In an ideal production environment, nothing will go to production without being tested. Applications, services, migrations, upgrades, patches, hot fixed, policies, new products, most likely everything will have to undergo testing before rolling out. As cybersecurity professionals, we need to have a site to conduct testing on vulnerable cipher suites using OpenSSL. We have decided to set up a testing site on the Nginx web server on Ubuntu. Please be with us to see how to set up a testing site on Ubuntu using the Nginx server.
Nginx is an open-source application primarily used as a feature-proof full-stack web server designed for maximum performance and stability. Initially, it started out as a web server. Later it is loaded with many more features. In addition to its HTTP server capabilities, it can function as a proxy server for email (IMAP, POP3, and SMTP), a reverse proxy, and a load balancer for web services. Now, this open-source application is being used for web serving, reverse proxying, SSL/TLS intercepting, web accelerating, caching, load balancing, media streaming, and more. Visit this site to know everything about Nginx.
There are many web server applications out there. But, we always prefer to use Nginx in all our testing for its array of features.
Nginx is one of the fastest web servers around. Its benchmarks are the highest among others.
It’s more than a web server. We can use it as an all-in-one multifunction tool. Web server, API gateway, reverse proxy, SSL/TLS interceptor, web accelerator, caching, load balancer, media streaming, and more.
NGINX has been at the forefront of development that fulfills modern web requirements.
Setting up a testing site on Nginx is not as difficult as you think. You may need to set up Nginx on your Ubuntu, Configure some basic firewall settings to allow the service on the UFW firewall. That’s it. We have added some optional steps like configuring server blocks and adding host file entry which will make your test setup more flexible.
Updating the repositories is the best practice to start with any deployments on Linux. This helps to keep the system with the latest build, updates, and patches.
$ sudo apt update && sudo apt upgrade
Nginx is included in the default repositories from 20.04 and later versions. Use this command to install Nginx on Ubuntu.
$ sudo apt-get install nginx
You can verify the installation of Nginx just by using the version command.
$ nginx -v
Make sure the service of the Nginx is active and running. See the commands to start, stop, check the status of the Nginx service here below.
To check the Status:
$ sudo systemctl status nginx
To start Nginx:
$ sudo systemctl start nginx
To stop Nginx:
$ sudo systemctl stop nginx
The start and stop commands shown in the previous step work for once. You may need to start the service at each reboot. You can set the Nginx service to either start or stop at the boot time. Run these commands to enable or disable the service at the boot time.
To enable Nginx at boot:
$ sudo systemctl enable nginx
To disable Nginx at boot:
$ sudo systemctl disable nginx
To reload the Nginx service (used to apply configuration changes):
$ sudo systemctl reload nginx
To hard restart of Nginx:
$ sudo systemctl restart nginx
Nginx installs a few profiles for the UFW firewall to allow the Nginx traffic to pass through the firewall.
To display the available Nginx profiles:
$ sudo ufw app list
Nginx installs a few profiles for the UFW firewall to allow the Nginx traffic to pass through the firewall.
To display the available Nginx profiles:
$ sudo ufw app list
To allow the Nginx traffic through the UFW firewall:
$ sudo ufw allow ‘nginx http’
To allow the encrypted Nginx traffic through the UFW firewall:
$ sudo ufw allow ‘nginx https’
To allow both HTTP and HTTPS:
$ sudo ufw allow ‘nginx full’
To reload the firewall rules:
$ sudo ufw reload
To verify the Nginx service, open the web browser and type this URL http://127.0.0.1. You will see the Nginx page if it is running on your machine.
If you are in the CLI terminal use the curl utility to load the page on CLI. Commands to install the curl utility and load the page on CLI are here.
$ sudo apt-get install curl
$ curl –i 127.0.0.1
The default Nginx html page is located in /var/www/html/index.nginx-debian.html. You can design this page by editing or replacing the HTML code of index.nginx-debian.html file.
Till now all the steps written are mandatory to set up a testing site on Nginx. The steps covered here are optional. However, we urge you to complete the following steps too because we have covered configuring server blocks and host file editing which are required to host multiple sites on a single Nginx server.
Most of the time you may need to host multiple sites/domains on a single web server. It reduces time, hardware, and power costs. Most of the modern web servers accomplish this via virtual hosts. In Nginx those virtual machines function as server blocks. Nginx has one default server block preconfigured. We are not going to tweak the default server block. We will create a new one for example site.
