1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
|
+++
date = 2022-02-16
title = "Migrating to a New Web Server Setup with Debian, Nginx, and Agate"
description = ""
draft = false
+++
# Server OS: Debian
I\'ve used various Linux distributions throughout the years, but I\'ve
never used anything except Ubuntu for my servers. Why? I really have no
idea, mostly just comfort around the commands and software availability.
However, I have always wanted to try Debian as a server OS after testing
it out in a VM a few years ago (side-note: I\'d love to try Alpine too,
but I always struggle with compatibility). So, I decided to launch a new
VPS and use [Debian](https://www.debian.org) 11 as the OS. Spoiler
alert: it feels identical to Ubuntu for my purposes.
I did the normal things when first launching the VPS, such as adding a
new user, locking down SSH, etc. If you want to see that level of
detail, read my other post about [How to Set Up a VPS Web
Server](https://cleberg.net/blog/how-to-set-up-a-vps-web-server/).
All of this has been similar, apart from small things such as the
location of users\' home folders. No complaints at all from me - Debian
seems great.
# Web Server: Nginx
Once I had the baseline server configuration set-up for Debian, I moved
on to trying out [Nginx](https://nginx.org) as my web server software.
This required me to install the `nginx` and `ufw`
packages, as well as setting up the initial UFW config:
```sh
sudo apt install nginx ufw
sudo ufw allow 'Nginx Full'
sudo ufw allow SSH
sudo ufw enable
sudo ufw status
sudo systemctl status nginx
```
Once I had the firewall set, I moved on to creating the directories and
files for my website. This is very easy and is basically the same as
setting up an Apache server, so no struggles here.
```sh
sudo mkdir -p /var/www/your_domain/html
sudo chown -R $USER:$USER /var/www/your_domain/html
sudo chmod -R 755 /var/www/your_domain
nano /var/www/your_domain/html/index.html
```
The next part, creating the Nginx configuration files, is quite a bit
different from Apache. First, you need to create the files in the
`sites-available` folder and symlink it the
`sites-enabled` folder.
Creating the config file for your domain:
```sh
sudo nano /etc/nginx/sites-available/your_domain
```
Default content for an Nginx config file:
```sh
server {
listen 80;
listen [::]:80;
root /var/www/your_domain/html;
index index.html index.htm index.nginx-debian.html;
server_name your_domain www.your_domain;
location / {
try_files $uri $uri/ =404;
}
}
```
Finally, symlink it together:
```sh
sudo ln -s /etc/nginx/sites-available/your_domain /etc/nginx/sites-enabled/
```
This will make your site available to the public (as long as you have
`your_domain` DNS records pointed at the server\'s IP
address)!
Next, I used [certbot](https://certbot.eff.org/) to issue an HTTPS
certificate for my domains using the following commands:
```sh
sudo apt install snapd; sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --nginx
```
Now that certbot ran successfully and updated my Nginx config files to
include a `443` server block of code, I went back in and
edited the config file to include security HTTP headers. This part is
optional, but is recommended for security purposes; you can even test a
website\'s HTTP header security at [Security
Headers](https://securityheaders.com/).
The configuration below shows a set-up where you only want your website
to serve content from its own domain, except for images and scripts,
which may come from `nullitics.com`. All other content would
be blocked from loading in a browser.
```sh
sudo nano /etc/nginx/sites-available/your_domain
```
```sh
server {
...
add_header Content-Security-Policy "default-src 'none'; img-src 'self' https://nullitics.com; script-src 'self' https://nullitics.com; style-src 'self'; font-src 'self'";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options "DENY";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
add_header Referrer-Policy "no-referrer";
...
}
```
```sh
sudo systemctl restart nginx
```
## Nginx vs. Apache
As I stated at the beginning, my historical hesitation with trying Nginx
was that the differences in configuration formats scared me away from
leaving Apache. However, I prefer Nginx to Apache for a few reasons:
1. Nginx uses only one config file (`your_domain`) vs.
Apache\'s two-file approach for HTTP vs. HTTPS
(`your_domain.conf` and
`your_domain-le-ssl.conf`).
2. Symlinking new configurations files and reloading Nginx are way
easier than Apache\'s process of having to enable headers with
`a2enmod mod_headers`, enable PHP with
`a2enmod php` (plus any other mods you need), and then
enabling sites with `a2ensite`, and THEN reloading
Apache.
3. The contents of the Nginx config files seem more organized and
logical with the curly-bracket approach. This is a minor reason, but
everything just felt cleaner while I was installing my sites and
that had a big quality of life impact on the installation for me.
They\'re both great software packages, but Nginx just seems more
organized and easier to use these days. I will certainly be exploring
the Nginx docs to see what other fun things I can do with all of this.
# Gemini Server: Agate
Finally, I set up the Agate software on this server again to host my
Gemini server content, using Rust as I have before. You can read my
other post for more information on installing Agate: [Hosting a Gemini
Server](https://cleberg.net/blog/hosting-a-gemini-server/).
All in all, Debian + Nginx is very slick and I prefer it over my old
combination of Ubuntu + Apache (although it\'s really just Nginx \>
Apache for me, since Debian seems mostly the same as Ubuntu is so far).
|
