.

Directory ownership and permissions

The configuration directory should be protected:

root@computer:~# chown --recursive root:adm /etc/nginx/
root@computer:~# chmod --recursive 0770 /etc/nginx/

The document root directory should be protected:

root@computer:~# chown --recursive root:adm /srv/http/
root@computer:~# chmod --recursive 0775 /srv/http/

The log directory should be protected:

root@computer:~# chown --recursive nginx:adm /var/log/nginx/
root@computer:~# chmod --recursive 0750 /var/log/nginx/

Browser loopback

The following line must be added to /etc/hosts so that a web browser will request example.org from the local machine instead of querying the Internet:

127.0.0.1	example.org
::1			example.org

The domain name (example.org) should be replaced with the relevant domain name.

A Domain Name System record must be created to make the web site accessible by domain name via the Internet.

Server initiation

Nginx is started when the configuration is done:

root@computer:~# systemctl start nginx.service

External links

This article has additional content here.

Nginx (official web site)