{"id":9939,"date":"2021-09-20T10:13:39","date_gmt":"2021-09-20T10:13:39","guid":{"rendered":"https:\/\/linuxways.net\/?p=9939"},"modified":"2021-09-20T10:13:39","modified_gmt":"2021-09-20T10:13:39","slug":"how-to-configure-nginx-server-block-and-secure-nginx-with-lets-encrypt-ssl-on-rocky-linux-8-centos-8","status":"publish","type":"post","link":"https:\/\/linuxways.net\/de\/centos\/how-to-configure-nginx-server-block-and-secure-nginx-with-lets-encrypt-ssl-on-rocky-linux-8-centos-8\/","title":{"rendered":"How to Configure Nginx Server Block and Secure Nginx with Let’s Encrypt SSL on Rocky Linux 8 \/ CentOS 8"},"content":{"rendered":"

An Nginx server block is the equivalent of an Apache virtual host. It gives users the flexibility to host numerous websites on the same server. This is a cost effective approach of hosting websites instead of setting up different servers and configuring them for different domains.<\/p>\n

In this walkthrough, we will demonstrate the configuration of an Nginx server block. Afterwards, we will show you how you can secure the webserver with Let\u2019s Encrypt SSL which is a free SSL .<\/p>\n

Prerequisites<\/strong><\/h2>\n

Before you move along, ensure that you have Nginx installed. We have a comprehensive tutorial that walls through the installation of l Nginx on CentOS 8<\/a>. Also, confirm that your domain name points to your virtual server\u2019s public IP address. To ensure this, head over to your domain name vendor and configure the A record to point to the server\u2019s IP.<\/p>\n

<\/p>\n

Here, the IP address points to the domain called linuxtechgeek.info <\/strong>which we are going to use throughout this guide.<\/p>\n

Step 1: Create Document root for the domain<\/strong><\/h2>\n

We will start off by creating a directory for our domain that will store the website\u2019s files. So, run the command below to accomplish this.<\/p>\n

$ sudo mkdir -p \/var\/www\/linuxtechgeek.info\/html<\/strong><\/pre>\n
For demo purposes, we will create a sample index.html<\/strong> file.<\/p>\n
$ sudo vim \/var\/www\/linuxtechgeek.info\/html\/index.html<\/strong><\/pre>\n
Paste the following HTML lines.<\/p>\n
<html><\/strong>\r\n\r\n <head><\/strong>\r\n\r\n <title>Welcome to my domain.info<\/title><\/strong>\r\n\r\n <\/head><\/strong>\r\n\r\n <body><\/strong>\r\n\r\n <h1>Hey fellaz!!.The server block is working.<\/h1><\/strong>\r\n\r\n <\/body><\/strong>\r\n\r\n<\/html><\/strong><\/pre>\n
Of course, feel free to edit the content in the body to your preference. Next, configure the ownership of the domain\u2019s directory to avoid any permission glitches.<\/p>\n
$ sudo chown -R nginx \/var\/www\/linuxtechgeek.info\/<\/strong><\/pre>\n
And set the permissions as shown.<\/p>\n
$ sudo chmod -R 755 \/var\/www\/linuxtechgeek.info\/<\/strong><\/pre>\n
Great! Let\u2019s now configure the Server block file.<\/p>\n
Step 2: Create Nginx server block file<\/strong><\/h2>\n
We will configure the Nginx server block file in the \/etc\/nginx\/conf.d <\/strong>directory as follows.<\/p>\n
$ sudo vim \/etc\/nginx\/conf.d\/linuxtechgeek.info.conf<\/strong><\/pre>\n
Paste the following configuration<\/p>\n
server {<\/strong>\r\n\r\n listen 80;<\/strong>\r\n\r\n server_name linuxtechgeek.info www.linuxtechgeek.info;<\/strong>\r\n\r\n root \/var\/www\/linuxtechgeek.info\/html;<\/strong>\r\n\r\n index index.php index.html index.htm;<\/strong>\r\n\r\n access_log\/var\/log\/nginx\/linuxtechgeek.info.access.log;<\/strong>\r\n\r\n error_log \/var\/log\/nginx\/linuxtechgeek.info.error.log;<\/strong>\r\n\r\n}<\/strong><\/pre>\n
Save and exit. Once done, verify if all the configurations are sound.<\/p>\n
$ sudo nginx -t<\/strong><\/pre>\n
<\/strong><\/p>\n
From the output, everything looks just fine. To apply all the changes made, restart Nginx webserver.<\/p>\n
$ sudo systemctl restart nginx<\/strong><\/pre>\n
And ensure that it is running.<\/p>\n
$ sudo systemctl status nginx<\/strong><\/pre>\n
<\/strong><\/p>\n
Now browse your website and you will be directed to your server block index.html file.<\/p>\n
http:\/\/domain-name.come<\/strong><\/a><\/pre>\n
<\/strong><\/p>\n
Step 3: Secure Nginx with Let\u2019s Encyrpt SSL<\/strong><\/h2>\n
Our server block is already set up, but the web server is not encrypted yet. Encrypting the site using an SSL certificate is crucial in order to secure information sent to and from the web server. An SSL certificate will also enhance your site\u2019s Google rankings and boost interactions with your customers.<\/p>\n
Let\u2019s Encrypt<\/a> is a free global CA ( Certificate Authority) that lets users obtain and secure their sites using a free SSL \/TLS certificate. We are going to install Certbot which will automate the installation of the free SSL certificate from Let\u2019s Encrypt.<\/p>\n
$ sudo dnf install certbot python3-certbot-nginx<\/strong><\/pre>\n
<\/p>\n
Once installed, run cerbot as follows to install the Let\u2019s Encrypt SSL certificate<\/p>\n
$ sudo certbox --nginx<\/strong><\/pre>\n
Follow the prompts as indicated.<\/p>\n
<\/p>\n
Step 3: Manage certificate renewal<\/strong><\/h2>\n
Let\u2019s Encrypt certificate is valid up to 90 days. However, a notification will be sent to you 20 days before expiry and more notifications from 10 days to the last day.<\/p>\n
You can renew the certificate manually using the command:<\/p>\n
$ sudo certbot renew <\/strong><\/pre>\n
To automate the renewal, create a new cron job.<\/p>\n
$ crontab -e<\/strong><\/pre>\n
Append this line and save the changes.<\/p>\n
0 0 * * * \/usr\/bin\/certbot renew > \/dev\/null 2>&1<\/strong><\/pre>\n
And that\u2019s it! That\u2019s how you can configure an Nginx server block and secure your web server using Let\u2019s Encrypt SSL.<\/p>","protected":false},"excerpt":{"rendered":"
An Nginx server block is the equivalent of an Apache virtual host. It gives users the flexibility to host numerous websites on the same server. This is a…<\/p>","protected":false},"author":1,"featured_media":10291,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1,165],"tags":[93,149,436,432],"class_list":["post-9939","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-centos","category-red-hat","tag-centos-8","tag-nginx","tag-rocky-linux-8","tag-ssl-certificate"],"_links":{"self":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/9939","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/comments?post=9939"}],"version-history":[{"count":0,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/9939\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media\/10291"}],"wp:attachment":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media?parent=9939"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/categories?post=9939"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/tags?post=9939"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}