An Nginx server block is the equivalent of an Apache virtual host. It gives users the flexibility to host numerous websites on the same server. This is a cost effective approach of hosting websites instead of setting up different servers and configuring them for different domains.
In this walkthrough, we will demonstrate the configuration of an Nginx server block. Afterwards, we will show you how you can secure the webserver with Let’s Encrypt SSL which is a free SSL .
Prerequisites
Before you move along, ensure that you have Nginx installed. We have a comprehensive tutorial that walls through the installation of l Nginx on CentOS 8. Also, confirm that your domain name points to your virtual server’s public IP address. To ensure this, head over to your domain name vendor and configure the A record to point to the server’s IP.
Here, the IP address points to the domain called linuxtechgeek.info which we are going to use throughout this guide.
Step 1: Create Document root for the domain
We will start off by creating a directory for our domain that will store the website’s files. So, run the command below to accomplish this.
$ sudo mkdir -p /var/www/linuxtechgeek.info/html
For demo purposes, we will create a sample index.html file.
$ sudo vim /var/www/linuxtechgeek.info/html/index.html
Paste the following HTML lines.
<html> <head> <title>Welcome to my domain.info</title> </head> <body> <h1>Hey fellaz!!.The server block is working.</h1> </body> </html>
Of course, feel free to edit the content in the body to your preference. Next, configure the ownership of the domain’s directory to avoid any permission glitches.
$ sudo chown -R nginx /var/www/linuxtechgeek.info/
And set the permissions as shown.
$ sudo chmod -R 755 /var/www/linuxtechgeek.info/
Great! Let’s now configure the Server block file.
Step 2: Create Nginx server block file
We will configure the Nginx server block file in the /etc/nginx/conf.d directory as follows.
$ sudo vim /etc/nginx/conf.d/linuxtechgeek.info.conf
Paste the following configuration
server {
listen 80;
server_name linuxtechgeek.info www.linuxtechgeek.info;
root /var/www/linuxtechgeek.info/html;
index index.php index.html index.htm;
access_log/var/log/nginx/linuxtechgeek.info.access.log;
error_log /var/log/nginx/linuxtechgeek.info.error.log;
}
Save and exit. Once done, verify if all the configurations are sound.
$ sudo nginx -t
From the output, everything looks just fine. To apply all the changes made, restart Nginx webserver.
$ sudo systemctl restart nginx
And ensure that it is running.
$ sudo systemctl status nginx
Now browse your website and you will be directed to your server block index.html file.
http://domain-name.come
Step 3: Secure Nginx with Let’s Encyrpt SSL
Our server block is already set up, but the web server is not encrypted yet. Encrypting the site using an SSL certificate is crucial in order to secure information sent to and from the web server. An SSL certificate will also enhance your site’s Google rankings and boost interactions with your customers.
Let’s Encrypt is a free global CA ( Certificate Authority) that lets users obtain and secure their sites using a free SSL /TLS certificate. We are going to install Certbot which will automate the installation of the free SSL certificate from Let’s Encrypt.
$ sudo dnf install certbot python3-certbot-nginx
Once installed, run cerbot as follows to install the Let’s Encrypt SSL certificate
$ sudo certbox --nginx
Follow the prompts as indicated.
Step 3: Manage certificate renewal
Let’s Encrypt certificate is valid up to 90 days. However, a notification will be sent to you 20 days before expiry and more notifications from 10 days to the last day.
You can renew the certificate manually using the command:
$ sudo certbot renew
To automate the renewal, create a new cron job.
$ crontab -e
Append this line and save the changes.
0 0 * * * /usr/bin/certbot renew > /dev/null 2>&1
And that’s it! That’s how you can configure an Nginx server block and secure your web server using Let’s Encrypt SSL.
Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications including CCNA RS, SCP, and ACE. As an IT engineer and technical author, he writes for various websites.
