https://launchpad.net/~nginx

# add-apt-repository ppa:nginx/stable
# apt-get update
# aptitude install nginx

# apt-get update
# aptitude install nginx

# service nginx status
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2019-04-06 14:50:15 CEST; 9min ago
     Docs: man:nginx(8)
  Process: 8408 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
  Process: 8826 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
  Process: 8820 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
 Main PID: 8828 (nginx)
    Tasks: 2 (limit: 2319)
   CGroup: /system.slice/nginx.service
           ├─8828 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
           └─8830 nginx: worker process

Apr 06 14:50:15 xxx systemd[1]: Starting A high performance web server and a reverse proxy server...
Apr 06 14:50:15 xxx systemd[1]: nginx.service: Failed to parse PID from file /run/nginx.pid: Invalid argument
Apr 06 14:50:15 xxx systemd[1]: Started A high performance web server and a reverse proxy server.

# netstat -anptu
Aktive Internetverbindungen (Server und stehende Verbindungen)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      8828/nginx: master
tcp6       0      0 :::80                   :::*                    LISTEN      8828/nginx: master

Serverweite Konfigurationen werden an folgender Datei vorgenommen:

nginx.conf

[...]
        server_tokens off;
[...]

Bei Nginx heißen die „virtual hosts“ innerhalb der Konfiguration „server“. Unter Ubuntu ist eine Dateistruktur ähnlich der von Apache vorhanden - gemeint sind die Ordner sites-available sowie sites-enabled.

/etc/nginx# ll
total 72
drwxr-xr-x   8 root root 4096 Apr  7 18:32 ./
drwxr-xr-x 112 root root 4096 Apr 12 21:13 ../
drwxr-xr-x   2 root root 4096 Nov  6 19:54 conf.d/
-rw-r--r--   1 root root 1077 Apr  6  2018 fastcgi.conf
-rw-r--r--   1 root root 1007 Apr  6  2018 fastcgi_params
-rw-r--r--   1 root root 2837 Apr  6  2018 koi-utf
-rw-r--r--   1 root root 2223 Apr  6  2018 koi-win
-rw-r--r--   1 root root 3957 Apr  6  2018 mime.types
drwxr-xr-x   2 root root 4096 Nov  6 19:54 modules-available/
drwxr-xr-x   2 root root 4096 Apr  7 14:07 modules-enabled/
-rw-r--r--   1 root root 1515 Apr  7 16:22 nginx.conf
-rw-r--r--   1 root root  180 Apr  6  2018 proxy_params
-rw-r--r--   1 root root  636 Apr  6  2018 scgi_params
drwxr-xr-x   2 root root 4096 Apr  7 22:05 sites-available/
drwxr-xr-x   2 root root 4096 Apr  7 20:31 sites-enabled/
drwxr-xr-x   2 root root 4096 Apr  7 14:07 snippets/
-rw-r--r--   1 root root  664 Apr  6  2018 uwsgi_params
-rw-r--r--   1 root root 3071 Apr  6  2018 win-utf

Nach Änderung der Konfiguration kann mit folgendem Befehl geprüft werden, ob die Konfiguration Fehler enthält:

# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Als root ausführen:

# apt-get update
# apt-get install software-properties-common
# add-apt-repository universe
# add-apt-repository ppa:certbot/certbot
# apt-get update
# apt-get install python3-certbot-nginx

certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email example@domain.de --domain example-website.de

# whereis certbot
certbot: /usr/bin/certbot /usr/share/man/man1/certbot.1.gz
# crontab -e

In die Crontab kommt dann beispielsweise folgendes rein:

# m h  dom mon dow   command
30 4 * * * /usr/bin/certbot renew >> /var/log/le-renew.log

Dann lassen wir noch unser Logfile rotieren:

/etc/logrotate.d/le-renew

/var/log/le-renew.log
{
    rotate 12
    weekly
    compress
    missingok
}

PHP im CGI-Modus mit einigen Modulen:

# aptitude install php7.2-bz2 php7.2-cli php7.2-common php7.2-curl php7.2-fpm php7.2-gd php7.2-intl php7.2-json php7.2-mbstring php7.2-mysql php7.2-opcache php7.2-readline php7.2-xml php7.2-zip

Läuft?

# service php7.2-fpm status
● php7.2-fpm.service - The PHP 7.2 FastCGI Process Manager
   Loaded: loaded (/lib/systemd/system/php7.2-fpm.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2019-04-13 17:24:28 CEST; 3min 27s ago
     Docs: man:php-fpm7.2(8)
 Main PID: 943 (php-fpm7.2)
   Status: "Processes active: 0, idle: 2, Requests: 0, slow: 0, Traffic: 0req/sec"
    Tasks: 3 (limit: 2319)
   CGroup: /system.slice/php7.2-fpm.service
           ├─943 php-fpm: master process (/etc/php/7.2/fpm/php-fpm.conf)
           ├─964 php-fpm: pool www
           └─965 php-fpm: pool www

Apr 13 17:24:28 xxx systemd[1]: Starting The PHP 7.2 FastCGI Process Manager...
Apr 13 17:24:28 xxx systemd[1]: Started The PHP 7.2 FastCGI Process Manager.

Folgende Zeilen dürfen nicht auskommentiert bleiben:

/etc/php/7.2/fpm/pool.d/www.conf

[...]
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp
[...]

/etc/php/7.2/fpm/php.ini

[...]
short_open_tag = On
[...]
open_basedir = /var/www/:/tmp/:/dev/urandom
[...]
expose_php = Off
[...]

/etc/php/7.2/cli/php.ini

[...]
short_open_tag = On
[...]
open_basedir = /var/www/:/tmp/:/dev/urandom
[...]
expose_php = Off
[...]

Logfile (PHP-FPM):

[23-Apr-2019 19:37:52] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it
[23-Apr-2019 21:08:16] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it
[23-Apr-2019 21:10:12] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it

/etc/php/7.2/fpm/pool.d/www.conf

; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 8

# service php7.2-fpm restart

# service nginx configtest
 * Testing nginx configuration                 [fail]

Was sagt das Errorlog?

/var/log/nginx/error.log

2019/12/07 17:06:07 [emerg] 14795#14795: "fastcgi_split_path_info" directive is not allowed here in /etc/nginx/snippets/fastcgi-php.conf:2
2019/12/07 17:07:07 [emerg] 14859#14859: "fastcgi_split_path_info" directive is not allowed here in /etc/nginx/snippets/fastcgi-php.conf:2

/etc/nginx/sites-available/your_domain

server {
    listen 80;
    listen [::]:80;

    server_name your_domain www.your_domain;
        
    location / {
        proxy_pass app_server_address;
        include proxy_params;
    }
}

/etc/nginx/proxy_params

proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;