Upgrading to Nginx 1.16 From 1.15
With the release of Nginx 1.16, Nginx 1.15 has now reached end-of-life and will no longer receive bug fixes or security updates. For that reason, we recommend that users update Nginx to version 1.16. Before doing so, we recommend that you create a server snapshot via your server provider’s control panel.
SSH to your server using a sudo user and run the following commands:
sudo add-apt-repository ppa:ondrej/nginx sudo apt-get update sudo apt-get -y install nginx
When asked about modified config files:
“Package distributor has shipped an updated version. What would you like to do about it?”
Hit ‘N’ to keep the current config files.
Enabling TLS 1.3
As this version of Nginx is compiled against a more recent version of OpenSSL, TLS 1.3 support can be enabled. Now would also be a good time to remove some older less secure TLS versions. Open the following file:
sudo nano /etc/nginx/global/https.conf
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_protocols TLSv1.2 TLSv1.3;
More secure ciphers can also be used without sacrificing client compatibility.
ssl_ciphers EECDH+CHACHA20:EECDH+AES; ssl_ecdh_curve X25519:prime256v1:secp521r1:secp384r1;
You will also need to update your Nginx catch-all configuration to include the more secure HTTPS defaults. Open the following file:
sudo nano /etc/nginx/sites-available/no-default
Add the following line before the
To verify that there are no issues with your Nginx configuration you can run:
sudo nginx -t
Finally, restart Nginx for the changes to take effect:
sudo service nginx restart