Add a number of basic NGINX guides

4 years ago · 83ba6b2b4f
parent 2a0afcb173
commit 83ba6b2b4f
6 changed files with 401 additions and 7 deletions
--- a/blog/certbot-ssl.html
+++ b/blog/certbot-ssl.html
@ -0,0 +1,64 @@
 <!DOCTYPE html>
 <html lang="en">
 	<head>
 		<meta charset="utf-8">
 		<meta name="viewport" content="width=device-width, initial-scale=1">
 		<meta name="description" content="A guide to adding a free SSL certificate to your website(s) using cerbot, and automatically renewing them">
 		<meta name="keywords" content="Blog, articles, guide, certbot, SSL, secure certificate, website">
 		<meta name="author" content="Nathan (Aney) Steel">
 		<meta name="theme-color" content="white">
 		<meta name="theme-color" content="black">
 		<link rel="stylesheet" type="text/css" href="/main.css">
 		<link rel="icon" type="image/png" href="/images/favicon.svg">
 		<title>Set HTTPS for your website</title>
 	</head>
 	<body>
 		<header>
 			<h1>Set SSL/HTTPS for your website</h1>
 			<hr/>
 			<nav>
 				<a href="/">home</a>
 				<a href="/equipment.html">equipment</a>
 				<a href="/projects.html">projects</a>
 				<a href="/blog/">blog</a>
 				<a href="/sitemap.html">misc</a>
 				<a href="/support.html">support</a>
 			</nav>
 			<hr/>
 		</header>
 		<main>
 			<section>
 				<p>An SSL certificate is used to secure a domain, preventing people from seeing many things, including those entered into forms (username, password, etc.).</p>
 				<h2>Install Certbot</h2>
 				<pre><code>sudo apt install python3-certbot</code></pre>
 				<p>or</p>
 				<pre><code>sudo apt install python3-certbot-nginx</code></pre>
 				<h2>Run Certbot</h2>
 				<pre><code>sudo certbot --nginx</pre></code>
 				<p>or</p>
 				<pre><code>sudo certbot --nginx -d <DOMAIN-NAME></pre></code>
 				<p>I recommend the former command, as it will ask which domain you'd like to setup for, where the latter should be used if you know for certain the domain-name is configured in nginx</p>
 				<p>The first time you run certbot you'll need to enter an email (for alerts), and agree to T&Cs</p>
 				<h3>Configure HTTPS</h3>
 				<h2>Auto renew</h2>
 				<p>Certificates attained via Certbot are valid for 90 days, so to keep it up indefinitely we'll need to auto-renew before it expires</p>
 				<p>To do this we'll set up a cronjob to run on... . This crontab needs to be run by root, so we'll open the crontab with sudo.</p>
 				<pre><code>sudo crontab -e</code></pre>
 				<p>If it's your first time editing the crontab (as root), it'll ask for your editor of choice</p>
 				<p>When the crontab is open, add a line to the bottom with the following</p>
 				<pre><code>0 0 * * * certbot --nginx renew</code></pre>
 				<p>Exit and save, you'll be imformed the crontab has been changed, and every day the cronjob will auto renew SSL certificates that are due to expire in the next 30 days.</p>
 			</section>
 		</main>
 		<footer>
 			<hr/>
 			<p>Written by <a href="http://aney.co.uk" target="_blank" rel="noopener">@aney</a> with <a href="https://danluu.com/web-bloat/" target="_blank" rel="noopener">web bloat</a> in mind | <a href="https://github.com/Aney/website" target="_blank" rel="noopener">Source Code</a></p>
 		</footer>
 	</body>
 </html>
--- a/blog/get-a-domain-name.html
+++ b/blog/get-a-domain-name.html
@ -0,0 +1,55 @@
 <!DOCTYPE html>
 <html lang="en">
 	<head>
 		<meta charset="utf-8">
 		<meta name="viewport" content="width=device-width, initial-scale=1">
 		<meta name="description" content="A basic guide on how to purchase a domain name">
 		<meta name="keywords" content="Blog, articles, news, domain name, website">
 		<meta name="author" content="Nathan (Aney) Steel">
 		<meta name="theme-color" content="white">
 		<meta name="theme-color" content="black">
 		<link rel="stylesheet" type="text/css" href="/main.css">
 		<link rel="icon" type="image/png" href="/images/favicon.svg">
 		<title>Get a domain name</title>
 	</head>
 	<body>
