We may earn an affiliate commission when you visit our partners.
Course image
Andrew Eaton

This course is based on the latest Ubuntu Server Long Term Support Release 22.04

This is a beginner's course that assumes you have no knowledge configuring a Linux server, server administration or NGINX.

Read more

This course is based on the latest Ubuntu Server Long Term Support Release 22.04

This is a beginner's course that assumes you have no knowledge configuring a Linux server, server administration or NGINX.

New to Linux or server administration? Included in the course, is an absolute beginners "crash" Linux course. This 1 hour "course within a course" will teach you the commands, terminology and procedures as it relates to this course.

This course is NGINX is a high-performance web server that is responsible for serving almost all of the most popular sites in the world.

We start with a blank slate and layer by layer configure the perfect nginx server.  I will teach you, step by step, to a point where you will have the skill, knowledge and confidence to host multiple hardened WordPress sites, on an unmanaged VPS or dedicated server, using nginx.

You will need no support from your host. You will be your own system administrator.

This course covers the entire spectrum of configuring an Ubuntu based NGINX server. We will cover everything from initial server configuration to hardening and optimizing the server distribution.

Some of the server optimization and hardening steps will include the following topics:

  • SSH Key authentication

  • Setting up both Uncomplicated Firewall and a "Cloud Firewall"

  • Brute force attack protection

  • SWAP

  • Harden Shared Memory

  • Harden and Optimize the Network Layer

  • Tuned and Congestion Control

  • File Access Times and setting the Open File Limits

Then we install, harden and optimize Nginx, MariaDB and php8.1.  Although the default installations of Nginx, MariaDB and PHP8.1 are fairly well hardened, we will spend over 1.5 hours hardening and optimizing Nginx, MariaDB and PHP8.1

Then we install our first WordPress site. We then start the process of hardening and optimizing WordPress. Installing a caching and security plugin does not optimize or harden a WordPress site. Some "security plugins" are a source of vulnerabilities themselves.

Almost 4 hours of the course is dedicated to hardening and optimizing WordPress. We look at hardening and optimizing WordPress from the server side and layer by layer we will harden our site.

Some of the hardening topics include:

  • Installing SSL certificates and configuring automatic renewal of those certificates.

  • Securing the http response headers

  • Setting the correct ownership and permissions on the WP files and directories

  • Using nginx directives to protect important parts of our site

  • Hot linking protection to stop other sites from stealing our bandwidth and driving up server costs

  • Nginx DDoS protection

  • Setting up a web application firewall

When it comes to optimizing WP, we will look at the process from both the server-side and the application (WordPress) side.

On the server-side we will cover the following:

  • optimizing the operating system - prior to optimizing WordPress

  • optimizing nginx - prior to optimizing WordPress

  • configuring php-fpm according to your server resources - prior to optimizing WordPress - set to low your site slows down, set to high and your server will crash

  • server-side caching - fastcgi caching is brilliant

  • replacing WP cron with a real cron

On the application or WordPress side you need to look at the following:

  • Caching plugin - W3 Total Cache

  • Optimizing images

  • Post revisions policy

  • Optimizing the database

  • Combining and minifying CSS and JS

Throughout the course, the principle of install only what's needed, then harden and optimize is followed. The most important aspect of any server is security. I don't just glance over this aspect, every configuration step you will take is geared towards security.  We will optimize the server, but not at the expense of lax security.

It's impossible to list all the hardening and security layers we implement in this section, for a complete list please refer to the actual course curriculum.

By the end of this course, you will be ready to reap the benefits...

You'll be able to add a new revenue stream and start earning additional income hosting your own sites using NGINX. There will be numerous new services you will be adding to your resume as a web developer. You will be able to charge for numerous new services - site hosting, site optimization, Let's Encrypt SSL certificate installation and renewal, backups and even a monthly maintenance fee.

This course is not a lab experiment with no real-world application.

This course was not designed to be completed locally, on your pc or mac or using one of the many available "Virtual Machines". Oracle's VirtualBox is one example. The aim of the course is to instruct you on how to setup a secure/hardened hosting environment and then host multiple hardened WordPress sites on a commercially purchased VPS or dedicated server.

I want you to able to look at server logs and see how malicious users and bots are scanning your server, probing and looking for vulnerabilities. You need to be able to see the result of your hardening - banning, blocking, rate limiting - in your server logs. This cannot be done in a Virtual Machine.

All that's left is for you to sign up for this course and start your wonderful journey as your very own systems administrator running multiple WordPress sites using the latest Ubuntu release and NGINX.

Enroll now

What's inside

Learning objectives

  • Setup, from scratch, a hardened and optimized vps or dedicated server
  • Configure a hardened and optimized hosting environment using nginx, mariadb and php8.1
  • Harden wordpress the correct way - installing a security plugin doesn't harden wordpress
  • Optimize wordpress from the server side - learn how to configure server-side caching, which is far superior to any caching plugin
  • Learn how to keep your server secure and your wordpress sites hardened from attack by implementing ddos and brute force attack protection

Syllabus

Welcome to the Perfect Nginx Server Ubuntu 22.04 Edition - this is the course introduction lecture.

In this section of the course, we are going to look at various introductory topics that relate to this course. It's important that you complete this section of the course as I cover a wide variety of topics and how they relate to the course.

Read more
New to Linux or server administration? This section is a mini "crash course" that will teach you the skills you need to complete this course successfully.

This section of the course is a crash course that covers the linux skills you need to complete this course successfully.

If you are new to linux or server administration, it's important that you watch all the video lectures in the section.

This section covers the commands and processes that you need to know to complete the course.

If you are unsure about any topic covered in this section, please ask for my help on the course Q&A.

I also need to mention that you don’t need access to a server at this stage.

This lecture covers server distributions

This lecture covers the Terminal Emulator

This lecture continues looking at Terminal

This lecture covers the Linux File System

This lecture covers Users and Groups on a Linux server

This lecture covers Ownership and Permissions - one of the most misunderstood topics in Linux.

This lecture covers using Nano to modify configuration files

This lecture covers the Server Fingerprint and why you replace password authentication with SSH Key Authentication.

This lecture covers bash scripts and cronjobs. Bash scripts are used to "automate" procedures and cronjobs are scheduled tasks.

This section will teach you how to configure the software you need to complete the course.

In this section we are going to look at the software you require to complete the course successfully. All software used in this course is free and or open source. You will not be required to purchase any software.

This section will teach you how to make an informed decision when purchasing a server. It covers server specifications and creating the actual server instance.

In this section of the course, we are going to cover the following:

  1. server specifications for different types of WordPress sites, by that I'm referring to the resource requirements - for example the number of CPU cores and the RAM

  2. server distributions, that’s the server operating system

  3. my recommended web host

  4. we are also going complete the process of creating an actual server instance for the course

In this section you will login to your server for the first time as the root or administrative user.

In this section we are going to login to the server for the first time and start the server hardening process as the root user.

First Server Login as a "Non Root" User

In this section we are going to continue the server hardening process as the non-root user

As the non-root user, we will look at using sudo and continue hardening the server by implementing the following measures:

  1. SSH key authentication deals with replacing password usage with a public / private key pair authentication system when logging into your server.

  2. A ssh config file makes logging to a server using ssh key authentication quick and easy

  3. Server updates deal with ensuring all the packages installed on the server are up to date.

  4. Implementing a firewall policy allows you to lock down and close any unused ports and services that are not being used.

  5. Fail2ban is an intrusion prevention framework that will protect your server from brute-force attacks.

The all-powerful administrative account or user on the server is the root user.  Any errors made as the root user are normally irreversible and devastating.

When running commands that require root privileges you must always use the sudo, prior to typing

the command.

SSH key authentication deals with replacing password usage with a public / private key pair authentication system when logging into your server

A ssh config file makes logging to a server using ssh key authentication quick and easy

Server updates deal with ensuring all the packages installed on the server are up to date.

