Skip links

NGINX Tutorial

Connecting to a server using ssh and Server IP

Download an SSH key and save it /somewhere/key.pem

chmod 400 <path-to-key-file>
ssh -i <path-to-key-file> ubuntu@<domain name>


ssh root@<IPAdress>

enter password
See if any updates are available


sudo apt update
 sudo apt install nginx
check if NGINX is running:
 systemctl status nginx
exit dialogue: qw
 sudo service nginx restart

Find out where anything NGINX related is

usually there are folders:

cd /etc/nginx

if this was successful nginx has files and is configured in some way. These folders are usually hidden and
cannot be found with ls -al

$ nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
$ nginx -V
nginx version: nginx/1.11.1
built by gcc 4.9.2 (Debian 4.9.2-10)
built with OpenSSL 1.0.1k 8 Jan 2015
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modulespath=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf ...

if there are any tests failed, this measn nginx is not configured properly. You might still find a running instance even though faulty setup.

See running NGINX processes

ps aux | grep nginx

Fire up NGINX at system start

sudo systemctl enable nginx
sudo systemctl reload nginx

Serve Static react website

 listen 80 default_server;
 root /KaiserFranzBlog/client/build;
 index index.html index.htm;
 server_name _;
 location / {
 try_files $uri $uri/ =404;

Debugging Nginx

Seing where errors are in the NGINX build

sudo nginx -t

should be successful to deploy

Standart NGINX default

under /etc/nginx/sites-available/default

## You should look at the following URL's in order to grasp a solid understanding
# of Nginx configuration files in order to fully unleash the power of Nginx.
# Generally, you will want to move this file somewhere, and start with a clean
# file but keep this around for reference. Or just disable in sites-enabled.
# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples.
# Default server configuration
server {
 listen 80 default_server;
 listen [::]:80 default_server;
 # SSL configuration
 # listen 443 ssl default_server;
 # listen [::]:443 ssl default_server;
 # Note: You should disable gzip for SSL traffic.
 # See:
 # Read up on ssl_ciphers to ensure a secure configuration.
 # See:
 # Self signed certs generated by the ssl-cert package
 # Don't use them in a production server!
 # include snippets/snakeoil.conf;
 root /var/www/html;
 # Add index.php to the list if you are using PHP
 index index.html index.htm index.nginx-debian.html;
 server_name _;
 location / {
# First attempt to serve request as file, then
 # as directory, then fall back to displaying a 404.
 try_files $uri $uri/ =404;
 # proxy_pass http://localhost:8080;
 # proxy_http_version 1.1;
 # proxy_set_header Upgrade $http_upgrade;
 # proxy_set_header Connection 'upgrade';
 # proxy_set_header Host $host;
 # proxy_cache_bypass $http_upgrade;
 # pass the PHP scripts to FastCGI server listening on
 #location ~ \.php$ {
 # include snippets/fastcgi-php.conf;
 # # With php7.0-cgi alone:
 # fastcgi_pass;
 # # With php7.0-fpm:
 # fastcgi_pass unix:/run/php/php7.0-fpm.sock;
 # deny access to .htaccess files, if Apache's document root
 # concurs with nginx's one
 #location ~ /\.ht {
 # deny all;
# Virtual Host configuration for
# You can move that to a different file under sites-available/ and symlink that
# to sites-enabled/ to enable it.
#server {
# listen 80;
# listen [::]:80;
# server_name;
# root /var/www/;
# index index.html;
# location / {
# try_files $uri $uri/ =404;
# }

Mern Stack

server {
 listen 80 default_server;
 server_name _;
 # react app & front-end files
 location / {
 root /KaiserFranzBlog/client/build;
 try_files $uri /index.html;
 # node api reverse proxy
 location /api/ {
 proxy_pass http://localhost:4000/;

Solving: Curl localhost displays html but no site in browser

  1. copy the url it is supposed to be hosted at and use “http” and “https”
  • maybe it is hosted with http and not https
  • Enable https for this server
 sudo ufw status
-> Status: inactive // firewall is inactive


only do it when you have an http served at the final url

generate a certificate

sudo mkdir /etc/nginx/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout
/etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
  • openssl: Tool um Zertifikate und Schlüssel zu verwalten und generieren.
  • req: Beschreibt ein X.509 certificate signing request für das Public Key Verfahren.
  • x509: Gibt an, statt eines CSR gleich ein selbstsigniertes Zertifikat auszustellen.
  • nodes: Zertifikat wird nicht über ein Kennwort geschützt. Damit kann nginx ohne weitere Aktion
  • (Eingabe des Kennworts) gestartet werden.
  • days 365: Beschreibt die Gültigkeit des Zertifikates für 365 Tage
  • newkey rsa:2048: Generiert das Zertifikat und einen 2048-bit langen RSA Schlüssel.
  • keyout: Gibt die Ausgabepfad und -datei für den Schlüssel an.
  • out: Gibt die Ausgabepfad und -datei des Zertifikates an.
Verified by MonsterInsights