 		<header>
 			<h1>Get a domain name</h1>
 			<hr/>
 			<nav>
 				<a href="/">home</a>
 				<a href="/equipment.html">equipment</a>
 				<a href="/projects.html">projects</a>
 				<a href="/blog/">blog</a>
 				<a href="/sitemap.html">misc</a>
 				<a href="/support.html">support</a>
 			</nav>
 			<hr/>
 		</header>
 		<main>
 			<section>
 				<p>A domain name, as many will know is what people typing into their browser, e.g. google.com, facebook.com, etc.</p>
 				<p>The primary use for these is to have a memorable thing for users, instead of needing to type the IP address of the server</p>
 				<h2>Choose a registrar</h2>
 				<p>First thing is to choose a registrar (who you are leasing the domain from). You can search for "domain name registrars" and find who is cheapest. So long as they handle DNS (which all I've used do) you're good.</p>
 				<p>I'm currently using <a href="https://tsohost.com" target="_blank" rel="noopener" >tsohost.com</a>, as they're pretty cheap, and besides a few little issues, it works for me.</p>
 				<h2>Choose a domain name</h2>
 				<p>On the registrar's website there will be a section to purchase a domain. Upon clicking this you'll likely be greeted with a searchbar, search for whatever domain you'd like here, and they'll let you know if it's available, and what similar domains there are</p>
 				<p>Select the domain(s) you wish, and add it/them to your cart.</p>
 				<h2>Purchase your domain name</h2>
 				<p>Simply checkout, and make your way through the process</p>
 			</section>
 		</main>
 		<footer>
 			<hr/>
 			<p>Written by <a href="http://aney.co.uk" target="_blank" rel="noopener">@aney</a> with <a href="https://danluu.com/web-bloat/" target="_blank" rel="noopener">web bloat</a> in mind | <a href="https://github.com/Aney/website" target="_blank" rel="noopener">Source Code</a></p>
 		</footer>
 	</body>
 </html>
--- a/blog/guide-to-server-hosting.html
+++ b/blog/guide-to-server-hosting.html
@ -31,13 +31,14 @@
 		<main>
 			<section>
 				<p class="intro">If you want to start getting into server hosting, system administration, or just want to get a basic minecraft/web server up for you and your friends, then welcome. We all start somewhere, and I would love if I could get your foot in the door.</p>
-				<p>This is a WIP, so I'll be adding to this guide whenever I get time, and will update it's readibility once it's 'complete'.</p>
+				<h2>Notice</h2>
 				<p>This is heavily a WIP, so I'll be adding to this guide whenever I get time, and will update it's readibility, and correct/add anything missing once it's 'complete'. If I didn't put it up in an unfinished state, it would never go live, so bear with.</p>
 				<h2>Basic Server setup</h2>
 				<ul>
 					<li>TODO:Get a server</li>
 					<li><a href="/blog/initial-server-setup.html">Basic Debian Server setup (with some security)</a></li>
-					<li>TODO:Get a domain name</li>
+					<li><a href="/blog/get-a-domain-name.html">TODO: Get a domain name</a></li>
 					<li><a href="/blog/add-domain-to-server.html">Connect your server and domain name</a></li>
 				</ul>
 				<p>Now you officially own, and have setup a server. Currently all you can do is SSH into it though, so let's get some services on there</p>
@ -45,11 +46,12 @@
 				<h2>Nginx Webserver</h2>
 				<p>A great first service for any server is a website, even if it's just a little page to let people know you own the server/domain name</p>
 				<ul>
-					<li>TODO:Install nginx</li>
+					<li><a href="/blog/nginx-install.html">Install nginx</a></li>
-					<li>TODO:Setup your first website</li>
+					<li><a href="/blog/setup-nginx-website.html">Setup an nginx website</a></li>
-					<li>TODO:Add an SSL certificate w/Certbot</li>
+					<li><a href="/blog/certbot-ssl.html">Add an SSL certificate w/Certbot</a></li>
-					<li>TODO:Nginx web hardening</li>
+					<li><a href="/blog/nginx-web-optimisation.html">TODO: Nginx web optimisation</a></li>