Implementing a firewall policy allows you to lock down and close any unused ports and services that are not being used. We are going to configure both Uncomplicated Firewall and Cloud Firewall

Fail2ban is an intrusion prevention framework that will protect your server from brute-force attacks

In this section you will learn how to harden and optimize a default server distribution installation

In this section we are going to further harden the server as well as start to optimize the operating system to help us squeeze every bit of performance we can get out of the server. You cannot tune nginx, mariadb and php for performance and security without first tuning the server operating system for performance and security.

We are going to cover numerous topics in this section.

We'll start with setting the time zone to your local time

In the event of your server running out of memory, it can make use a ssd space as virtual memory. SWAP is to help prevent your server crashing in the event it runs out of memory.

As the /run/shm space can be exploited we need to secure this space in shared memory.

The TCP/IP stack default configuration needs to be hardened against different types of attacks and optimized for performance.

We are going to install Tuned. Tuned is a profile-based system tuning tool that enables both static and dynamic tuning of system settings

We are going to set the congestion control to BBR - Bottleneck Bandwidth and RTT - Round-trip propagation time - this will help to increase throughput and reduce latency for connections

For a performance boost, we are going to disable the filesystem from keeping track of the last time a file was accessed or read

By default, the maximum number of open files allowed per process is set very low. Since sockets are considered files on a Linux system, this limits the number of concurrent connections as well. We need to increase the maximum number of open files allowed per process.

In the section, you will learn how to make use of the free Cloudflare DNS service and point a domain name to your server.

In this section we are going to look at how you point a domain name to your server using Cloudflare.

In the section, you will learn how to administer packages using APT and we install Nginx, MariaDB and PHP8.1

In this lecture, we are going to look at repositories, the package manager and we are going to install nginx, mariadb and php.

Nginx is the web server, mariadb the database management system and php is the server-side scripting language that is responsible for generating dynamic page content.

In the section, you will learn how to configure the server to send mail, rather than using a plugin.

In this lecture we are going to configure the server to send mail from the command and using php. This will enable your WP site to send mail without using any plugins.

We are also going to look at the easiest method to create a mail@your_domain email account.

In the section, you will learn how to read and understand Nginx configuration files.

Before we start configuring nginx, we need to look at the layout of a nginx configuration file as well as definitions that relate to nginx.

We are going to look at directives, contexts, location context modifiers and the try_files directive.

This lecture is important as it teaches you how to read and understand a nginx configuration file.

In the section, you will learn how to harden and optimize the web server, Nginx

The default nginx configuration is secure and fairly well optimized. That makes it easy for us to harden and optimize nginx as there are only a few directives we need to modify to further harden and optimize nginx.

There is no all-in-one configuration that works for all sites. You need to configure nginx for the type of sites you intend nginx to serve and in the case of this course, we will be serving WP sites.

In this section we are going to configure the main, events and http contexts. The server context will be looked at later in the course when we create our first server block.

This section is split into 4 parts.

Save time by using bash aliases. This lecture covers how you create a bash aliases.

In the section, you will learn how to harden and optimize MariaDB

In this section we are going to harden and optimize mariadb.

We are also going to install mysqltuner. MySQLTuner is a Perl script that analyzes your MySQL performance and based on the statistics it gathers, gives recommendations which variables you should adjust in order to increase performance.

Using the recommendations, you can tune your database configuration to tweak out the last bit of performance and make it work more efficiently

In the section, you will learn how to harden and optimize PHP8.1

In this section we are going to harden and optimize php8.1

In the section, you will learn how to administer directories on your server

In this lecture we are going to create the directories that are going to store our WP files and directories.

We are also going to create a bash script to "automate" the process of creating site directories.

In the section, you will learn how to create a Nginx server block from scratch.

Nginx Server Blocks allow you to host and serve more than one site on your server.

Some of the configuration that is included in a server block:

  1. port nginx must listen

  2. the domain name

  3. site root - where the files are located

  4. the index page nginx must serve

If you have used Apache before, the server context or server block is the equivalent of a virtual host. For each site you intend to host, you need to create a server block for that site.

You will learn how to create a nginx server block from scratch.

This section is divided into 4 lectures.

