Today, let's see how to install Nginx, configure its server blocks, and establish and renew Let's Encrypt automatically.

 

Nginx web service is one of the most popular web servers globally and used as a web service in large and highly visited websites.

 

Let's Encrypt is a free certificate that provides Transport Layer Security (TLS) encryption, with the goal of all websites being secure and using HTTPS.

 

Prerequisites

  • Make sure you are logged in with Sudo access to the server.
  • A registered domain with the required records as follows:

    • A record with yourdomain.com and a reference to the server's IP address
    • A record with your www.yourdomain.com refers to the server's IP address (optional)

 

Install Nginx webserver

By default, the Nginx package is available on Debian and can be installed on the server using Debian package management. Before proceeding, we need to update the local packages index using the following command.

sudo apt update

 

Once done, we can now install Nginx using the command:

sudo apt install nginx

 

Check the webserver

After installing Nginx, using the following command to check the current state of Nginx:

systemctl status nginx

 

Output:
nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2021-06-15 00:52:54 UTC; 16min 15s ago
     Docs: man:nginx(8)
 Main PID: 3942 (nginx)
    Tasks: 3 (limit: 4719)
   Memory: 6.1M
   CGroup: /system.slice/nginx.service
           ├─3942 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
           ├─3943 nginx: worker process
           └─3944 nginx: worker process

 

As you can see above, the web service has successfully started.

 

Configure server block settings

When using Nginx Web Server, we can use server blocks to configure details and host more than one domain on the server.

 

The Nginx web server in Debian 10 has an active server block by default in /var/www/html. This configuration is suitable for using a site on the server, but if we need to manage multiple sites on the server, we need to control the websites.

 

Create a directory or branch using the following command.

sudo mkdir -p /var/www/yourdomain.com/html

 

Next, we need to assign the ownership of the directory to the environmental variable $USER.

 

Note: $USER is the current user of the system or server.

 

sudo chown -R $USER:$USER /var/www/yourdomain.com/html

 

Using the following command, we set the correct permissions on our directory:

sudo chmod -R 755 /var/www/yourdomain.com

 

Then use an editor (such as vi) to create an index.html file as an instance:

sudo vi /var/www/yourdomain.com/html/index.html

 

In the created file, we add the following HTML code sample.

Hurray! Welcome to "yourdomain.com"

 

Save the file and exit.

 

For Nginx to process and deliver this content, create a server block with the correct instructions that point to your created directory. To not change the default configuration, we make a new configuration file with /etc/nginx/sites-available/yourdomain.com.

sudo vi /etc/nginx/sites-available/yourdomain.com

 

Add the following contents and settings to the created file:

 server {
        listen 80;
        listen [::]:80;

        root /var/www/yourdomain.com/html;
        index index.php index.html index.htm;

        server_name yourdomain.com www.yourdomain.com;

        location / {
                try_files $uri $uri/ =404;
        }
} 

 

In the following, we will add a link from the config file created to the active directories.

sudo ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled/

 

Now the created server block has been activated and configured. Using the following command, we make sure that there is no error in making changes and configurations.

sudo nginx -t

 

If the settings did are correct, the following is the output:

 

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

 

After configuring, reload Nginx to apply the changes.

sudo systemctl reload Nginx

 

Install Certbot

 

The first step in using Let's Encrypt and issuing an SSL security certificate is to install Certbot on the server.

The python3-certbot-Nginx installation package, located on the Debian Repository (Repository), allows us to install the Certbot plugin on Nginx. 

 

Before installing this package, we will update the list of packages.

sudo apt update

 

Then, using the following command, we install the desired packages.

sudo apt install python3-acme python3-certbot python3-mock python3-openssl python3-pkg-resources python3-pyparsing python3-zope.interface

 

To install the python3-certbot-nginx package, use the following command:

sudo apt install python3-certbot-nginx

 

Get the SSL security certificate

Certbot offers various ways to get an SSL certificate. To get the SSL certificate, we use the following command.

sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

 

After executing this command, Certbot receives an email address and communicates with the Let's Encrypt server to obtain the certificate. 

If this connection is successful, Certbot will ask how to configure HTTPS.

 

Output:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

 

We will make our choice, and after pressing Enter, the settings are updated, and Nginx will be reloaded to run the new settings.

 

With the following message, Certbot will confirm the correct installation of the security certificate.

 

Output:
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/yourdomain.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/yourdomain.com/privkey.pem

 

Setup automatic SSL renewal

Let’s Encrypt certification is only valid for 90 days. This has led users to need to renew their security certification automatically.

For this purpose, add the extension script to /etc/cron.d to automatically perform the renewal process.

 

After receiving the SSL in, the /etc/cron.d/certbot file is created to renew the SSL security certificate with the following contents.

cat /etc/cron.d/certbot

 

The script runs twice a day and renews certificates that will expire within 30 days.

 

To check the renewal process, we can execute the following command manually.

sudo certbot renew --dry-run

 

If you do not receive an error, the automatic renewal process will be performed correctly.

 

Hope you understand how to install Nginx, configure its server blocks, and establish and renew Let's Encrypt automatically.

 

If you want our admins to carry out the installation, feel free to HIRE OUR EXPERTS!!

 

Was this answer helpful? 0 Users Found This Useful (0 Votes)