Correct way in new versions of nginx

Turn out my first answer to this question was correct at certain time, but it turned into another pitfall - to stay up to date please check Taxing rewrite pitfalls

I have been corrected by many SE users, so the credit goes to them, but more importantly, here is the correct code:

server {
       listen         80;
       server_name    my.domain.com;
       return         301 https://$server_name$request_uri;
}

server {
       listen         443 ssl;
       server_name    my.domain.com;
       # add Strict-Transport-Security to prevent man in the middle attacks
       add_header Strict-Transport-Security "max-age=31536000" always; 

       [....]
}

Right, a more formal answer:

Don't start guessing on a ubuntu/debian system where to put things. Ubuntu has pretty up to date versions, and aptitude is a very good package manager. You really want your server to have the following traits:

• To be secure
• To be well organized, so that you know where things should be
• To have a repeatable configuration, by some method. ( This is why I am big on the packages. Even without puppet, you can get a list of packages that are installed, and in an emergency just install that list and you are back to where you were, if you were hacked for example )

For Nginx, here is a how I get an updated package quite soon after they come out:

https://launchpad.net/~stevecrozz/+archive/ppa

You mentioned that you were new. Use the package managers. In your case, aptitude. We used to build from source all the time, but since you did not mention 'firewall' or 'security' then time is short.

Software that you install locally to a system goes in /usr/local. /usr is owned by the package managers really.

As for /opt, I use it for really weird stuff, like macports on my laptop or things I'm trying out, like coldfusion server ...

Default nginx goes into /usr/local/nginx , which is very good since if you build from source , make uninstall ... most likely wont be there.

http://library.linode.com is a really good basic resource. Read that too.

Once the reality of app dev with simultaneous server admin sinks in, you might want to check out

http://puppetlabs.com and get hooked up with puppet. That's for later

The nginx I told you about has the following options:

nginx -V
nginx version: nginx/0.8.48
TLS SNI support enabled
configure arguments: --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-debug --with-http_dav_module --with-http_flv_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_realip_module --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-http_xslt_module --with-ipv6 --with-sha1=/usr/include/openssl --with-md5=/usr/include/openssl --with-mail --with-mail_ssl_module --add-module=/build/buildd/nginx-0.8.48/modules/nginx-upstream-fair

Now, later in life you might want to recompile for some other modules. ( /usr/local ) ! But regardless, you'll see the debian/ubuntu way of laying this stuff out. at least. A beloved trick i use is to install some server I need to build and copy the base config files, then purge it.

Good luck. BTW create a user for yourself, research sudo, and disable root logins. First thing I do on a fresh server.