Create a directory for test site
Create a directory for your site under /var/www/.
$ sudo mkdir -p /var/www/exampledomain.com/html
Run these commands to set the permission and ownership of exampledomain.com directory.
$ sudo chown $USER:$USER /var/www/exampledomain.com
$ sudo chmod 755 /var/www/exampledomain.com
Use any text editor to create an index file. We have used nano editor in the demonstration. You can design this as per your needs.
$ sudo nano /var/www/exampledomain.com/html/index.html
Press CTRL+o to save the file and Press CTRL+x to exit the file in nano.
Create a configuration file for your server block.
$ sudo nano etc/nginx/sites-available/exampledomain.com
Write the below code inside the server block configuration file.
server {
listen 80;
root /var/www/exampledomain.com/html;
index index.html index.htm index.nginx.debian.html;
server_name exampledomain.com www.exampledomain.com;
location / {
try_files $uri $uri/ =404;
}
}
Press CTRL+o to save the file and Press CTRL+x to exit the file in nano.
Create a symbolic link to the configuration file in the startup directory.
To create symbolic link:
$ sudo ln -s etc/nginx/sites-available/exampledomain.com etc/nginx/sites-enabled
Run this command to restart the Nginx service.
$ sudo systemctl restart nginx
Issue this command to test the configurations.
$ sudo nginx –t
This step is again optional. However, we recommend adding a host entry to map the ip address with the testing domain. This will allow you to use the domain name directly in the browser.
Use this command to check the IP address of your system.
$ hostname –i
Edit the file etc/hosts in the nano editor.
$ sudo nano etc/hosts
Add the below line right below the localhost entry.
127.0.1.1 exampledomain.com www. exampledomain .com
Press CTRL+o to save the file and Press CTRL+x to exit the file in nano.
Command to restart Nginx service.
$ sudo systemctl restart nginx
http://exampledomain.com
You should see the browser loading the index page that you created in step 12.
This is how you can Set Up a Testing Site in Nginx on Ubuntu platform.
The Main website content: /var/www/html
The Main Nginx application files: etc/nginx
The main Nginx configuration file: etc/nginx/nginx.conf
Access logs which has every request to the server: /var/log/nginx/access.log
Error logs of Nginx: /var/log/ngins/error.log
List of all websites hosted on Nginx: etc/nginx/sites-available
List of websites actively being served by Nginx: etc/nginx/sites-enabled
It’s our pleasure to share such practical tutorials with you. Thanks for reading this post. Please don’t forget to share this with others.
You may also like these articles:
Arun KL is a cybersecurity professional with 15+ years of experience in IT infrastructure, cloud security, vulnerability management, Penetration Testing, security operations, and incident response. He is adept at designing and implementing robust security solutions to safeguard systems and data. Arun holds multiple industry certifications including CCNA, CCNA Security, RHCE, CEH, and AWS Security.
“Knowledge Arsenal: Empowering Your Security Journey through Continuous Learning”
"Cybersecurity All-in-One For Dummies" offers a comprehensive guide to securing personal and business digital assets from cyber threats, with actionable insights from industry experts.
BurpGPT is a cutting-edge Burp Suite extension that harnesses the power of OpenAI's language models to revolutionize web application security testing. With customizable prompts and advanced AI capabilities, BurpGPT enables security professionals to uncover bespoke vulnerabilities, streamline assessments, and stay ahead of evolving threats.
PentestGPT, developed by Gelei Deng and team, revolutionizes penetration testing by harnessing AI power. Leveraging OpenAI's GPT-4, it automates and streamlines the process, making it efficient and accessible. With advanced features and interactive guidance, PentestGPT empowers testers to identify vulnerabilities effectively, representing a significant leap in cybersecurity.
Tenable BurpGPT is a powerful Burp Suite extension that leverages OpenAI's advanced language models to analyze HTTP traffic and identify potential security risks. By automating vulnerability detection and providing AI-generated insights, BurpGPT dramatically reduces manual testing efforts for security researchers, developers, and pentesters.
Microsoft Security Copilot is a revolutionary AI-powered security solution that empowers cybersecurity professionals to identify and address potential breaches effectively. By harnessing advanced technologies like OpenAI's GPT-4 and Microsoft's extensive threat intelligence, Security Copilot streamlines threat detection and response, enabling defenders to operate at machine speed and scale.