 					<li>TODO:Add PHP to your webserver (optional)</li>
 					<li>TODO:Guide to web-development</li>
 				</ul>
 				<h2>MariaDB Database</h2>
@ -62,7 +64,7 @@
 				</ul>
 				<h2>Backup your server!</h2>
-				<p>Backups are super useful. If something breaks, or gets accidentally deleted you can always use a backup to get back it back</p>
+				<p>Backups are super useful. If something breaks, or gets accidentally deleted you can always use a backup to get it back</p>
 				<ul>
 					<li>TODO:Setup rsync</li>
 					<li>TODO:Setup rdiff-backup</li>
--- a/blog/nginx-install.html
+++ b/blog/nginx-install.html
@ -0,0 +1,76 @@
 <!DOCTYPE html>
 <html lang="en">
 	<head>
 		<meta charset="utf-8">
 		<meta name="viewport" content="width=device-width, initial-scale=1">
 		<meta name="description" content="A guide to installing an NGINX web server">
 		<meta name="keywords" content="Blog, articles, news, NGINX, web server, guide">
 		<meta name="author" content="Nathan (Aney) Steel">
 		<meta name="theme-color" content="white">
 		<meta name="theme-color" content="black">
 		<link rel="stylesheet" type="text/css" href="/main.css">
 		<link rel="icon" type="image/png" href="/images/favicon.svg">
 		<title>How to install an NGINX web server</title>
 	</head>
 	<body>
 		<header>
 			<h1>How to install an NGINX web server</h1>
 			<hr/>
 			<nav>
 				<a href="/">home</a>
 				<a href="/equipment.html">equipment</a>
 				<a href="/projects.html">projects</a>
 				<a href="/blog/">blog</a>
 				<a href="/sitemap.html">misc</a>
 				<a href="/support.html">support</a>
 			</nav>
 			<hr/>
 		</header>
 		<main>
 			<section>
 				<p>NGINX (engine X) is one of the top webservers. It has relatively easy learning curve, is fast, and <a href="">secure</a>. It's a great step into web hosting, and a good first service for many servers.</p>
 				<h2>Install</h2>
 				<pre><code>sudo apt install nginx</code></pre>
 				<h2>Enable, and start</h2>
 				<pre><code>sudo systemctl enable nginx --now</code></pre>
 				<p>or</p>
 <pre>
 <code>sudo systemctl enable nginx
 sudo systemctl start nginx</code></pre>
 				<h2>Enable the http port</h2>
 				<p>If you have UFW installed ala the <a href="/blog/initial-server-setup.html">initial server setup</a> guide you'll need to open the http port on the server</p>
 				<pre><code>sudo ufw allow 80</code></pre>
 				<p>or</p>
 				<pre><code>sudo ufw allow http</code></pre>
 				<h2>Check it's working</h2>
 				<p>Open your browser, and head over to your IP address, or domain name. With any luck you should see the default NGINX page, with a "Welcome to NGINX"</p>
 				<h3>Basic checks in case it's not</h3>
 				<p>Check nginx is actually running</p>
 				<pre><code>sudo systemctl status nginx</code></pre>
 				<p>In the active section, this should show "Active", if not try starting nginx again</p>
 				<pre><code>sudo systemctl start nginx</code></pre>
 				<p>Check UFW port is enabled<p>
 				<pre><code>sudo ufw status</code></pre>
 				<p>This should show port 80, and 80 (v6) with ALLOW. If not, run ufw allow again</p>
 			</section>
 			<section>
 				<h2>Next...</h2>
 				<p><a href="/blog/setup-nginx-website.html">Setup an nginx website</a></p>
 			</section>
 		</main>
 		<footer>
 			<hr/>
 			<p>Written by <a href="http://aney.co.uk" target="_blank" rel="noopener">@aney</a> with <a href="https://danluu.com/web-bloat/" target="_blank" rel="noopener">web bloat</a> in mind | <a href="https://github.com/Aney/website" target="_blank" rel="noopener">Source Code</a></p>
 		</footer>
 	</body>
 </html>
--- a/blog/nginx-web-optimisation.html
+++ b/blog/nginx-web-optimisation.html
@ -0,0 +1,114 @@
 <!DOCTYPE html>
 <html lang="en">
 	<head>
 		<meta charset="utf-8">
 		<meta name="viewport" content="width=device-width, initial-scale=1">
 		<meta name="description" content="Learn how to Secure, and optimise your NGINX server with an easy guide">
 		<meta name="keywords" content="Blog, articles, news">
