Instalacion de Nginx | Profesor, Carlos Lucero

Editar /etc/hostname y colocar el nombre del servidor

sudo nano /etc/hostname

Editar /etc/hosts y colocar el nombre del servidor

sudo nano /etc/hosts

o con hostnamectl de la siguiente forma

hostnamectl set-hostname SU_SERVIDOR

Lo verificamos con

hostname -f

Instalar Nginx y crear las claves ssl

sudo apt install nginx

Crear claves ssl (omitir si se instalo mkcert y se crearon claves validas)

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt

crear el archivo dhparam.pem

sudo openssl dhparam -out /etc/nginx/dhparam.pem 4096

Dar permiso correcto a las carpetas y agregando al usuario al grupo www-data

sudo chgrp -R www-data /var/www/html
sudo find /var/www -type d -exec chmod 2775 {} ;
sudo find /var/www -type f -exec chmod ug+rw {} ;
sudo usermod -a -G www-data $USER

Si se va a instalar Jitsi omitir el resto

editar o crear /etc/nginx/snippets/ssl-params.conf

ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
#Disable strict transport security for now. You can uncomment the following
#line if you understand the implications.
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

editar o crear /etc/nginx/snippets/self-signed.conf

ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

editar /etc/nginx/sites-available/default.conf

server {
listen 80;
listen [::]:80;
root /var/www/html;
index index.php index.html index.htm;
server_name example.com www.example.com;
return 302 https://$server_name$request_uri;
location / {
try_files $uri $uri/ =404;
}
# pass PHP Script to Fast CGI server
#
location ~.php${
include snippers/fastcgi-php.conf;
#
#
# With php-fpm (or other unix sockets):
                 fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;# 
#With php-cgi (or other tcp sockets):
#fastcgi_pass 127.0.0.1:9000;
}
}

editar /etc/nginx/sites-available/default-ssl.conf

server {
listen 443 ssl;
listen [::]:443 ssl;
include snippets/self-signed.conf;
include snippets/ssl-params.conf;
server_name example.com www.example.com;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
}

Crear los enlaces simbólicos

sudo ln -s /etc/nginx/sites-available/default.conf /etc/nginx/sites-enabled/
sudo ln -s /etc/nginx/sites-available/default-ssl.conf /etc/nginx/sites-enabled/

Para probar si hay errores en la configuración

sudo nginx -t

Otro sitio más de Los Lucero