Get the Latest Version of Nginx on Debian 12

While Debian’s default repositories provide a stable version of Nginx, using the official Nginx repository ensures you have access to the latest features, security updates, and performance improvements as soon as they’re released. This guide walks you through installing and configuring Nginx directly from the official repository on Debian 12 (Bookworm), helping you maintain a modern and secure web server setup.

Prerequisites

Root access to a Debian 12 system
Basic knowledge of Linux command line
Text editor of your choice

Installation Steps

1. Update System Packages

First, update your system’s package list and upgrade existing packages:

apt update && apt upgrade -y

2. Install Required Dependencies

Install necessary packages for adding the Nginx repository:

apt install curl wget gnupg2 ca-certificates lsb-release -y

3. Add the Official Nginx Repository

Import the Nginx signing key and verify it:

wget -O- https://nginx.org/keys/nginx_signing.key | gpg --dearmor -o /etc/apt/trusted.gpg.d/nginx.gpg
gpg --dry-run --quiet --import --import-options import-show /etc/apt/trusted.gpg.d/nginx.gpg

Add the official Nginx repository:

echo "deb http://nginx.org/packages/debian `lsb_release -cs` nginx" > /etc/apt/sources.list.d/nginx.list

4. Set Repository Priority

Create a preference file to ensure packages from the Nginx repository take precedence:

echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" | sudo tee /etc/apt/preferences.d/99nginx

5. Install Nginx

Update package list and install Nginx:

apt update
apt install nginx -y

6. Verify Installation

Check the installed Nginx version:

nginx -v

7. Configure System Directories

Create necessary directories with proper permissions:

mkdir -p -m 0755 /var/www/html
chown -R www-data:www-data /var/www/html

mkdir /etc/nginx/{modules-available,modules-enabled,sites-available,sites-enabled,snippets}

8. Configure Security Headers

Create a security headers configuration snippet:

cat > /etc/nginx/snippets/security-headers.conf << EOF
add_header X-Frame-Options "SAMEORIGIN";
add_header 'Referrer-Policy' 'strict-origin';
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header Content-Security-Policy "default-src https: data: 'unsafe-inline' 'unsafe-eval'" always;
add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";
EOF

9. Configure Main Nginx Configuration

Create a secure base configuration:

cat > /etc/nginx/nginx.conf <<EOF
user  www-data;
worker_processes  auto;
pid        /var/run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
    worker_connections  1024;
}
http {
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    types_hash_max_size 2048;

    include       snippets/security-headers.conf;

    server_tokens off;

    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;

    access_log  /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    gzip  on;

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}
EOF

10. Configure Automatic Restart

Set up automatic restart for Nginx in case of failures:

mkdir -p /etc/systemd/system/nginx.service.d/
echo -e "[Service]\nRestart=always\nRestartSec=10s" > /etc/systemd/system/nginx.service.d/restart.conf
systemctl daemon-reload

11. Test and Start Nginx

Test the configuration and start the service:

nginx -t
systemctl enable nginx
systemctl start nginx

12. Verify Installation

Check if Nginx is running properly:

systemctl status nginx
curl http://127.0.0.1

Troubleshooting

If you receive a 403 Forbidden error when accessing the default page, check:

Directory permissions for /var/www/html
SELinux settings if enabled
Nginx user permissions

Service Management

Common service management commands:

systemctl start nginx    # Start Nginx
systemctl stop nginx    # Stop Nginx
systemctl restart nginx # Restart Nginx
systemctl status nginx  # Check status
nginx -t               # Test configuration

Security Considerations

This configuration includes:

Modern SSL/TLS settings
Security headers for protection against common web vulnerabilities
Disabled server tokens to prevent version information leakage
Automatic restart capability for improved reliability

Next Steps

This tutorial covered the basic installation and configuration of Nginx using the official repository. For more advanced configurations, check out our related tutorials:

Setting up Virtual Hosts in Nginx
Implementing SSL/TLS Certificates with Nginx
Configuring Rate Limiting for Nginx
Creating a Reverse Proxy with Nginx
Custom Error Pages in Nginx

Each of these topics will be covered in detail in separate articles, helping you build a robust and secure web server infrastructure.

Remember to regularly update your Nginx installation and monitor the logs for any issues.

Host Multiple Domains with Nginx on Ubuntu 22.04.

ByPieter Bakker 24/03/202320/06/2023

In a previous article, we showed you how to set up a full LEMP stack on Ubuntu 22.04 with the latest stable version of Nginx, MariaDB and PHP, which will serve as the foundation for a reliable and performance-focused hosting platform. Nginx is a fast, lightweight and powerful web server that can also be used…

Nginx

Updating Your NGINX PGP Key on Debian/Ubuntu

ByPieter Bakker 13/10/202414/10/2024

If you’ve previously followed our guide on installing NGINX, it’s important to note that the NGINX PGP key has been updated. To maintain the security and integrity of your NGINX installation, you’ll need to update your PGP key. In this post, we’ll walk you through the necessary steps for Debian and Ubuntu systems. Updating Your…

systemd | Debian

Limiting Systemd Journal Size: Preventing Log File Bloat

ByPieter Bakker 27/11/202429/11/2024

Introduction System logs are crucial for debugging, monitoring, and understanding your Linux system’s behavior. However, unchecked journal growth can quickly consume valuable disk space, potentially impacting system performance and available storage. This guide provides a practical approach to managing systemd journal sizes across Debian and other systemd-based Linux distributions. Understanding Systemd Journals Systemd journals collect…

Debian | Linux | PC engines Alix

Installing Debian 12 on PC Engines ALIX

ByPieter Bakker 17/11/202417/11/2024

This guide provides detailed instructions for installing Debian 12 (Bookworm) on PC Engines ALIX system boards with comprehensive write protection mechanisms. While tested on the ALIX.2d13, these instructions should work for other ALIX models as well. Hardware Requirements Prerequisites Before starting the installation, ensure you have: 1. BIOS Configuration 2. Environment Setup First, set up…

Debian | fail2ban

Secure Debian 12 with Fail2ban and nftables

ByPieter Bakker 07/11/202408/11/2024

In a previous article, we covered how to protect your Debian 12 server with nftables, where we configured a custom SSH port and locked down access to your server. As a follow-up, this guide will show you how to set up Fail2ban to add an additional layer of security by automatically banning IP addresses that…

Caching | Nginx | Wordpress

How to solve “page cache is not detected but the server response time is ok” in WordPress Site Health.

ByPieter Bakker 12/07/202313/07/2023

If you don’t use any of the popular caching plugins (e.g. WP-Rocket, W3 Total Cache, WP Super Cache…), but instead deploy Nginx FastCGI cache for (server side) Full Page Caching, you will probably see the message “page cache is not detected but the server response time is ok” when you run the “Site Health” checker…

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.