Install Nginx on Windows Server

Prerequisites

You have received a valid SSL certificate and certificate key from your SSL provider (Certificate Authority, CA). If you want to use OCSP stapling you should also have a file for the certificate chain.

Copy these files to the server on which you’re going to set up nginx. Move these files to appropriate directories and secure them as needed.

The private key must only be readable by the administrator. Make sure to keep this file secure. Anyone with access to this key can sign data in your name and decrypt private information sent to you.

If you use Let’s Encrypt please see ACME Client Implementations for possible clients available for Windows. The official Certbot is only available for UNIX-like operating systems.

Preparation

Make sure your system is up-to-date. Use Windows Update to verify that you have installed the latest security updates and fixes for your version of Windows.

Install nginx

Download the latest stable version of nginx for Windows to your Downloads directory. At the time of writing this is version 1.14.

Right click the nginx-x.xx.zip and click on Extract All…​.

Move the extracted nginx-x.xx directory to %ProgramFiles% and rename it to nginx.

move "%HOMEPATH%\Downloads\nginx-1.14.0\nginx-1.14.0" "%ProgramFiles%\nginx"

Adjust the source directory as needed

By default Windows creates a new directory for the extracted files, so the actual nginx-x.xx directory may be inside another nginx-x.xx directory. Make sure to move the directory that contains the nginx.exe file.

Configure nginx for Relution

Copy your SSL certificate and private key to %ProgramFiles%\nginx\server.pem and %ProgramFiles%\nginx\server.key respectively.

Copy %ProgramFiles%\relution\proxy\nginx_windows_sample.conf to %ProgramFiles%\nginx\conf\nginx.conf (overwriting the existing file).

copy "%ProgramFiles%\relution\proxy\nginx_windows_sample.conf" "%ProgramFiles%\nginx\conf\nginx.conf"

Open the file in a text editor that can work with Linux line endings (e.g. Notepad++) and adjust the file as needed for your environment. If you have installed Relution on another server, make sure to change the IP address in proxy_pass http://127.0.0.1:8080; accordingly.

Validate your nginx configuration with the following command:

"%ProgramFiles%\nginx\nginx.exe" -t

You should receive syntax is okay and test is successful messages. If you receive errors check your nginx configuration for typos, etc. as indicated in the error message.

Install nginx as a Windows service

Copy nssm.exe and install_service.bat from Relution’s proxy directory to the nginx installation directory

cd "%ProgramFiles%\nginx"
copy "%ProgramFiles%\relution\proxy\nssm.exe" .
copy "%ProgramFiles%\relution\proxy\install_service.bat" .

Run the install_service.bat batch script as Administrator to install nginx as a Windows service.

"%ProgramFiles%\nginx\install_service.bat"

Firewall

Open ports 80 and 443 in the firewall to allow access to HTTP and HTTPS from the outside world.

  • Open Windows Firewall with Advanced Security

  • Navigate to Inbound Rules

  • Click New Rule…​ in the Actions pane

  • Select Program

  • Click Next

  • Select This program path

  • Use Browse…​ to select the Relution’s service executable

    (C:\Program Files\nginx\nginx.exe)

  • Click Next

  • Select Allow the connection

  • Click Next

  • Select Public

  • Click Next

  • Enter a name for the rule

  • Click Finish