In this article we will learn how to setup Nginx with SSL certificate. For SSL certificate we will use Let’s Encrypt. Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG). Let’s Encrypt provides X.509 certificates for Transport Layer Security (TLS) encryption at no charge. The certificates are valid for 90 days and must be renewed periodically. The certificates are trusted by all major web browsers.
Prerequisites
- Ubuntu 20.04
- Server Instance (AWS, Digital Ocean, etc)
- Domain Name
- DNS Record that point to your server instance
Login to your server instance
ssh root@your_server_ip
Step 1: Install Nginx
First let’s update our package list
sudo apt update
Check which version of Nginx is available
apt-cache policy nginx
Generally, the latest version of Nginx is available in the default Ubuntu repository. If you want to install the latest version of Nginx, you have add the Nginx repository to your system. Followings are the steps to add the Nginx repository to your system.
Step 2: Add Nginx Repository
sudo vi /etc/apt/sources.list.d/nginx.list
deb https://nginx.org/packages/ubuntu/ focal nginx
deb-src https://nginx.org/packages/ubuntu/ focal nginx
deb lines are for the main repository and deb-src lines are for the source repository. Src packages are not required for the installation of Nginx. So, you can comment out the deb-src lines.
Step 3: Add Nginx Signing Key
curl -fsSL https://nginx.org/keys/nginx_signing.key | sudo apt-key add -
sudo apt-key fingerprint ABF5BD827BD9BF62
Update Package List
sudo apt update
Install Nginx
apt policy nginx
sudo apt install nginx=1.20.1-1~focal
Enabling and checking status of Nginx Service
sudo systemctl status nginx
sudo systemctl enable nginx
sudo systemctl status nginx
Setting up server block
sudo mkdir -p /var/www/example.com/html
Update the ownership of the directory
sudo chown -R $USER:$USER /var/www/example.com/html
Update the permission
sudo chmod -R 755 /var/www/example.com
Create a sample index.html file
# Also add some text to the file
sudo vi /var/www/example.com/html/index.html
Create site configuration file
# Create s site available configuration file
sudo vi /etc/nginx/sites-available/example.com
sudo mkdir /etc/nginx/sites-enabled
Add the following content to the file
``` sudo vi /etc/nginx/sites-available/devopsbyexample.io ``
server {
listen 80;
root /var/www/example.com/html;
index index.html;
server_name example.com www.example.com;
location / {
try_files $uri $uri/ =404;
}
}
Make sure to replace the server_name with your domain name. Also DNS record should point to your server instance.
Add include to the main configuration file
sudo vi /etc/nginx/nginx.conf
add the line include /etc/nginx/sites-enabled/*; to the end of the file
Create a symbolic link to the sites-enabled directory
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
Test the configuration file
sudo nginx -t
Restart Nginx
sudo systemctl restart nginx
Step 4: Install Certbot
sudo apt install certbot python3-certbot-nginx
Secure Nginx with Let’s Encrypt
sudo certbot --nginx -d example.com -d www.example.com
Check the renewal status
sudo certbot renew --dry-run
Check the certificate
sudo openssl x509 -in /etc/letsencrypt/live/example.com/fullchain.pem -text -noout
Check the certificate expiration date
sudo openssl x509 -in /etc/letsencrypt/live/example.com/fullchain.pem -text -noout | grep "Not After"