In the section, you will learn how to install WordPress on a VPS or dedicated server

In this section we are going to install our first WordPress site. We are going to start by creating the database.

We are going to use MariaDB as out database management system. All things being equal, MariaDB is faster than MySQL and whenever possible I always support and prefer to use an open-source project.

In this lecture you are going to install your first WordPress site, this lecture is divided into 2 parts.

In the section, you will learn how to, layer by layer, harden a WordPress site.

This is a relatively long section covering many different topics.

I cannot emphasize how important it is to harden your WordPress site.

The topics include:

Installing SSL certificates, configuring nginx to use the ssl certificates and configuring automatic renewal of the certificates

Securing the http response headers

Setting the correct ownership and permissions on the WP files and directories

Use nginx directives to protect important parts of our site

Stop brute force attacks using nginx directives

Stop other sites from stealing our bandwidth and driving up server costs

Protect your server and sites from small DDoS attacks using nginx.

Finally, we are also going to look at a WAF, a web application firewall.

In the section, you will learn how to optimize WordPress for performance

In this section we are going to optimize WordPress, configure php-fpm and CF. After the hardening WordPress Section, this is the longest section of the course. Take your time and work your way through each sub-section one at a time.

When it comes to optimizing WP, you need to look at the process from both the server-side and the application (WordPress) side.

On the server-side you need to look at the following:

  • optimizing the operating system

  • optimizing nginx

  • configuring php-fpm according to your server resources

  • server-side caching

  • setting the WP max memory

  • replacing WP cron with a real cron

When it comes to optimizing WP, you need to look at the process from both the server-side and the application (WordPress) side.

On the application or WP side you need to look at the following:

  • Caching plugins

  • Optimizing images

  • Your sites post revisions policy

  • Optimizing the database

  • Combining and minifying CSS and JS

A fast WordPress site is a cached WordPress site

Different types of WordPress sites need to be cached differently. In this lecture we look at the different types of WordPress sites and how to cache those sites.

The type of caching you need to implement depends on your site, is your site a static or dynamic WP site

Nginx fastcgi caching is brilliant. The performance is absolutely stunning. This lecture is divided into 3 parts

Good to know

Know what's good
, what to watch for
, and possible dealbreakers
Provides a solid foundation for those new to Linux server administration
Provides advanced techniques for optimizing Nginx, MariaDB, and PHP8.1
Teaches students how to harden their WordPress sites against attacks
Covers a wide range of topics, including server security, Nginx configuration, and WordPress optimization
Suitable for those who want to learn how to host their own WordPress sites on a VPS or dedicated server
Taught by Andrew Eaton, an experienced instructor with a strong reputation in server administration

Save this course

Save The Perfect Nginx Server - Ubuntu (22.04) Edition to your list so you can find it easily later:
Save

