Skip to content

Instantly share code, notes, and snippets.

@pimbrouwers

pimbrouwers/ubuntu-20_04-web-server-setup-instructions.md

Last active March 21, 2022 15:12
Show Gist options
  • Save pimbrouwers/4b7f2fa2663d03e347b2132b0a649ba2 to your computer and use it in GitHub Desktop.
Save pimbrouwers/4b7f2fa2663d03e347b2132b0a649ba2 to your computer and use it in GitHub Desktop.
Download ZIP
Ubuntu 20.04 Web Server Setup Instructions
Raw
ubuntu-20_04-web-server-setup-instructions.md

Ubuntu 20.04 Web Server Setup Instructions

!!! Work in progress, use at your own risk. !!!

  • nginx
  • certbot
  • iptables

Updates

$ sudo apt update        # Fetches the list of available updates
$ sudo apt full-upgrade  # Installs updates; may also remove some packages, if needed
$ sudo apt autoremove    # Removes any old packages that are no longer needed

Adding a new user

Add a new user for the purposes of logging in and doing administrative work.

The root user has permissions to change every aspect of your server. This is good for the sake of administration, but regularly logging in and navigating your VPS as root isn't great for security.

adduser username

You will be prompted with:

Enter new UNIX password: 
Retype new UNIX password: 
passwd: password updated successfully

Add the new user to the sudo group.

usermod -aG sudo remote-user

After logging out, and back in as the new user, make sure your sudo access is working. One way of doing this is by listing the /root/ directory, which is only possible with sudo access. You'll be asked for your user's password to authenticate.

sudo ls -la /root
[sudo] password for username:

Install nginx

$ sudo apt install nginx -y;
$ sudo systemctl enable --now nginx;

Configure nginx

Worker procesess and Worker Connection

First two variables to tune are worker_processes and worker_connections.

worker_processess - how many workers should be spawn worker_connections - how many clients can be simultaneously connection

Configure worker connections to be the number of cores available. Run the following to display the cores available:

grep processor /proc/cpuinfo | wc -l

Check the core's limitations by issuing a ulimit command:

ulimit -n

Update the config with the new values.

sudo nano /etc/nginx/nginx.conf

worker_processes 1;
worker_connections 1024;

Enable GZip

By enabling gzip can save bandwidth and improving website load time on slow connections.

gzip on;
gzip_vary on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
gzip_disable "MSIE [1-6]\.";

gzip on - Enables gzip compression. gzip_vary on - Tells proxies to cache both gzipped and regular versions of a resource. gzip_min_length 1024 - Informs NGINX to not compress anything smaller than the defined size. gzip_proxied - Compress data even for clients that are connecting via proxies (here we're enabling compression if: a response header includes the "expired", "no-cache", "no-store", "private", and "Authorization" parameters). gzip_types - Enables the types of files that can be compressed. gzip_disable - "MSIE [1-6].", disable compression for Internet Explorer versions 1-6.

Reducing Timeouts

Timeouts also really improve the Nginx performance considerably. The keepalive connections reduce CPU and network overhead required when opening and closing connections.

client_body_timeout 12;
client_header_timeout 12;
keepalive_timeout 15;
send_timeout 10;

client_body_timeout - duration server will attempt reading client body client_header_timeout - duration server will attempt reading client header keep_alive_timeout - duration keep-alive connection will stay open send_timeout - duration server will attempt to transmit response to client

Error Logs

Setting the appropriate log log_level can dramatically reduce the IO overhead. A good starting point is the "error" level (note: this is the default setting, used when nothing is specified).

error_log /var/log/nginx/error.log error;

Access Logs

If it's required to have access logging, then enable access-log buffering. This enables Nginx to buffer a series of log entries and writes them to the log file together at once instead of performing the different write operations for each request.

access_log /var/log/nginx/access.log buffer=16k

Rate Limiting

Create a vhost "server" block

Create the website directory in /var/www:

$ sudo mkdir -p /var/www/www.mywebsite.com
$ cd /var/www/www.mywebsite.com
$ nano index.html

Paste the following into nano editor:

<!DOCTYPE html>
<html>
<head>
    <title>Nginx Static Website</title>
</head>
<body>
    <h1>Hello world</h1>
</body>
</html>

Next add a server configuration block. Instead of going through site-available folders and then creating symlinks, just write the server block in there conf.d folder. It will work on all platforms and it is simpler to manage:

$ nano /etc/nginx/conf.d/www.mywebsite.com.conf
server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root /var/www/www.mywebsite.com;
    index index.html index.htm;
    server_name _;

    location ~* .(jpg|jpeg|png|gif|ico|svg)$ {
      expires 30d;
    }

    location ~* .(css|js)$ {
      expires 1d;
    }

    location / {
        try_files $uri $uri/ =404;
    }
}

Remove the default configuration and reload nginx:

$ sudo rm /etc/sites-enabled/default
$ sudo systemctl reload nginx
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment