Host Multiple Domains with Nginx on Ubuntu 22.04.

In a previous article, we showed you how to set up a full LEMP stack on Ubuntu 22.04 with the latest stable version of Nginx, MariaDB and PHP, which will serve as the foundation for a reliable and performance-focused hosting platform.

Nginx is a fast, lightweight and powerful web server that can also be used for reverse proxy, load balancing and caching. It is very performant and uses relatively few resources, making Nginx an ideal choice for a shared hosting platform, even on a low budget VPS with only one vCPU and a few Gigabytes of RAM.

In this article, we will learn how to configure Nginx to host multiple websites on the same server using the LEMP stack created earlier.

This tutorial requires you to be logged in as root, so switch to root user if you are not already.

sudo -i

To keep everything neatly separated, we will start by creating a new directory “/var/www/virtual” that will store all web directories and files from each of the individual hosted domains.

mkdir -p /var/www/virtual && chown -R www-data. /var/www/virtual

For security reasons, it is recommended that strict SNI compliance be enforced when using shared hosting, with requests for domain names not hosted on the web server or the IP address of both “IPv4” and “IPv6,” from the server itself being rejected for both “HTTP” and “HTTPS,” as discussed in a previous article.

To accomplish this, it is necessary to edit the default.conf file.

cat > /etc/nginx/conf.d/default.conf << EOF
server {
    listen   80 default_server;
    listen [::]:80 default_server;
    listen 443 default_server http2 ssl;
    listen [::]:443 default_server http2 ssl;

    ssl_reject_handshake on;

    server_name _;

    return 444;
}
EOF

To comply with current guidelines and security standards, a new snippet “security-headers.conf” is created with all the necessary security headers that can be easily added to a server block.

cat > /etc/nginx/global/security-headers.conf << EOF
add_header X-Frame-Options "SAMEORIGIN";
add_header 'Referrer-Policy' 'strict-origin';
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff" always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header Content-Security-Policy "default-src https: data: 'unsafe-inline' 'unsafe-eval'" always;
add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()";
EOF

To enable http-01 validation over HTTP to request SSL certificates, an additional snippet “acme.conf” must be created that provides an alias for the “.well-known/acme-challenge/”.

cat > /etc/nginx/global/acme.conf << EOF
location /.well-known/acme-challenge/ {
    alias /var/www/acme/.well-known/acme-challenge/;
}
EOF

Of course, we also need to make sure that the corresponding directory exists and is created.

mkdir -p -m 750 /var/www/acme/.well-known/acme-challenge && chown -R www-data. /var/www/acme

Now that all the modifications have been made, it is time to test the configuration and correct any errors before starting Nginx.

nginx -t

Which should give you the following output:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

If no errors occur, restart Nginx to implement the new configuration.

systemctl restart nginx

Now that the basics are in place we can start creating the first “virtual host” using the domain “example.com” as an example. The following steps should be used for all successive domains we wish to host on the server.

Create a variable “DOMAIN” with the value of the name of the domain for which we are creating the “virtual host”, in our case “example.com”. Make sure the necessary DNS records are in place so that the domain points to the server’s IP address for both “IPv4” and “IPv6.”

export DOMAIN="example.com"

Check if the value of the variable is correct.

echo $DOMAIN

Which should give you the domain name you entered.

example.com

If you want your website to also be available under the “www” (www.example.com) subdomain, it must be added separately to the “server_name” directive of the Nginx server block. You can also add other (sub)domains (e.g. example.net www.example.net example.eu www.example.eu sales.example.com). These are declared in the variable “ALT_DOMAINS”.

export ALT_DOMAINS="www.example.com example.net www.example.net example.eu www.example.eu sales.example.com"

If you do not have alternate domains, it is important to declare the variable “ALT_DOMAINS” anyway to prevent it from containing data from a previous process. In this case, we leave everything between the braces empty.

export ALT_DOMAINS=""

We merge the the two variables into a new variable “DOMAINS”.

if [ -z "$ALT_DOMAINS" ]; then DOMAINS=$DOMAIN; else export DOMAINS="$DOMAIN " && export DOMAINS+=$ALT_DOMAINS; fi

Create a new directory that will serve as the web root for the new virtual host.

mkdir -p /var/www/virtual/$DOMAIN/htdocs

Create a new server block.

cat > /etc/nginx/sites-available/$DOMAIN <<EOF
server {
  listen 80;
  listen [::]:80;
  server_name $DOMAINS;
  root /var/www/virtual/$DOMAIN/htdocs/;
  index index.php index.html index.htm;
  
  include global/acme.conf;

  access_log /var/log/nginx/$DOMAIN-access.log;
  error_log /var/log/nginx/$DOMAIN-error.log;

  location / {
    try_files \$uri \$uri/ =404;
  }

  location ~ \.php$ {
    fastcgi_pass unix:/run/php/php8.2-fpm.sock;
    include global/fastcgi-php.conf;
    include global/security-headers.conf;
  }

  location ~ /\.ht {
    deny all;
  }
}
EOF

To enable the new server block file, a symbolic link must be created from this file to the “sites-enabled” directory, from which Nginx reads during startup.

ln -s /etc/nginx/sites-available/$DOMAIN /etc/nginx/sites-enabled/

In order for our web server to actually respond when the url “http://example.com” is entered into a browser, a simple index.html file must be created to serve as a placeholder page.

cat > /var/www/virtual/$DOMAIN/htdocs/index.html <<EOF
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Placeholder for $DOMAIN</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="Cache-Control" content="no-cache">
</head>

<body bgcolor=white>
<br /><br />
<div align=center>
<font face="Arial, Helvetica">
Placeholder for <b>$DOMAIN</b>
</font>
</div>
</body>
</html>
EOF

Finally, the following commands ensure that all created folders and files are given the correct owner and permissions.

chown -R www-data. /var/www/virtual/$DOMAIN &&\
find /var/www/virtual/$DOMAIN/ -type d -exec chmod 750 {} \; &&\
find /var/www/virtual/$DOMAIN/ -type f -exec chmod 640 {} \;

To check that no errors have crept into our configuration, we will test it before restarting Nginx.

nginx -t

Which should give you the following output:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

If no errors occur, restart Nginx to implement the new configuration.

systemctl restart nginx

If all went well and you enter “http://example.com” into a browser you should get the “pageholder” page as shown in the image below.

Repeat these steps for all subsequent domains you want to host on this server.

Note that for now the page is only available in “HTTP” and not yet in “HTTPS.” In a future article, we will see how to request an SSL certificate and force the website to connect only via “HTTPS.”

How to Set Up SSH Keys on Ubuntu 22.04.

ByPieter Bakker 21/06/202226/08/2022

By default Ubuntu SSH root login is disabled and root password has not been set. However, many system administrators prefer to work as root to avoid having to use “sudo” for almost every command and enter passwords over and over again. To allow root login over SSH we first need to set the root password…

Nginx

Fix 504 Gateway Timeout error using Nginx as reverse Proxy.

ByPieter Bakker 17/02/202309/03/2023

When using Nginx as a reverse proxy for Apache, among others, you may get timeouts with error code 504 if an application takes longer to complete a request than the default Nginx request timeout which is 60 seconds. To increase the request timeout in Nginx to serve long-running requests, we need to change the default…

Nginx

Nginx: [warn] protocol options redefined

ByPieter Bakker 28/04/202328/04/2023

If you get an error message “nginx: [warn] protocol options redefined” after upgrading Nginx to the latest stable version 1.24, you can easily fix it by adding “http2” to the 443 “Listen” directive in the default.conf file. vi /etc/nginx/conf.d/default.conf server { listen 80 default_server; listen [::]:80 default_server; listen 443 default_server http2 ssl; listen [::]:443 default_server…

Caching | Nginx | Wordpress

How to solve “page cache is not detected but the server response time is ok” in WordPress Site Health.

ByPieter Bakker 12/07/202313/07/2023

If you don’t use any of the popular caching plugins (e.g. WP-Rocket, W3 Total Cache, WP Super Cache…), but instead deploy Nginx FastCGI cache for (server side) Full Page Caching, you will probably see the message “page cache is not detected but the server response time is ok” when you run the “Site Health” checker…

Ubuntu | Mautic

Upgrading Mautic from v2 to v3

ByPieter Bakker 15/08/202206/12/2022

A new client recently asked to upgrade a still functioning Mautic 2.15.3 running on Ubuntu 18.04 to the latest Mautic v3. In this guide, we will look at how this can be achieved and what to look out for. If you are running Mautic on a VPS or in a LXC/LXD container, it is highly…

LXD | apt | Ubuntu

Automatically update all your running LXD containers.

ByPieter Bakker 20/09/202225/12/2022

While you could perform common management of multiple LXD containers with tools like Ansible or Puppet, in this tutorial we are going to show how to work with a simple script that runs on the host and automatically updates/upgrades all running Debian/Ubuntu-based containers. We could extend the script to perform other tasks or include updates/upgrades…

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Similar Posts