Activities

Be better prepared before your course. Deepen your understanding during and after it. Supplement your coursework and achieve mastery of the topics covered in The Perfect Nginx Server - Ubuntu (22.04) Edition with these activities:
Review the documentation for NGINX
Reviewing the documentation for NGINX will help you refresh your knowledge of the most important NGINX directives and their usage.
Browse courses on nginx
Show steps
  • Download the NGINX documentation from the NGINX website
  • Review the documentation, focusing on the most important directives and their usage
Create a cheat sheet of NGINX directives
Creating a cheat sheet of NGINX directives will help you quickly reference the most important directives and their usage.
Browse courses on nginx
Show steps
  • Gather a list of the most important NGINX directives
  • Create a document or spreadsheet to store the directives
  • Add descriptions and examples for each directive
Configure SSH key authentication on a Linux server
Practice configuring SSH key authentication will help you develop the skills you need to secure your servers and protect them from unauthorized access.
Browse courses on Linux
Show steps
  • Generate an SSH key pair
  • Copy your public key to the server
  • Configure your SSH server to use key authentication
  • Test your SSH connection using key authentication
Five other activities
Expand to see all activities and additional details
Show all eight activities
Shadow an expert system administrator
Working with an experienced system administrator will help you learn more about the day-to-day responsibilities of the role and develop your skills in a practical setting.
Browse courses on Systems Administration
Show steps
  • Identify potential mentors
  • Reach out to potential mentors
  • Schedule shadowing sessions
Follow a tutorial on how to optimize WordPress for speed
Following a tutorial on how to optimize WordPress for speed will help you learn how to improve the performance of your WordPress sites and provide a better user experience for your visitors.
Browse courses on Wordpress
Show steps
  • Find a tutorial on how to optimize WordPress for speed
  • Follow the steps in the tutorial
  • Test the performance of your WordPress site before and after optimization
Deploy a small-scale WordPress site
Deploying your own WordPress site will give you hands-on experience with the technologies covered in the course and help you understand how they work together in a real-world environment.
Browse courses on Wordpress
Show steps
  • Choose a domain name and web hosting provider
  • Install WordPress on your web hosting account
  • Configure your WordPress site
  • Add content to your WordPress site
  • Test your WordPress site to ensure it's working properly
Attend a workshop on server security
Attending a workshop on server security will help you learn about the latest security threats and best practices for protecting your servers from attack.
Browse courses on Server Security
Show steps
  • Find a workshop on server security
  • Register for the workshop
  • Attend the workshop
  • Take notes and ask questions during the workshop
Contribute to an open-source project related to WordPress
Contributing to an open-source project related to WordPress will help you learn more about the WordPress codebase and contribute to the WordPress community.
Browse courses on Wordpress
Show steps
  • Find an open-source project related to WordPress that you're interested in contributing to
  • Review the project's documentation and codebase
  • Identify an issue or feature that you can contribute to
  • Create a pull request with your changes

Career center

Learners who complete The Perfect Nginx Server - Ubuntu (22.04) Edition will develop knowledge and skills that may be useful to these careers:
IT Manager
As an IT Manager, you will administer technology and computer assets. You may also lead a team of IT professionals. For this role, it's recommended to be able to configure and manage web servers and networks. This course can build a foundation for these skills. As an IT Manager, you are responsible for various networking and security tasks. This course can also help with those responsibilities. The topics this course covers include web server administration, cyber security, and cloud computing.
Web Developer
Web Developers are responsible for designing and developing websites and web applications. They are also responsible for maintaining and updating these websites and applications. This course may be useful for developing skills in those areas. It covers nginx, a server software used to manage websites and applications. The material in this course may help build a foundation for you to work with nginx in your role as a Web Developer. This course may be of particular interest to you if you are interested in specializing in back-end web development.
Network Engineer
Network Engineers design, implement, and maintain computer networks. They also troubleshoot and resolve network issues. Nginx is a high-performance web server that is used by many large organizations. This course can teach you about nginx, which may be useful for your role as a Network Engineer. This course also covers topics such as network security and optimization, which are important for Network Engineers to know.
Database Administrator
Database Administrators are responsible for managing and maintaining databases. They also troubleshoot and resolve database issues. This course covers topics such as database optimization and security, which are important for Database Administrators to know. Additionally, this course covers MariaDB, a popular database management system.
Cloud Architect
Cloud Architects design and implement cloud computing solutions. They also manage and optimize cloud computing environments. This course may be useful for developing skills in those areas. It covers cloud computing topics, such as security and optimization.
Systems Administrator
Systems Administrators are responsible for managing and maintaining computer systems. They also troubleshoot and resolve system issues. This course covers topics such as system security and optimization, which are important for Systems Administrators to know.
Security Analyst
Security Analysts are responsible for protecting computer systems and networks from security threats. They also investigate and respond to security incidents. This course covers topics such as network security and cyber security, which are important for Security Analysts to know.
Software Engineer
Software Engineers design, develop, and maintain software applications. They also troubleshoot and resolve software issues. This course may be useful for developing skills in those areas. It covers nginx, a server software used to manage websites and applications. The material in this course may help build a foundation for you to work with nginx in your role as a Software Engineer.
DevOps Engineer
DevOps Engineers are responsible for bridging the gap between development and operations teams. They also automate and streamline software development and deployment processes. This course may be useful for developing skills in those areas. It covers topics such as server administration, web development, and cloud computing.
IT Security Specialist
IT Security Specialists are responsible for protecting computer systems and networks from security threats. They also investigate and respond to security incidents. This course covers topics such as network security and cyber security, which are important for IT Security Specialists to know.
Web Hosting Administrator
Web Hosting Administrators are responsible for managing and maintaining web hosting servers. They also provide customer support to web hosting clients. This course covers topics such as server administration, web development, and cloud computing. These are all important topics for Web Hosting Administrators to know.
Network Security Engineer
Network Security Engineers are responsible for designing and implementing network security solutions. They also monitor and maintain network security systems. This course covers topics such as network security and cyber security, which are important for Network Security Engineers to know.
IT Support Specialist
IT Support Specialists are responsible for providing technical support to computer users. They also troubleshoot and resolve computer issues. This course covers topics such as server administration, web development, and cloud computing. These are all important topics for IT Support Specialists to know.
Cyber Security Analyst
Cyber Security Analysts are responsible for protecting computer systems and networks from security threats. They also investigate and respond to security incidents. This course covers topics such as network security and cyber security, which are important for Cyber Security Analysts to know.
Cloud Security Engineer
Cloud Security Engineers are responsible for protecting cloud computing environments from security threats. They also investigate and respond to security incidents. This course covers topics such as cloud security and cyber security, which are important for Cloud Security Engineers to know.

