Nginx¶

nginx is a web server that's smaller, faster and simpler than Apache and easy to configure.

Start Unicorn first.

Then install nginx.

apt-get install nginx

For security, it's recommended that you disable IP address logging for all requests to the web server. Add the following custom log definition to /etc/nginx/nginx.conf in the first http {} block.

    log_format no_ip_no_referer '[$time_local]  '
                    '"$request" $status $body_bytes_sent '
                    '"$http_user_agent"';

    access_log  /var/log/nginx/access.log no_ip_no_referer;

The configuration file attached to this document requires edits for hostnames, paths and SSL certificates. Copy it to /etc/nginx/sites-available/default. This configuration assumes you only want a HTTPS server. It will work only if you have a valid SSL certificate and key for your domain name.

If you want an insecure quick start, you can use the Debian default self-signed "snakeoil" certificate (/etc/ssl/certs/ssl-cert-snakeoil.pem) and key (/etc/ssl/private/ssl-cert-snakeoil.key).

If you will only run this single domain in nginx, set the configuration as the default. If you have multiple domains (server aliases, in nginx parlance) you will have to choose a different name when making the following symlink to start the server at boot.

cd /etc/nginx/sites-enabled
ln -s ../sites-available/default default
/etc/init.d/nginx restart

If you wish to have the strictest SSL configuration for the web application, ensure the configuration has the following options. Setting this option will disable support for some older browsers, notably, Internet Explorer 6

ssl_ciphers  HIGH:!aNULL:!MD5;
ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;  # don’t use SSLv3 ref: POODLE