 		<meta name="author" content="Nathan (Aney) Steel">
 		<meta name="theme-color" content="white">
 		<meta name="theme-color" content="black">
 		<link rel="stylesheet" type="text/css" href="/main.css">
 		<link rel="icon" type="image/png" href="/images/favicon.svg">
 		<title>NGINX web optimisation</title>
 	</head>
 	<body>
 		<header>
 			<h1>NGINX web optimisation</h1>
 			<hr/>
 			<nav>
 				<a href="/">home</a>
 				<a href="/equipment.html">equipment</a>
 				<a href="/projects.html">projects</a>
 				<a href="/blog/">blog</a>
 				<a href="/sitemap.html">misc</a>
 				<a href="/support.html">support</a>
 			</nav>
 			<hr/>
 		</header>
 		<main>
 			<section>
 				<p>Optimisations for the nginx configs will increase both the security, and performance of your website
 				<h2>TODO: Headers</h2>
 				<p>These headers tell nginx what, and how things can be served. They need to be added to each site-available that intends to use them</p>
 				<pre><code>sudo vim /etc/nginx/sites-available/<DOMAIN></code></pre>
 				<p>Within the server block. If certbot/SSL is setup, add into the block listening to port 443 (HTTPS)</p>
 <pre><code>add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload';
 add_header Content-Security-Policy "default-src 'self';" always;
 add_header X-Frame-Options SAMEORIGIN always;
 add_header "X-XSS-Protection" "1";
 add_header X-Content-Type-Options nosniff ;</code></pre>
 				<h2>Gzip Compression</h2>
 				<p>Compressing data that is sent to the client is a simple way to save some bandwidth, and gain a bit of speed</p>
 				<pre><code>sudo vim /etc/nginx/nginx.conf</code></pre>
 				<p>This goes within the http block, there is likely already a gzip section, so find it and replace with the below. Otherwise just add to the http block.</p>
 <pre><code>##
 # Gzip Settings
 ##
 gzip on ;
 gzip_disable "msie6" ;
 gzip_min_length 256 ;
 gzip_vary on ;
 gzip_proxied any ;
 gzip_comp_level 6 ;
 gzip_buffers 16 8k ;
 gzip_http_version 1.1 ;
 gzip_types
  application/atom+xml
  application/geo+json
  application/javascript
  application/x-javascript
  application/json
  application/ld+json
  application/manifest+json
  application/rdf+xml
  application/rss+xml
  application/xhtml+xml
  application/xml
  font/eot
  font/otf
  font/ttf
  image/svg+xml
  text/css
  text/javascript
  text/plain
  text/xml
 ;</code></pre>
 				<h3>TODO: Brotli Compression</h3>
 				<p>Brotli is a new less used contender in the web compression space, but I've heard good things. I'll add this section once I've tested performance vs gzip myself</p>
 				<h2>TODO: SSL Tweaks</h2>
 				<h2>HTTP/2</h2>
 				<p>The newer standard of HTTP. It allows for parallel downloading, and other niceities. I believe Certbot does this for you when setting up SSL for a site, but if that changes, or you've used a different SSL cert, you can set this manually.</p>
 				<pre><code>sudo vim /etc/nginx/sites-available/<WEBSITE_CONFIG></code></pre>
 				<p>Alter the existing listen lines to append http2</p>
 				<pre><code>listen 443 ;</pre></code>
 				<p>to</p>
 				<pre><code>listen 443 http2 ;</pre></code>
 				<p>After an nginx reload, this can be checked, by looking for HTTP/2 being returned by the below curl command</p>
 				<pre><code>curl -I -L https://<WEBSITE></code></pre>
 				<h2>TODO: Cache Files, and Images</h2>
 				<p></p>
 				<h2>TODO: Limit requests</h2>
 				<p>To prevent potential DOS attacks, and web scrapers the amount of requests/connections per IP can be reduced</p>
 			</section>
 		</main>
 		<footer>
 			<hr/>
 			<p>Written by <a href="http://aney.co.uk" target="_blank" rel="noopener">@aney</a> with <a href="https://danluu.com/web-bloat/" target="_blank" rel="noopener">web bloat</a> in mind | <a href="https://github.com/Aney/website" target="_blank" rel="noopener">Source Code</a></p>
 		</footer>
 	</body>
 </html>
--- a/blog/setup-nginx-website.html
+++ b/blog/setup-nginx-website.html
