Welcome to part 2 of personal cloud! This week we’ll setup the Nginx web server and enable SSL encryption with Let’s Encrypt.
Nginx is a great web server that many large sites like Imgur use. It is built to be very light, scalable, and supports many proxies. You can even do automatic load balancing with it.
We are going to go over the basics with one domain name, but you can easily copy these steps to host multiple domain names on the same server with multiple virtual hosts.
Let’s start by installing nginx.
# apt install nginxNow we will go to it’s config directory and delete the default site.
# cd /etc/nginx/sites-available
# rm default
# cd ../sites-enabled/
# rm default
# cd ../sites-available/Now we will create the config file for our site. Just name the file after your domain.
# nano domain.com
In here we can go ahead and paste a basic config which will enable regular http access to the site.
server {
listen 80;
listen [::]:80;
server_name domain.com;
root /var/www/html/domain.com;
index index.html;
}Change the server_name to your domain name, and change the root folder to your domain name. Make sure to also create that folder.
Now we make a symbolic link to the sites-enabled directory to activate the site.
# ln -s /etc/nginx/sites-available/domain.com /etc/nginx/sites-enabled/domain.com
Now we just reload nginx to enable it.
# service nginx reload
Make sure to also allow port 80 and port 443 through the firewall:
# ufw allow 80
# ufw allow 443If everything works then when you try to load your domain in a browser you should see either a 404 error or a 403.
Let’s go ahead and add an html homepage.
In your webdirectory which should be /var/www/html/domain.com create the file index.html
# nano /var/www/html/domain.com/index.html
Enter whatever you want in there. When you refresh your webpage you should see the text.
Now let’s setup SSL encryption on the site. We can use Let’s Encrypt’s certbot for this. It is available from the Debian Jessie backports. To enable that just add the repo:
# nano /etc/apt/sources.list
Add: deb http://ftp.debian.org/debian jessie-backports main
Then just # apt-update
Now we can install certbot with:
# apt install certbot -t jessie-backports
Certbot doesn’t support nginx automatically, so we need to use its standalone webserver to authenticate. To do this we need to disable nginx.
# service nginx stop
Now we can run certbot to get our SSL certificate:
# certbot certonly --standalone -d domain.comIf it was successful it will list out where it saved the certificate. So lets go edit our nginx config again to setup HTTPS:
# nano domain.com
Add this below the first section:
server {
listen 443;
listen [::]:443;
server_name domain.com;
root /var/www/html/domain.com;
index index.php;
ssl on;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
}Make sure to change the domain to your domain name. Remove the root path and index line from the first section of the config, and add the return line. This line will redirect all non-encrypted traffic over HTTPS:
return 301 https://$host$request_uri;
Now we can start nginx back up:
# service nginx start
If you load your domain again you should now see it fully encrypted!
The nice thing about having your own SSL certificate is that you can use it for more than just a web server. If you want to run a VPN server the SSL certificate can be used for that too.