Skip to content

Deployment Overview of Nginx on Server

Prerequisites and Basic Requirements

The following requirements must be met before deploying the Nginx application:

  • Operating System: Debian or Ubuntu (apt package manager required).

  • Privileges: Root access or sudo privileges are required to install packages and configure services.

  • Domain: A valid domain name under the hostkey.in zone is required.

  • Ports: Ports 80 (HTTP) and 443 (HTTPS) must be open and accessible from the internet.

FQDN of the Final Panel

The Fully Qualified Domain Name (FQDN) for the deployed instance follows the format: nginx<Server ID>.hostkey.in

The application is accessible via HTTPS on port 443.

File and Directory Structure

The deployment creates the following directory structure for web roots, certificates, and configuration:

  • /var/www/html: Default web root directory.

  • /var/www/letsencrypt: Web root directory used for Let's Encrypt ACME challenges.

  • /etc/nginx/sites-available: Location for available site configuration files.

  • /etc/nginx/sites-enabled: Location for symbolic links to active site configurations.

  • /etc/nginx/user_conf.d: Directory for additional user configuration snippets.

  • /etc/letsencrypt/live: Storage location for active SSL certificates and keys.

  • /etc/letsencrypt/renewal-hooks/deploy: Location for scripts executed after certificate renewal.

Application Installation Process

The application is installed using the apt package manager. The following components are installed:

  • nginx: The web server software.

  • certbot: The ACME client for obtaining SSL certificates.

  • python3-certbot-nginx: The Nginx plugin for Certbot.

  • openssl: Cryptographic toolkit.

The installation process involves updating the package cache, installing the required packages, and enabling the nginx service to start automatically on boot.

Access Rights and Security

Security measures and access controls are configured as follows:

  • The nginx service is enabled and started via systemd.

  • The default Nginx site configuration is removed to prevent conflicts.

  • SSL certificates are obtained using the Let's Encrypt ACME protocol with a 4096-bit RSA key.

  • HTTP traffic on port 80 is redirected to HTTPS on port 443.

  • A deployment hook is configured to automatically reload Nginx upon certificate renewal.

Docker Containers and Their Deployment

This deployment does not utilize Docker containers. The application runs as a native system service managed by systemd.

Proxy Servers

Nginx acts as the primary proxy server with the following configuration:

  • SSL/TLS: Enabled using certificates from Let's Encrypt.

  • HTTP to HTTPS Redirect: All traffic on port 80 is redirected to port 443.

  • ACME Challenge: A specific location block handles /.well-known/acme-challenge/ requests to facilitate certificate issuance and renewal.

  • Configuration File: The main configuration is stored at /etc/nginx/sites-available/<fqdn>.conf and linked to /etc/nginx/sites-enabled/.

Permission Settings

File and directory permissions are set as follows:

  • /var/www/html: Owned by www-data:www-data with mode 0755.

  • /var/www/letsencrypt: Owned by www-data:www-data with mode 0755.

  • /etc/nginx/sites-available/<fqdn>.conf: Owned by root:root with mode 0644.

  • /etc/letsencrypt/renewal-hooks/deploy/reload-nginx.sh: Owned by root:root with mode 0755.

Location of Configuration Files and Data

Key configuration files and data locations include:

  • Site Configuration: /etc/nginx/sites-available/<fqdn>.conf

  • Active Site Link: /etc/nginx/sites-enabled/<fqdn>.conf

  • SSL Certificates: /etc/letsencrypt/live/<fqdn>/

  • DH Parameters: /etc/letsencrypt/dhparams/dhparam.pem

  • User Configuration Snippets: /etc/nginx/user_conf.d/

Available Ports for Connection

The following ports are configured for external and internal access:

Port Protocol Description
80 HTTP Used for ACME challenges and redirecting traffic to HTTPS.
443 HTTPS Primary port for secure web traffic.

Starting, Stopping, and Updating

The Nginx service is managed using systemd. The following commands are used to control the service:

  • Start the service: 

    systemctl start nginx

  • Stop the service: 

    systemctl stop nginx

  • Reload the configuration: 

    systemctl reload nginx

  • Check service status: 

    systemctl status nginx

  • Validate configuration syntax: 

    nginx -t

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×