@ -0,0 +1,83 @@
 <!DOCTYPE html>
 <html lang="en">
 	<head>
 		<meta charset="utf-8">
 		<meta name="viewport" content="width=device-width, initial-scale=1">
 		<meta name="description" content="A guide to setting up an nginx website pointed at a domain/subdomain">
 		<meta name="keywords" content="Blog, articles, NGINX, web server, guide, website">
 		<meta name="author" content="Nathan (Aney) Steel">
 		<meta name="theme-color" content="white">
 		<meta name="theme-color" content="black">
 		<link rel="stylesheet" type="text/css" href="/main.css">
 		<link rel="icon" type="image/png" href="/images/favicon.svg">
 		<title>How to setup an NGINX website</title>
 	</head>
 	<body>
 		<header>
 			<h1>How to setup an NGINX website</h1>
 			<hr/>
 			<nav>
 				<a href="/">home</a>
 				<a href="/equipment.html">equipment</a>
 				<a href="/projects.html">projects</a>
 				<a href="/blog/">blog</a>
 				<a href="/sitemap.html">misc</a>
 				<a href="/support.html">support</a>
 			</nav>
 			<hr/>
 		</header>
 		<main>
 			<section>
 				<p>Nginx has the ability to host multiple websites, all at different domains/sub-domains. This guide will show you how to point a domain at the server, and display a different website than the default NGINX page.</p>
 				<h2>Make the domain point to the server</h2>
 				<p>In your domains DNS records ensure that the domain/sub-domain is pointing to the servers IP address, otherwise NGINX won't get told to serve the website</p>
 				<h2>Create the website directory</h2>
 				<p>We need to create a directory for the website to live, and add a basic webpage to it. Websites typically live in <strong>/var/www/</strong> but sometimes in users home directories, or elsewhere. We'll stick with the former</p>
 				<h2>Change directory permissions to www-user</h2>
 				<p>Nginx's default group is www-user, so to serve the website we'll grant permissions to www-user</p>
 				<h3>Add user account to www-user</h3>
 				<p>Make it easier...</p>
 				<h2>Create an nginx site config</h2>
 				<p>To get nginx to check the domain, and return the correct website, we need to configure it to do so</p>
 				<p>Create a file in</p>
 				<pre><code>/etc/nginx/sites-available/<DOMAIN-NAME></code></pre>
 				<p>Containing the contents below. This will set the server to listen on port 80 (http) for any requests from the domain name set. It will then direct the root domain to the directory in root, and set the index page the file index.html, or index.htm if the former wasn't found</p>
 <pre><code>server {
 	listen    80 default ;
 	listen    [::]:80 ;
 	server_name  <DOMAIN-NAME> ;
 	location / {
 	     root   /var/www/<DOMAIN-NAME> ;
 	     index  index.html index.htm ;
 	}</code></pre>
 				<h3>Create a symlink to sites-enables</h3>
 				<p>Now to get nginx to check this config we'll need to symlink it to from sites-available, to sites-enabled</p>
 				<pre><code>sudo ln -s /etc/nginx/sites-available/<DOMAIN-NAME> /etc/nginx/sites-enabled/</code></pre>
 				<h3>Reload nginx</h3>
 				<pre><code>sudo systemctl reload nginx</code></pre>
 				<p>If the above command fails, you can check your nginx config for errors with</p>
 				<pre><code>sudo nginx -t</code></pre>
 				<p>Then once any errors have been fixed, reload nginx again, and it should be good to go</p>
 				<h2>Add a basic webpage</h2>
 				<p>So we can tell the config is working, we'll add a basic webpage.</p>
 				<h2>Check the website</h2>
 				<p>In your browser enter the domain name we've just setup in nginx, and you'll see that the basic HTML page we've created is being displayed</p>
 			</section>
 		</main>
 		<footer>
 			<hr/>
 			<p>Written by <a href="http://aney.co.uk" target="_blank" rel="noopener">@aney</a> with <a href="https://danluu.com/web-bloat/" target="_blank" rel="noopener">web bloat</a> in mind | <a href="https://github.com/Aney/website" target="_blank" rel="noopener">Source Code</a></p>
 		</footer>
 	</body>
 </html>