> ## Documentation Index
> Fetch the complete documentation index at: https://docs.americ.io.vn/llms.txt
> Use this file to discover all available pages before exploring further.

# nginx

> Web server/Reverse proxy/Load balancer/Mail proxy/HTTP cache

> 🗎 Refs: \
> [http://nginx.org/en/docs/beginners\_guide.html#control](http://nginx.org/en/docs/beginners_guide.html#control) \
> [https://www.digitalocean.com/community/tools/nginx](https://www.digitalocean.com/community/tools/nginx) \
> [https://linuxconfig.org/how-to-check-nginx-status-on-ubuntu](https://linuxconfig.org/how-to-check-nginx-status-on-ubuntu)

#### Check status

```shell theme={null}
systemctl status nginx
```

#### Check configs

```shell theme={null}
 sudo nginx -t
```

#### Remove configs

```shell theme={null}
sudo rm -f /etc/nginx/sites-enabled/<domain>
sudo rm -f /etc/nginx/sites-available/<domain>
sudo nginx -t
sudo systemctl reload nginx
```

#### Modified default

```shell theme={null}
##
# Catch-all for unknown domains (HTTP + HTTPS)
##

# --- HTTP (port 80) ---
server {
    listen 80 default_server;
    server_name _;

    access_log /var/log/nginx/catchall_access.log;
    error_log  /var/log/nginx/catchall_error.log warn;

    return 404 "Unknown domain (HTTP): $host\n";
}

# --- HTTPS (port 443) ---
server {
    listen 443 ssl default_server;
    server_name _;

    # Dummy self-signed cert (or reuse forextooldev cert if you prefer)
    ssl_certificate     /etc/nginx/ssl/dummy.crt;
    ssl_certificate_key /etc/nginx/ssl/dummy.key;

    access_log /var/log/nginx/catchall_access.log;
    error_log  /var/log/nginx/catchall_error.log warn;

    return 404 "Unknown domain (HTTPS): $host\n";
}
```

#### Dummy cert/key

```shell theme={null}
sudo mkdir -p /etc/nginx/ssl

sudo openssl req -x509 -nodes -newkey rsa:2048 -days 365 \
  -keyout /etc/nginx/ssl/dummy.key \
  -out /etc/nginx/ssl/dummy.crt \
  -subj "/CN=localhost"
```

#### Replace to modified default

```shell theme={null}
sudo rm -f /etc/nginx/sites-enabled/default
sudo nginx -t
sudo systemctl reload nginx
sudo vim /etc/nginx/sites-available/000-default
sudo ln -s /etc/nginx/sites-available/000-default /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
```

#### Nginx & Certbot

1. Prerequisites

```shell theme={null}
sudo mkdir -p /var/www/certbot/.well-known/acme-challenge
sudo chmod -R 755 /var/www/certbot
sudo chown -R $USER:$USER /var/www/certbot
```

1. /var/www/certbot

```nginx theme={null}
server {
    server_name rentalsdev.americ.io.vn www.rentalsdev.americ.io.vn;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    # your existing proxy / app config here
}
```

2. Active

```shell theme={null}
sudo nginx -t && sudo systemctl reload nginx
```

#### Quick actions for publishing a website

1. Create an Nginx config file: `/etc/nginx/sites-available/mysite.dev`.
2. Initialize config

```shell theme={null}
server {
    listen 80;
    server_name mysite.dev www.mysite.dev;
    root /var/www/mysite.dev/html;
    index index.html;

	# Web page
    location / {
        try_files $uri $uri/ /index.html;
    }

    # Proxy API requests to Express backend
    location /api {
        proxy_pass http://localhost:3001/api;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # Proxy /health to backend
    location = /health {
        proxy_pass http://localhost:3001/health;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
```

3. Enable config

```shell theme={null}
sudo ln -s /etc/nginx/sites-available/mysite.dev /etc/nginx/sites-enabled/
```

4. Test and reload Nginx

```shell theme={null}
sudo nginx -t && sudo systemctl reload nginx
```

5. SSL Setup

* Install Certbot

```shell theme={null}
sudo apt install certbot python3-certbot-nginx
```

* Install SSL certificate

```shell theme={null}
sudo rm -rf /etc/letsencrypt
sudo rm -rf /var/lib/letsencrypt
sudo certbot --nginx -d mysite.dev -d www.mysite.dev
```

6. Configure firewall

```shell theme={null}
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 22/tcp
```

7. Post check

* Access `https://mysite.dev`
* Check DNS resolution

```shell theme={null}
dig mysite.dev
```

8. One-click

```shell theme={null}
#!/bin/bash
set -e

DOMAIN="rentalsdev.americ.io.vn"
PORT="1991"
EMAIL="you@example.com"  # <-- Change this to your email

echo "🛠 Updating system and installing dependencies..."
sudo apt update
sudo apt install -y nginx certbot python3-certbot-nginx ufw

echo "🔓 Allowing NGINX Full profile in UFW..."
sudo ufw allow 'OpenSSH'
sudo ufw allow 'Nginx Full'
sudo ufw --force enable

echo "📄 Creating NGINX config for $DOMAIN..."

NGINX_CONF="/etc/nginx/sites-available/$DOMAIN"
sudo tee "$NGINX_CONF" > /dev/null <<EOF
server {
    listen 80;
    server_name $DOMAIN www.$DOMAIN;

    location / {
        proxy_pass http://localhost:$PORT;
        proxy_http_version 1.1;
        proxy_set_header Upgrade \$http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host \$host;
        proxy_cache_bypass \$http_upgrade;
    }
}
EOF

echo "🔗 Enabling site and testing NGINX..."
sudo ln -sf "$NGINX_CONF" /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

echo "🔐 Requesting SSL certificate for $DOMAIN..."
sudo certbot --nginx -d "$DOMAIN" -d "www.$DOMAIN" --non-interactive --agree-tos -m "$EMAIL"

echo "♻️ Reloading NGINX with SSL configuration..."
sudo systemctl reload nginx

echo "✅ DONE: HTTPS is live for https://$DOMAIN"
dig mysite.dev
```
