1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
|
+++
date = 2022-02-16
title = "Migrating to a New Web Server Setup with Debian, Nginx, and Agate"
description = ""
draft = false
+++
# Server OS: Debian
I've used various Linux distributions throughout the years, but I've never
used anything except Ubuntu for my servers. Why? I really have no idea, mostly
just comfort around the commands and software availability.
However, I have always wanted to try Debian as a server OS after testing it out
in a VM a few years ago (side-note: I'd love to try Alpine too, but I always
struggle with compatibility). So, I decided to launch a new VPS and use
[Debian](https://www.debian.org) 11 as the OS. Spoiler alert: it feels identical
to Ubuntu for my purposes.
I did the normal things when first launching the VPS, such as adding a new user,
locking down SSH, etc. If you want to see that level of detail, read my other
post about [How to Set Up a VPS Web
Server](https://cleberg.net/blog/how-to-set-up-a-vps-web-server/).
All of this has been similar, apart from small things such as the location of
users' home folders. No complaints at all from me - Debian seems great.
# Web Server: Nginx
Once I had the baseline server configuration set-up for Debian, I moved on to
trying out [Nginx](https://nginx.org) as my web server software. This required
me to install the `nginx` and `ufw` packages, as well as setting up the initial
UFW config:
```sh
sudo apt install nginx ufw
sudo ufw allow 'Nginx Full'
sudo ufw allow SSH
sudo ufw enable
sudo ufw status
sudo systemctl status nginx
```
Once I had the firewall set, I moved on to creating the directories and files
for my website. This is very easy and is basically the same as setting up an
Apache server, so no struggles here.
```sh
sudo mkdir -p /var/www/your_domain/html
sudo chown -R $USER:$USER /var/www/your_domain/html
sudo chmod -R 755 /var/www/your_domain
nano /var/www/your_domain/html/index.html
```
The next part, creating the Nginx configuration files, is quite a bit different
from Apache. First, you need to create the files in the `sites-available` folder
and symlink it the `sites-enabled` folder.
Creating the config file for your domain:
```sh
sudo nano /etc/nginx/sites-available/your_domain
```
Default content for an Nginx config file:
```sh
server {
listen 80;
listen [::]:80;
root /var/www/your_domain/html;
index index.html index.htm index.nginx-debian.html;
server_name your_domain www.your_domain;
location / {
try_files $uri $uri/ =404;
}
}
```
Finally, symlink it together:
```sh
sudo ln -s /etc/nginx/sites-available/your_domain /etc/nginx/sites-enabled/
```
This will make your site available to the public (as long as you have
`your_domain` DNS records pointed at the server's IP address)!
Next, I used [certbot](https://certbot.eff.org/) to issue an HTTPS certificate
for my domains using the following commands:
```sh
sudo apt install snapd; sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --nginx
```
Now that certbot ran successfully and updated my Nginx config files to include a
`443` server block of code, I went back in and edited the config file to include
security HTTP headers. This part is optional, but is recommended for security
purposes; you can even test a website's HTTP header security at [Security
Headers](https://securityheaders.com/).
The configuration below shows a set-up where you only want your website to serve
content from its own domain, except for images and scripts, which may come from
`nullitics.com`. All other content would be blocked from loading in a browser.
```sh
sudo nano /etc/nginx/sites-available/your_domain
```
```sh
server {
...
add_header Content-Security-Policy "default-src 'none'; img-src 'self' https://nullitics.com; script-src 'self' https://nullitics.com; style-src 'self'; font-src 'self'";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options "DENY";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
add_header Referrer-Policy "no-referrer";
...
}
```
```sh
sudo systemctl restart nginx
```
## Nginx vs. Apache
As I stated at the beginning, my historical hesitation with trying Nginx was
that the differences in configuration formats scared me away from leaving
Apache. However, I prefer Nginx to Apache for a few reasons:
1. Nginx uses only one config file (`your_domain`) vs. Apache's two-file
approach for HTTP vs. HTTPS (`your_domain.conf` and
`your_domain-le-ssl.conf`).
2. Symlinking new configurations files and reloading Nginx are way easier than
Apache's process of having to enable headers with `a2enmod mod_headers`,
enable PHP with `a2enmod php` (plus any other mods you need), and then
enabling sites with `a2ensite`, and THEN reloading Apache.
3. The contents of the Nginx config files seem more organized and logical with
the curly-bracket approach. This is a minor reason, but everything just felt
cleaner while I was installing my sites and that had a big quality of life
impact on the installation for me.
They're both great software packages, but Nginx just seems more organized and
easier to use these days. I will certainly be exploring the Nginx docs to see
what other fun things I can do with all of this.
# Gemini Server: Agate
Finally, I set up the Agate software on this server again to host my Gemini
server content, using Rust as I have before. You can read my other post for more
information on installing Agate: [Hosting a Gemini
Server](https://cleberg.net/blog/hosting-a-gemini-server/).
All in all, Debian + Nginx is very slick and I prefer it over my old combination
of Ubuntu + Apache (although it's really just Nginx > Apache for me, since
Debian seems mostly the same as Ubuntu is so far).
|
