An Nginx server block is the equivalent of an Apache virtual host. It gives users the flexibility to host numerous websites on the same server. This is a cost effective approach of hosting websites instead of setting up different servers and configuring them for different domains.
Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to perform related Nginx queries.
In this context, we shall look into the configuration procedure of an Nginx server block. Also, you will see how you can secure the webserver with Let's Encrypt SSL which is a free SSL.
Steps to Configure Nginx Server Block with Let's Encrypt SSL on Rocky Linux 8
Before we proceed with this procedure, we nee to ensure that Nginx web server is installed on the server. To make it easier for you, you can follow our complete guide on the best method to Install Nginx on CentOS 8.
You will need to also confirm that your domain name points to your virtual server's public IP address. To ensure this, head over to your domain name registrar and configure the A record to point to the server's IP address.
Then complete the below steps.
1. Create Document root for the domain
To begin, we will simply create a directory for our domain that will store the website's files. Here, we will be using a domain name called outsourcepath.com. So, run the command below to accomplish this:
$ sudo mkdir -p /var/www/outsourcepath.com/html
For demo purposes, we will create a sample index.html file.
$ sudo vim /var/www/outsourcepath.com/html/index.html
Then, Paste the following HTML lines:
<title>Welcome to outsourcepath.com</title>
<h1>Hey fellaz!!.The server block is working.</h1>
You can choose to modify the contents in the body of the above html file to fit your preference. Next, configure the ownership of the domain's directory to avoid any permission glitches:
$ sudo chown -R nginx /var/www/outsourcepath.com/
Also set the permissions with the below command:
$ sudo chmod -R 755 /var/www/outsourcepath.com/
2. Create Nginx server block file
We will configure the Nginx server block file in the /etc/nginx/conf.d directory as follows:
$ sudo vim /etc/nginx/conf.d/outsourcepath.com.conf
Now, Paste the following configuration:
server_name outsourcepath.com www.outsourcepath.com;
index index.php index.html index.htm;
Save and exit the file. Once done, verify if all the configurations syntax is correct:
$ sudo nginx -t
If everything is fine, simply apply all the changes made and restart Nginx webserver with the below commands:
$ sudo systemctl restart nginx
Then ensure that it is running by executing the below command:
$ sudo systemctl status nginx
You should now be able to browse your website and you will be directed to your server block index.html file:
The output will look like this:
Hey fellaz!!.The server block is working.
3. Secure Nginx with Let's Encrypt SSL
Our server block is already set up, but the web server is not encrypted yet. Encrypting the site using an SSL certificate is crucial in order to secure information sent to and from the web server. An SSL certificate will also enhance your site’s Google rankings and boost interactions with your customers.
Let's Encrypt is a free global CA ( Certificate Authority) that lets users obtain and secure their sites using a free SSL /TLS certificate. We are going to install Certbot which will automate the installation of the free SSL certificate from Let's Encrypt:
$ sudo dnf install certbot python3-certbot-nginx
Once installed, run cerbot as follows to install the Let's Encrypt SSL certificate:
$ sudo certbox --nginx
You will be prompted to take some actions and once you do, the configuration will be done.
4. Manage certificate renewal
Let's Encrypt certificate is valid up to 90 days. However, a notification will be sent to you 20 days before expiry and more notifications from 10 days to the last day.
You can renew the certificate manually using the command:
$ sudo certbot renew
To automate the renewal, create a new cron job:
$ crontab -e
Append this line and save the changes:
0 0 * * * /usr/bin/certbot renew > /dev/null 2>&1
[Need assistance in configuring SSL Certificate with Nginx web server ? We can help you. ]