Based on Debian 10 "Buster" environment.

Nginx

Set up nginx as the webserver.

nginx

Installation

“nginx” package has some variation according to the included functionalities. For ordinal purpose, just normal nginx (meta-package for nginx-full) should work. The list of modules for each package can be found at the package explanation. If you need more than nginx-extras, you have to build whatever you need by yourself. It’s a different point than the apache webserver.

# apt install nginx ssl-cert

Open the port for http/https. After installing nginx, ufw should know about the port nginx uses.

# ufw app list
* snip *
Nginx Full
Nginx HTTP
Nginx HTTPS
* snip *

You can open 80 and 443 manually, or just let ufw open the port related to nginx.

# ufw allow 'Nginx Full'

Site configuration

Simplest example

Like Apache2, nginx store the website configuration file at /etc/nginx/sites-available. To enable the configuration, just add a symlink to that config file at /etc/nginx/sites-enabled.
The default file is a template of a site configuration file. The simple version should look like below.
(I don’t explain each line in detail. Please refer to the default configuration file, manuals, books or other sites.)

server {
        listen 80;
        listen [::]:80;

        server_name example.jp;

        root /var/www/html;

        index index.html;

        location / {
                try_files $uri $uri/ =404;
        }

        access_log /var/log/nginx/example.jp-access.log;
        error_log /var/log/nginx/example.jp-error.log;
}

To enable this configuration, make a symlink at /etc/nginx/sites-enabled and reload nginx.
Reload is required if anything changed in the configuration file.

# cd /etc/nginx/sites-enabled
# ln -s /etc/nginx/sites-available/example.jp example.jp
# systemctl reload nginx

Enable PHP

For common CMS such as WordPress or Concrete5, PHP is required. Integrate PHP fpm to this site configuration. (They are also written in default configuration.)

server {
        listen 80;
        listen [::]:80;

        server_name example.jp;

        root /var/www/html;

        # Add index.php to the list if you are using PHP
        index index.html index.php;

        location / {
                try_files $uri $uri/ =404;
        }

        access_log /var/log/nginx/example.jp-access.log;
        error_log /var/log/nginx/example.jp-error.log;

        # pass PHP scripts to FastCGI server
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
        
                # With php-fpm (or other unix sockets):
                fastcgi_pass unix:/run/php/php7.3-fpm.sock;
        }
}

PHP and fpm is already installed at the beginning, so the snippets and a socket is ready. If the CMS is Concrete5, then the URL will look like “~/index.php/something”. To work with this style, “\.php$” has to be “\.php($|/)”. (See Concrete5 explanation for detail.)

Enable HTTPS

How to get the “Let’s encrypt” certificate to your domain is another article. Here is the example to use the test certificate just to check if ssl/tls connection can be enabled.
With the ssl-cert package, testing certificates “snakeoil” are stored at /etc/ssl/ and snippets are ready.

server {
        listen 443 ssl;
        listen [::]:443 ssl;

        include snippets/snakeoil.conf;

        server_name example.jp;

        root /var/www/html;

        index index.html index.php;

        location / {
                try_files $uri $uri/ =404;
        }

        access_log /var/log/nginx/example.jp-access.log;
        error_log /var/log/nginx/example.jp-error.log;

        # pass PHP scripts to FastCGI server
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
        
                # With php-fpm (or other unix sockets):
                fastcgi_pass unix:/run/php/php7.3-fpm.sock;
        }
}

When the port number is changed from 80 to 443, you need to add “ssl” after the port number. After you get a proper certificate, create another snippet for that certificate and change the configuration.
With the above settings, the https connection is available (with the security alert about the certificate problem).

Redirect HTTP to HTTPS

To redirect the http connection to https, use “return” according to the nginx documents.

server {
        listen 80;
        listen [::]:80;
        server_name example.jp;
        return 301 https://example.jp$request_uri;
}

server {
        listen 443 ssl;
        listen [::]:443 ssl;

        include snippets/snakeoil.conf;

        server_name example.jp;

        root /var/www/html;

        index index.html index.php;

        location / {
                try_files $uri $uri/ =404;
        }

        access_log /var/log/nginx/example.jp-access.log;
        error_log /var/log/nginx/example.jp-error.log;

        # pass PHP scripts to FastCGI server
        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
        
                # With php-fpm (or other unix sockets):
                fastcgi_pass unix:/run/php/php7.3-fpm.sock;
        }
}