Reading list

We've selected ten books that we think will supplement your learning. Use these to develop background knowledge, enrich your coursework, and gain a deeper understanding of the topics covered in The Perfect Nginx Server - Ubuntu (22.04) Edition.
Provides a detailed look at the inner workings of web site optimization. It covers a wide range of topics, from server configuration to web application design, and valuable resource for anyone who wants to learn more about how to make their WordPress site faster.
Provides a collection of over 600 recipes for solving common PHP problems. It covers a wide range of topics, from basic syntax to advanced object-oriented programming, and valuable resource for anyone who wants to learn more about PHP.
Provides a comprehensive overview of PHP, the server-side scripting language that is used to power many of the world's most popular websites. It covers a wide range of topics, from basic syntax to advanced object-oriented programming, and valuable resource for anyone who wants to learn more about PHP.
Provides a step-by-step guide to WordPress, the world's most popular content management system. It covers a wide range of topics, from installation and configuration to content creation and management, and valuable resource for anyone who wants to learn more about WordPress.
Provides a step-by-step guide to PHP, the server-side scripting language that is used to power many of the world's most popular websites. It covers a wide range of topics, from basic syntax to advanced object-oriented programming, and valuable resource for anyone who wants to learn more about PHP.
Provides a comprehensive overview of WordPress, the world's most popular content management system. It covers a wide range of topics, from installation and configuration to content creation and management, and valuable resource for anyone who wants to learn more about WordPress.
Provides a comprehensive overview of MySQL, the world's most popular open-source database management system. It covers a wide range of topics, from installation and configuration to performance tuning and security, and valuable resource for anyone who wants to learn more about MySQL.
Provides a comprehensive overview of object-oriented programming in PHP. It covers a wide range of topics, from basic syntax to advanced design patterns, and valuable resource for anyone who wants to learn more about object-oriented programming in PHP.
Provides a comprehensive overview of WordPress themes, the templates that control the look and feel of WordPress websites. It covers a wide range of topics, from basic theme development to advanced customization, and valuable resource for anyone who wants to learn more about WordPress themes.

Share

Help others find this course page by sharing it with your friends and followers:
Our mission

OpenCourser helps millions of learners each year. People visit us to learn workspace skills, ace their exams, and nurture their curiosity.

Our extensive catalog contains over 50,000 courses and twice as many books. Browse by search, by topic, or even by career interests. We'll match you to the right resources quickly.

Find this site helpful? Tell a friend about us.

Affiliate disclosure

We're supported by our community of learners. When you purchase or subscribe to courses and programs or purchase books, we may earn a commission from our partners.

Your purchases help us maintain our catalog and keep our servers humming without ads.

Thank you for supporting OpenCourser.

© 2016 - 2024 OpenCourser