Nginx

Nginx is a fast and powerful web server.

Install
The version of nginx in Debian Jessie support the deprecated SPDY protocol. Using the version from jessie-backports allows to get support for HTTP/2.

conf.d
The conf.d folder stores shared configuration shared between all the sites hosted on your server.

Create the following files: See documentation to install PHP.


 * Generate file  with

snippets
The snippets folder allows you to store bits of configuration that you can later include in virtual hosts configuration.This saves a lot of typing and errors when creating a new site. See Let’s Encrypt

Obviously, you need to replace the example IP addresses by the one of your server. You can get the IP of your server with the commands  and.

Create Password File
If you want different website to have different users, you can create as many password files as you want.

Add User
To update a password user, just run the same command.

Nginx will pick the modified file automatically. There is nothing to restart.

Use
To restrict access to a site or part of it, add the following lines to a  or   config

Firewall
You need to open TCP ports 80 and 443 in your firewall.

New Site
This section shows how to create a new website in your Nginx server. Instructions here a very generic and will need to be adapted for your specific case.

In the following sections, we are showing the conf for a site called mysite.example.org. You need to replace all occurrences of mysite.example.org by the name of the site you want to create.

Fail2Ban
Webservers are usually a good target for hackers. A lot of them contain outdated, insecure and misconfigured software and if your server run languages like PHP, the attacker would be able to execute pretty much any action once he cracked your server.

Warning: The rules described here protect against generic attacks on your webserver. If you install some specific software that has it's own authentication (owncoud, roundcube...) you need to create rules for it.

nginx-http-auth
First rule is pretty simple simple. It protect against http authentication (the ugly popups asking your password before you enter the site).

Create file

nginx-botsearch
This rule match 404 errors when bots try to find unsecure software on your server. While it should generally work fine, you should check ban report to make sure you don't lock out legitimate users.

Create file