An Nginx server block is the equivalent of an Apache virtual host. It gives users the flexibility to host numerous websites on the same server. This is a cost effective approach of hosting websites instead of setting up different servers and configuring them for different domains.
Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to perform related Nginx queries.
In this context, we shall look into the configuration procedure of an Nginx server block. Also, you will see how you can secure the webserver with Let's Encrypt SSL which is a free SSL.
Before we proceed with this procedure, we nee to ensure that Nginx web server is installed on the server. To make it easier for you, you can follow our complete guide on the best method to Install Nginx on CentOS 8.
You will need to also confirm that your domain name points to your virtual server's public IP address. To ensure this, head over to your domain name registrar and configure the A record to point to the server's IP address.
Then complete the below steps.
1. Create Document root for the domain
To begin, we will simply create a directory for our domain that will store the website's files. Here, we will be using a domain name called outsourcepath.com. So, run the command below to accomplish this:
$ sudo mkdir -p /var/www/outsourcepath.com/html
For demo purposes, we will create a sample index.html file.
$ sudo vim /var/www/outsourcepath.com/html/index.html
Then, Paste the following HTML lines:
<html>
<head>
<title>Welcome to outsourcepath.com</title>
</head>
<body>
<h1>Hey fellaz!!.The server block is working.</h1>
</body>
</html>
You can choose to modify the contents in the body of the above html file to fit your preference. Next, configure the ownership of the domain's directory to avoid any permission glitches:
$ sudo chown -R nginx /var/www/outsourcepath.com/
Also set the permissions with the below command:
$ sudo chmod -R 755 /var/www/outsourcepath.com/
2. Create Nginx server block file
We will configure the Nginx server block file in the /etc/nginx/conf.d directory as follows:
$ sudo vim /etc/nginx/conf.d/outsourcepath.com.conf
Now, Paste the following configuration:
server {
listen 80;
server_name outsourcepath.com www.outsourcepath.com;
root /var/www/outsourcepath.com/html;
index index.php index.html index.htm;
access_log/var/log/nginx/outsourcepath.com.access.log;
error_log /var/log/nginx/outsourcepath.com.error.log;
}
Save and exit the file. Once done, verify if all the configurations syntax is correct:
$ sudo nginx -t
If everything is fine, simply apply all the changes made and restart Nginx webserver with the below commands:
$ sudo systemctl restart nginx
Then ensure that it is running by executing the below command:
$ sudo systemctl status nginx
You should now be able to browse your website and you will be directed to your server block index.html file:
http://domain-name.com
The output will look like this:
Hey fellaz!!.The server block is working.
3. Secure Nginx with Let's Encrypt SSL
Our server block is already set up, but the web server is not encrypted yet. Encrypting the site using an SSL certificate is crucial in order to secure information sent to and from the web server. An SSL certificate will also enhance your site’s Google rankings and boost interactions with your customers.
Let's Encrypt is a free global CA ( Certificate Authority) that lets users obtain and secure their sites using a free SSL /TLS certificate. We are going to install Certbot which will automate the installation of the free SSL certificate from Let's Encrypt:
$ sudo dnf install certbot python3-certbot-nginx
Once installed, run cerbot as follows to install the Let's Encrypt SSL certificate:
$ sudo certbox --nginx
You will be prompted to take some actions and once you do, the configuration will be done.
4. Manage certificate renewal
Let's Encrypt certificate is valid up to 90 days. However, a notification will be sent to you 20 days before expiry and more notifications from 10 days to the last day.
You can renew the certificate manually using the command:
$ sudo certbot renew
To automate the renewal, create a new cron job:
$ crontab -e
Append this line and save the changes:
0 0 * * * /usr/bin/certbot renew > /dev/null 2>&1
This article covers how you can configure an Nginx server block and secure your web server using Let's Encrypt SSL. In fact, Let’s Encrypt SSL certificate is a digital certificate provided by Let’s Encrypt CA ( Certificate Authority) to secure a web server.
How to Install Certbot on your RHEL-based distros / Linux system ?
1. First, install the EPEL repository which provides additional and high-quality packages for RHEL-based distros:
$ sudo dnf install -y epel-release
2. Once installed, install certbot and certbot module for Nginx:
$ sudo dnf install certbot python3-certbot-nginx
This installs certbot, certbot module for Nginx host of other packages and dependencies.