Nginx

How to Encrypt Nginx server with Let's Encrypt on Ubuntu 20.04

How to Encrypt Nginx server with Let's Encrypt on Ubuntu 20.04
A certificate authority known as Let's Encrypt demonstrates an easy method to get and install certificates for encrypting HTTPS on web servers. A software client called Certbot is used in automating the required steps for this process. The installation of certificates on Nginx and Apache is fully automatic. I will show you how to secure your Nginx server with a free SSL certificate on Ubuntu 20.04.

We will be using different Nginx server configuration files as it helps in avoiding the common mistakes and also helps in maintaining the default configuration files as a fallback option.

Step 1:

As always, first, update your APT.

$ sudo apt update

Step 2:

Now, upgrade your APT.

$ sudo apt upgrade

Step 3:

Now, download and install a Certbot software tool that will help you to get an SSL certificate from Let's Encrypt. Execute the following terminal command for installing Certbot via APT.

$ sudo apt install certbot python3-certbot-nginx

This will install certbot, but you will still need to configure the Ngnix configuration file for SSL certificate installation.

Step 4:

You should set up a server block before moving to the next step, and it is a necessary step in case you are hosting multiple sites. We will create a new directory in “/var/www” path and let the default directory un-touched. Execute the following command for creating a new directory.

$ sudo mkdir -p /var/www/example.com/html

Step 5:

Now provide ownership permissions to this directory via the following terminal command.

$ sudo chown -R $USER:$USER /var/www/example.com/html

Step 6:

Now ensure that the permissions are granted by executing the following terminal command.

$ sudo chmod -R 755 /var/www/example.com

Step 7:

Now create an index.html file using your favorite text editor, I am using a gedit text editor.

$ sudo gedit /var/www/example.com/html/index.html

Add the following text inside this HTML file.



Welcome to example.com!


Success! The example.com server block is working!



Save and close the file.

Step 8:

Now create a new configuration file the sites-available directory using your favorite text editor by executing the following command.

$ sudo gedit /etc/nginx/sites-available/example.com

Now add the following text in this configuration file for the new directory and domain name.

server
listen 80;
listen [::]:80;
root /var/www/example.com/html;
index index.html index.htm index.nginx-debian.html;
server_name example.com www.example.com;
location /
try_files $uri $uri/ =404;

Save and close this file to take effects.

Step 9:

Now, enable the new directory for Nginx startup via the following terminal command.

$ sudo ln -s /etc/nginx/sites available/example.com /etc/nginx/site-enabled/

Step 10:

To avoid any server name hash bucket memory problems, provide a single value in the following configuration file.

$ sudo gedit /etc/nginx/nginx.conf

Now remove the # sign from hash_bucket_size option to uncomment it. Save the close the file.

Step 11:

Now type the following two commands for removing syntax errors and restarting the Nginx server.

$ sudo nginx -t

$ sudo systemctl restart nginx

Step 12:

Now, you need to verify and confirm Nginx configuration files. As certbot needs to find the correct server block in Nginx configuration, so it looks for a server_name that is in matching with the requested domain. To verify these configuration files, type the following terminal command.

$ sudo nginx -t

Step 13:

Now, update your UFW firewalls rules to allow Nginx for full permissions. If you are having any previous rules relating to the HTTP server, delete them by using the UFW deny option before adding the following command.

sudo ufw allow 'Nginx Full'

Step 14:

Now we arrive at the point where we have to install an SSL certificate using certbot software. Execute the following terminal command.

$ sudo certbot --nginx -d example.com -d www.example.com

If you are using certbot for the first time, you will be asked for an email address and terms and conditions prompt, agree to do so, and you will be able to move the next step.

Step 15:

Now you will be asked for configuration of your HTTPS settings, choose the necessary options, and hit the Enter button to continue. Certbot will install all the required certificates and update the Nginx files; your server will reload with a message to tell you that your process is successful.

Step 16:

Now that you have installed the certificates, you should also make sure that these certificates are auto-renewed after a specific time. Execute the following two terminal commands to ensure this process's ability.

$ sudo systemctl status certbot.timer

$ sudo certbot renew --dry-run

Conclusion:

So far, we have covered how to build a separate server block in Nginx, install certificates using Certbot software tool from Let's Encrypt certificate authority servers, and how to apply a renewal process for these certifications.

Hiiri Middle mouse button not working in Windows 10
Middle mouse button not working in Windows 10
The middle mouse button helps you scroll through long webpages and screens with a lot of data. If that stops, well you will end up using the keyboard ...
Hiiri How to change Left & Right mouse buttons on Windows 10 PC
How to change Left & Right mouse buttons on Windows 10 PC
It's quite a norm that all computer mouse devices are ergonomically designed for right-handed users. But there are mouse devices available which are s...
Hiiri Emulate Mouse clicks by hovering using Clickless Mouse in Windows 10
Emulate Mouse clicks by hovering using Clickless Mouse in Windows 10
Using a mouse or keyboard in the wrong posture of excessive usage can result in a lot of health issues, including strain, carpal tunnel syndrome, and ...