Nginx
Web server and reverse proxy. Used to serve static files and route traffic to your applications.
Installation
sudo apt install nginx
sudo systemctl enable nginx
sudo systemctl start nginx
File Structure
/var/www/— where your websites live. You can delete the default/var/www/htmland clone your projects here./etc/nginx/sites-available/— config files for each site (inactive until linked)./etc/nginx/sites-enabled/— symlinks to active sites.
Rate Limiting
Define a rate limit zone in /etc/nginx/nginx.conf, inside the http {} block:
http {
limit_req_zone $binary_remote_addr zone=general:10m rate=10r/s;
...
}
| Parameter | Description |
|---|---|
$binary_remote_addr |
Key per client IP |
zone=general:10m |
Zone named general, 10MB of memory (~160k IPs) |
rate=10r/s |
Max 10 requests per second per IP |
Configure a Site
Create a config file in sites-available:
sudo nano /etc/nginx/sites-available/lucasgoi.fr
server {
server_name lucasgoi.fr;
location / {
limit_req zone=general burst=20 nodelay;
root /var/www/lucasgoi.fr/lucasgoi-website;
index index.html;
}
}
| Directive | Description |
|---|---|
zone=general |
Uses the zone defined in nginx.conf |
burst=20 |
Allows up to 20 queued requests above the rate limit |
nodelay |
Excess burst requests are processed immediately (not delayed) |
| Directive | Description |
|---|---|
server_name |
Domain(s) this block responds to |
root |
Path to the website files |
index |
Default file to serve |
Then enable it by creating a symlink to sites-enabled:
sudo ln -s /etc/nginx/sites-available/lucasgoi.fr /etc/nginx/sites-enabled/lucasgoi.fr
Test and reload:
sudo nginx -t # check config for errors
sudo systemctl reload nginx
Firewall
Allow Nginx through UFW:
sudo ufw allow 'Nginx Full' # HTTP (80) + HTTPS (443)
# or
sudo ufw allow 'Nginx HTTP' # HTTP only
sudo ufw allow 'Nginx HTTPS' # HTTPS only