Last updated: September 11, 2019

Amazon Lightsail offers more than 10 images (blueprints) with ready to run popular software. If you want to host a static website on Amazon Lightsail, you may choose the image with the pre-installed Nginx web server, PHP, and MySQL. This certified by Bitnami Ubuntu-based installation also supports the auto-configuration of free Let’s Encrypt SSL certificates.

If the images with ready to run software is overkill for your use case, or if you want to use a different Linux distribution, you can create a Lightsail instance with an OS of your choice and install the required software yourself.

This blog post describes the Nginx configuration tasks that you may want to do on a Lightsail instance that runs the Amazon Machine Image (AMI) Amazon Linux 2018.03.0. This post also covers the Nginx web server performance topic.

How to Install the Nginx Web Server on Amazon Linux

Nginx is a high-performance web server that powers hundreds of millions of websites in the world. It can handle thousands of simultaneous connections without consuming a lot of system memory. Even when Nginx runs on the cheapest Lightsail instance with 1 vCPU and 512 MB system memory, it can efficiently serve static content.

Installation and configuration of the Nginx web server on a Lightsail instance that runs the Amazon Linux AMI may include, but is not limited to, the following steps:

1. (Optional) Configure your Lightsail instance that runs Amazon Linux.
2. Install the Nginx RPM package.

   yum install -y nginx
   

3. (Optional) If in the step 1 you enabled SELinux on your Lightsail instance, you may also want to set SELinux contexts for the Nginx folders and files.

   semanage fcontext -a -t httpd_config_t '/etc/nginx(/.*)?'
   semanage fcontext -a -t httpd_var_run_t '/var/run/nginx.*'
   semanage fcontext -a -t httpd_var_lib_t '/var/lib/nginx(/.*)?'
   semanage fcontext -a -t httpd_log_t '/var/log/nginx(/.*)?'
   semanage fcontext -a -t httpd_sys_content_t '/usr/share/nginx/html(/.*)?'
   semanage fcontext -a -t httpd_exec_t '/usr/sbin/nginx'
   semanage fcontext -a -t httpd_initrc_exec_t '/etc/rc\.d/init\.d/nginx'  
   restorecon -R -v /etc/nginx /var/run/nginx.* /var/lib/nginx /var/log/nginx \
   /usr/share/nginx/html /usr/sbin/nginx /etc/rc.d/init.d/nginx
   

   • Configuration of SELinux contexts for Nginx exists by default on the latest RedHat, CentOS, or Fedora Linux distributions. On Amazon Linux 2018.03.0 it does not exist by default, so you need to add it yourself.
4. Store your SSL certificate and CA bundle at /etc/pki/nginx/server.crt. Then, store the private key at /etc/pki/nginx/private/server.key.
   • You can deploy on your Lightsail instance an auto-configuration script for a free Let’s Encrypt SSL certificate, or buy a basic SSL certificate that covers the www and non-www versions of your site and costs nowadays less than 10 USD per year.
5. Configure the Nginx web server.
   For a simple static website, you may only need to make changes in the main configuration file /etc/nginx/nginx.conf.
   1. (Optional) Add the catch-all server block.
      You need to add the catch-all server block to the Nginx configuration if you want to avoid that your web server processes requests with nonmatching server names.

      server {
          listen       80 default_server;
          listen       443 ssl http2 default_server;
          server_name  _;
          ssl_certificate "/etc/pki/nginx/server.crt";
          ssl_certificate_key "/etc/pki/nginx/private/server.key";
          return       403;
      }
      

   2. Redirect all HTTP requests to HTTPS.

      server {
          listen       80;
          server_name  example.com;
          return       301 https://example.com$request_uri;
      }
      

   3. Configure the HTTPS server.

      server {
          listen       443 ssl http2;
          server_name  example.com;
          ssl_certificate "/etc/pki/nginx/server.crt";
          ssl_certificate_key "/etc/pki/nginx/private/server.key";
          ...
      }
      

   4. Enable gzip compression of responses to reduce the size of transmitted data.
      For example, to compress text/html, text/css, and text/js file types, add the following block to your Nginx configuration:

      gzip on;
      gzip_disable "msie6";
      gzip_vary on;
      gzip_min_length 512;
      gzip_comp_level 5;
      gzip_proxied no-cache no-store private expired auth;
      gzip_types
      text/css
      text/js;
      # Nginx compresses responses with MIME type text/html by default
      

      • You can configure Nginx to compress the same file types that Amazon CloudFront compresses.
6. Enable Nginx at boot time.

   chkconfig nginx on
   

Appendix A, Performance of Nginx That Runs on a Lightsail Instance and Serves Static Content

Nginx, Version 1.14.1 built with OpenSSL 1.0.2k-fips was used to serve static files from /usr/share/nginx/html directory. The static files of sizes 0 KB, 1 KB, 10 KB, and 100KB were created as follows:

for c in 0 1 10 100; do
    dd if=/dev/urandom of=${c}KB.txt bs=1K count=${c};
done

ApacheBench, Version 2.3 was used to send SSL/TLS requests to the Nginx web server. ApacheBench was running on a t3.medium EC2 instance with 2vCPU, 4GB system memory, and network performance up to 5 Gigabit.

The Nginx web server was running on the cheapest Lightsail instance that had 1 vCPU, and 512 MB system memory.

• Amazon Lightsail instances are burstable performance instances. They provide a baseline level of CPU performance with the additional ability to burst above the baseline. The results below apply only to short tests when the Lightsail instance has enough CPU credits.

The following commands were executed for benchmarking the Nginx web server:

ab -c 1000 -t 60 https:// ... /0KB.txt
ab -c 1000 -t 60 -H 'Accept-Encoding: gzip' https:// ... /1KB.txt
ab -c 1000 -t 60 -H 'Accept-Encoding: gzip' https:// ... /10KB.txt
ab -c 1000 -t 60 -H 'Accept-Encoding: gzip' https:// ... /100KB.txt

The following encryption parameters were in use:
SSL/TLS Protocol: TLSv1.2,ECDHE-RSA-AES256-GCM-SHA384,2048,256
Server Temp Key: ECDH P-256 256 bits

The Lightsail instance with Nginx and the EC2 instance with ApacheBench were running in the same AWS region and availability zone.

The table below shows the number of HTTPS requests per second and the transfer rate for varying request sizes.

	0 KB	1 KB	10 KB	100 KB
Requests per second	607	593	579	476
Transfer rate (Kbytes/sec)	159	762	5949	47790

Conclusion:
The performance of the Nginx web server that runs even on the cheapest Lightsail instance and serves static content is more than enough for a small website or a personal blog. Also, it can easily manage occasional spikes of high-intensity CPU activity and traffic load.