I often find myself setting up a new domain/website for a new project. In order to streamline the setup process, I have this handy guide with step by step instructions on how to setup an NGINX server on Ubuntu in 10 minutes.
- Install the latest LEMP module from the Digital Ocean marketplace.
- Add a new sudo user using the following commands:
adduser advait
usermod -aG sudo advait
- Upgrade all existing dependencies using the following commands:
sudo apt update
sudo apt upgrade
sudo apt full-upgrade
sudo apt autoremove
sudo reboot
- Setup domain folders by creating the following directories in /var/www/:
sudo mkdir domain.ext
cd domain.ext
sudo mkdir cron_scripts
sudo mkdir executables
sudo mkdir public_html
sudo touch public_html/index.html
- Secure the directory permissions using the following commands:
sudo chown -R advait /var/www/
sudo chgrp -R www-data /var/www/
sudo chmod -R 750 /var/www/
sudo chmod g+s /var/www/
- Setup NGINX Server Blocks using the following commands:
- Go to /etc/nginx/sites-available/
- Remove any existing files and their syslinks from /sites-enabled as well
- Create a server block for your domain using the following command:
- sudo vi domain.ext
- Enter the following server block template and replace the variables with the correct values:
-
server {
root /var/www/domain.ext/public_html;
index index.php index.html index.htm index.nginx-debian.html;
server_name domain.ext;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php8.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
-
- Create a syslink to sites-enables using the following commands:
sudo ln -s /etc/nginx/sites-available/domain.ext /etc/nginx/sites-enabled/
- Verify that the configuration syntax is OK by using the following command:
sudo nginx -t
- Restart the server using the following command:
sudo systemctl restart nginx
- Open NGINX config using the following command:
sudo vi /etc/nginx/nginx.conf
- Make sure the following lines are uncommented:
server_names_hash_bucket_size 64;
server_tokens off;
- Add the following to the top of the http block:
more_set_headers 'Server: ';
- Make sure the following lines are uncommented:
- Install dependencies:
- Install nginx-extras using the following command:
sudo apt install nginx-extras
- Reboot the server for changes to take effect:
sudo systemctl restart nginx
- Install nginx-extras using the following command:
- Turn off MySQL strict mode by opening MySQL conf with the following command:
vi /etc/mysql/my.cnf
and adding the following line under [mysqld] (adding mysqld block if it doesn't exist):sql_mode=
. Following this reboot the server using the commandreboot
. - Setup PHPMyAdmin:
- Go to the website root directory using:
cd /var/www/domain.ext/public_html/
- Create the database directory using the following command:
mkdir database
- Get the latest PHPMyAdmin application download URL from https://www.phpmyadmin.net/downloads/ and download the zip file using the following command:
wget https://files.phpmyadmin.net/phpMyAdmin/5.2.0/phpMyAdmin-5.2.0-all-languages.zip
- Install zip/unzip:
sudo apt install zip unzip
- Unzip PHPMyAdmin and rename the unzipped folder to a random value like dEpofpP923iFFoid or some similar randomized value (obfuscate the directory to make it harder for strangers to find the PHPMyAdmin folder)
- Setup config.inc.php
- Open the PHPMyAdmin folder using
mkdir dEpofpP923iFFoid
- Add a similarly randomized string for the blowfish secret
- Add the following to the cfg array
- $cfg['TempDir'] = '/tmp';
- $cfg['ExecTimeLimit'] = 0;
- $cfg['TablePrimaryKeyOrder'] = 'DESC';
- Open the PHPMyAdmin folder using
- Go to the website root directory using:
- Change your DNS A record to match your server's IP address
- Setup HTTPS for your domain via CertBot by running:
sudo certbot --nginx
- Setup a MYSQL user for PHPMyAdmin database administration:
- Enter MYSQL using the following command:
sudo mysql
- Create a MYSQL user with all access using the following commands:
CREATE USER 'adminUser'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'adminUser'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
- Enter MYSQL using the following command:
- Similarly, setup a MYSQL user for programmatic access (without administration privileges)