This guide will explain how to install and setup NGINX reverse proxy on a Debian/Ubuntu VPS. NGINX is a high-performance web server which will allow you to start hosting your own websites in a matter of minutes.


Pre-requisites

In order to follow this guide you will need:

  • A VPS running Debian or Ubuntu. In this example, I will be using Debian 10 but as Ubuntu is based on Debian, the commands will be the same.
  • A domain name - this is what users will use to visit your website. You can purchase a domain directly from DMC here or through a company like Namecheap.
  • (Optional but highly recommended) Have added your domain to Cloudflare. They offer excellent DDoS protection and caching to make your site load faster. You can read how to add a domain to Cloudflare here.

Installing NGINX and Configuring the Firewall

I’m going to assume you are already SSHed into your machine.

  1. First things first let’s get our system up to date. Running the command below will update all the Linux packages on your machine and the Linux kernel.
# Update our VPS
sudo apt update && sudo apt upgrade -y

2. Now it’s time to install NGINX. This command will install NGINX and the latest version of its dependencies.

# Install NGINX
sudo apt install -y nginx

3. Make sure to also run this command to ensure that NGINX is started and setup to start automatically when the machine boots.

sudo systemctl start nginx && sudo systemctl enable nginx

4. At this point, it’s important to ensure that our firewall is configured correctly so people can access our website. The following command will install UFW (a very popular way of managing the firewall) if it isn’t already and allow ports `80` (HTTP web traffic), `443` (HTTPS web traffic) and `22` (SSH) through the firewall.

sudo apt-get install -y ufw && sudo ufw allow 80 && sudo ufw allow 443 && sudo ufw allow 22

The following message should have been output 3 times after running the previous command.

5. If everything looks good, run the next command to enable the firewall. You need to allow port 22 though the firewall before you enable the firewall, otherwise, you will be unable to connect to your system over SSH.

sudo ufw enable

6. Press `y` when asked to confirm the changes. After doing so, the message `Firewall is active and enabled on system startup` should be output.

Now run this command and check that your firewall rules are set correctly.

sudo ufw status

If all the commands ran correctly it should look something like this:

7. Now visit `http://your-vps-ip` in your browser. If everything ran correctly, you should see the default NGINX landing page.

Congrats! You just installed NGINX!! Now let’s look at how to configure it.


Configuring NGINX to Serve a Static HTML Website

  1. Firstly, you need to point an A record to the IP address of your VPS. You can use any domain/subdomain you want, just make sure to make a note of it as we will need it.
TIP: If you are using Cloudflare make sure you set your ‘proxy status` to `Proxied` (orange cloud). This will enable features such as DDoS protection, dynamic caching and much more.

2. Now you can upload your website’s files over SFTP. You can upload them to any directory that you want. However, `/var/www/website-name` is the traditional place to store website files. In this example, I will be using `/var/www/landing-page`.

3. This next command will open up a text editor inside your SSH terminal where we will be putting our NGINX configuration in the next step. Note: You can replace `your-site-name` with anything you want.

sudo nano /etc/nginx/sites-available/your-site-name.conf

It should look something like this:

4. Now it’s time to paste in your NGINX server block. This is what will tell NGINX where your files are located.

server {
listen 80;
server_name example.com;
root /var/www/website-name/;
index index.php index.html;
}

It should look something like this:


Once you have pasted this in and changed `server_name` to your domain and `root` to the directory where your files are located, you can hit `Ctrl + X`, `y` and `ENTER` to save the changes

5. To enable the NGINX configuration file, run this command (make sure to change the `website-name` to the name of your configuration file).

sudo ln -s /etc/nginx/sites-available/website-name.conf /etc/nginx/sites-enabled

If you did not get an error, that means the command ran correctly.

6. To deploy the changes live, you need to restart NGINX. However, it is recommended to run `nginx -t` before restarting NGINX. This checks the config files and will tell you if there are any errors.

If all is well, it should output something like this:

Now you can run the following command to restart NGINX.

sudo systemctl restart nginx

If you did not get an error, that means the command ran correctly.

7. That’s it! If you visit http://domain.com you should see your website!

Configuring SSL

It is highly recommended that you configure SSL for your website. It ensures all information that is sent between your web server and your visitors is encrypted, making everything more secure.

Note: If you use Cloudflare you won’t (generally speaking) need to do these steps. However, there are certain circumstances where you will need to when using Cloudflare such as if you get an SSL handshake error.
  1. In order to create an SSL certificate, we will be using a package called Certbot. This deploys Let’s Encrypt SSL certificates to your website for free. First, let’s install it with this command:
sudo apt-get install -y certbot && sudo apt-get install -y python-certbot-nginx

2. To create the SSL certificate, run this command and select the domain you want to deploy the certificate for. NOTE: When you run this command for the first time, it will prompt you to enter an email address to send renewal alerts too. You will also have to agree to their TOS and choose if you want to receive marketing emails.

certbot --nginx

3. When prompted, you should also select `2` to redirect all traffic from `http://` to `https://` so users are forced to use HTTPS.

If all went well, you should see a message much like this one:

4. Now when you visit your website, you should see a padlock next to your domain like this:


If you have the padlock, it means your website now has an SSL certificate!

🎉Congratulations! You’ve just installed and configured NGINX reverse proxy and setup SSL!