Setting up NGINX

assuming NGINX is installed or built from scratch already


cd /var/www/html/
rm -f index.html 50x.html

grep --color=always aes /proc/cpuinfo
grep --color=always avx /proc/cpuinfo

openssl dhparam 2048 > /etc/ssl/dhparam.pem
cat /etc/ssl/dhparam.pem
#-rand /dev/urandom

mv -i /etc/nginx/nginx.conf /etc/nginx/nginx.conf.dist
grep -vE '^[[:space:]]*(#|$)' /etc/nginx/nginx.conf.dist > /etc/nginx/nginx.conf.clean
grep -vE '^[[:space:]]*(#|$)' /etc/nginx/nginx.conf.dist > /etc/nginx/nginx.conf
vi /etc/nginx/nginx.conf

user www www;
worker_processes auto;

events {
        worker_connections 1024;

http {
        include mime.types;
    default_type text/html;
    #default_type application/octet-stream;
        sendfile on;
        keepalive_timeout 65;

    #adding default_server here
        #http2 pops-up a download window on FF
        server {
                listen 80 default_server;
                listen [::]:80 default_server;
                server_name _;
                location / {
            #root /var/www/html;
            #index index.html index.htm;
                    #try_files $uri $uri/ =404;

                    #proxy_pass http://x.x.x.x/;

            #taking over a whole FQDN at once
                        #return 301$request_uri;

            #unconditional redirect to a given page
            return 301;

    ssl_prefer_server_ciphers off;
    ssl_protocols TLSv1.3 TLSv1.2;
    ssl_dhparam /etc/ssl/dhparam.pem;
    ssl_session_cache shared:SSL:40m;
    ssl_session_timeout 4h;
    ssl_session_tickets on;

        include conf.d/*.conf;

Virtual host example

vi conf.d/VHOST.conf

server {
        listen 80;
        listen [::]:80;

        # HTTP redirect to HTTPS
        location / {
                return 301 https://$host$request_uri;

        # deal with http-01 challenges (no http2 there)
        location ^~ /.well-known/acme-challenge/ {
                default_type "text/plain";
                # trailing slash matters
                alias /var/www/dehydrated/;

            autoindex on;
            autoindex_exact_size off;
            location = /robots.txt          { access_log off; log_not_found off; }
            location = /favicon.ico         { access_log off; log_not_found off; }
            location ~ /apple-touch-icon    { access_log off; log_not_found off; }

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        #without includeSubDomains
        add_header Strict-Transport-Security "max-age=31536000" always;

        ssl_certificate     /etc/dehydrated/certs/;
        ssl_certificate_key /etc/dehydrated/certs/;

    #ssl_certificate     /etc/dehydrated/certs/nethence_com/fullchain.pem;
    #ssl_certificate_key /etc/dehydrated/certs/nethence_com/privkey.pem;

        location / {
                root /var/www/html;
                index index index.html index.htm;
                try_files $uri $uri/ =404;

        autoindex on;
        autoindex_exact_size off;
    location = /robots.txt          { access_log off; log_not_found off; }
    location = /favicon.ico         { access_log off; log_not_found off; }
    location ~ /apple-touch-icon    { access_log off; log_not_found off; }

    #location ~ /\.                 { access_log off; log_not_found off; deny all; }
    #location ~ ~$                  { access_log off; log_not_found off; deny all; }

Ready to go

check configuration

nginx -t

enable at boot time

vi /etc/rc.local

echo -n nginx...
/usr/local/sbin/nginx && echo done || echo FAIL

on Ubuntu 16+, make sure the System D service for rc-local is enabled and don’t forget to make the script executable

systemctl status rc-local.service
chmod +x /etc/rc.local


ps auxfww | grep nginx | grep -v grep
cat /var/log/
cat /var/lock/nginx.lock
cat /var/db/nginx/nginx.lock


nginx -s reload

shutdown gracefully

nginx -s quit

exit brutally

nginx -s stop



anything HTTP redirects to HTTPS

curl -i
curl -i

HTTPS just works

curl -i
curl -i

what happens if you’re talking SSL on non-existing vhost?

curl -i

check 301 on 404

curl -i
curl -i

HTTP additions vs fancy specific setups

prepare headers and footers

cd /var/www/html/
mkdir -p css/
echo '<p>header' > css/header.html
echo '<p>footer' > css/footer.html
touch check-file1
mkdir check-folder/
touch check-folder/check-file2

then enable fancy as http or server context

    location / {
        fancyindex on;
        fancyindex_exact_size off;
        #fancyindex_css_href /css/kult.custom.css;
        fancyindex_header /header.html;
        fancyindex_footer /footer.html;
        fancyindex_ignore favicon.ico robots.txt css/header.html css/footer.html css;
        #fancyindex_localtime off;
    autoindex on;

or just DIY

                        #add_before_body /css/header.html;
            sub_filter '<head><title>Index of $uri</title></head>' '<head><title>TITLE-HERE - $uri</title></head>';
            sub_filter '<h1>Index of $uri</h1>' '<h1 style="font-family:Courier;font-style:italic;text-transform:uppercase;">TITLE-HERE - $uri</h1>';
                        sub_filter_once on;

                        #add_after_body  /css/footer.html;
            sub_filter '</body>' '<div>SOME FOOTER HERE</div></body>';

Note: not adding a footer as some /body and /html would remain – the filter would not differenciate those I added and those from the directory listing.


Pitfalls and Common Mistakes

Getting Started

Default NGINX Configuration


Debugging Nginx Errors


How to do an Nginx redirect

How do I force redirect all 404’s (or every page, whether invalid or not) to the homepage?

http additions vs fancy

Module ngx_http_sub_module

Module ngx_http_addition_module

Beautiful listing of files and directories in nginx

Directory Theme


Controlling NGINX Processes at Runtime

nginx -s stop and -s quit what is the difference?