From e331c60377e62f158bdcdedfc7a0664104cd8e03 Mon Sep 17 00:00:00 2001 From: David Luevano Alvarado Date: Sat, 20 Mar 2021 02:46:53 -0700 Subject: Publish mail entry and reflect sbg fix --- blog/dst/a/website_with_nginx.html | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) (limited to 'blog/dst/a/website_with_nginx.html') diff --git a/blog/dst/a/website_with_nginx.html b/blog/dst/a/website_with_nginx.html index 45366e4..69b371b 100644 --- a/blog/dst/a/website_with_nginx.html +++ b/blog/dst/a/website_with_nginx.html @@ -65,7 +65,7 @@

These are general notes on how to setup a Nginx web server plus Certbot for SSL certificates, initially learned from Luke's video and after some use and research I added more stuff to the mix. And, actually at the time of writing this entry, I'm configuring the web server again on a new VPS instance, so this is going to be fresh.

-

As a side note, (((i use arch btw))) so everything here es aimed at an Arch Linux distro, and I'm doing everything on a VPS.

+

As a side note, (((i use arch btw))) so everything here es aimed at an Arch Linux distro, and I'm doing everything on a VPS. Also note that most if not all commands here are executed with root privileges.

Prerequisites

@@ -81,7 +81,7 @@ @@ -90,9 +90,9 @@

You have two options: nginx and nginx-mainline. I prefer nginx-mainline because it's the “up to date” package even though nginx is labeled to be the “stable” version. Install the package and enable/start the service:

-
# pacman -S nginx-mainline
-# systemctl enable nginx.service
-# systemctl start nginx.service
+
pacman -S nginx-mainline
+systemctl enable nginx.service
+systemctl start nginx.service
 

And that's it, at this point you can already look at the default initial page of nginx if you enter the ip of your server in a web browser. You should see something like this:

@@ -101,7 +101,7 @@

As stated in the welcome page, configuration is needed, head to the directory of nginx:

-
# cd /etc/nginx
+
cd /etc/nginx
 

Here you have several files, the important one is nginx.conf, which as its name implies, contains general configuration of the web server. If you peek into the file, you will see that it contains around 120 lines, most of which are commented out and contains the welcome page server block. While you can configure a website in this file, it's common practice to do it on a separate file (so you can scale really easily if needed for mor websites or sub-domains).

@@ -129,9 +129,9 @@ http {

Next, inside the directory /etc/nginx/ create the sites-available and sites-enabled, and go into the sites-available one:

-
# mkdir sites-available
-# mkdir sites-enabled
-# cd sites-available
+
mkdir sites-available
+mkdir sites-enabled
+cd sites-available
 

Here, create a new .conf file for your website and add the following lines (this is just the sample content more or less):

@@ -166,15 +166,15 @@ http {

Then, make a symbolic from this config file to the sites-enabled directory:

-
# ln -s /etc/nginx/sites-available/your_config_file.conf /etc/nginx/sites-enabled
+
ln -s /etc/nginx/sites-available/your_config_file.conf /etc/nginx/sites-enabled
 

This is so the nginx.conf file can look up the newly created server config. With this method of having each server configuration file separate you can easily “deactivate” any website by just deleting the symbolic link in sites-enabled and you're good, or just add new configuration files and keep everything nice and tidy.

All you have to do now is restart (or enable and start if you haven't already) the nginx service (and optionally test the configuration):

-
# nginx -t
-# systemctl restart nginx
+
nginx -t
+systemctl restart nginx
 

If everything goes correctly, you can now go to your website by typing “domain.name” on a web browser. But you will see a “404 Not Found” page like the following (maybe with different nginx version):

@@ -200,19 +200,19 @@ http {

The only “bad” (bloated) thing about certbot, is that it uses python, but for me it doesn't matter too much. You may want to look up another alternative if you prefer. Install the packages certbot and certbot-nginx:

-
# pacman -S certbot certbot-nginx
+
pacman -S certbot certbot-nginx
 

After that, all you have to do now is run certbot and follow the instructions given by the tool:

-
# certbot --nginx
+
certbot --nginx
 

It will ask you for some information, for you to accept some agreements and the names to activate https for. Also, you will want to “say yes” to the redirection from http to https. And that's it, you can now go to your website and see that you have https active.

-

Now, the certificate given by certbot expires every 3 months or something like that, so you want to renew this certificate every once in a while. Using cron, you can do this by running:

+

Now, the certificate given by certbot expires every 3 months or something like that, so you want to renew this certificate every once in a while. Using cron, you can do this by running:

-
# crontab -e
+
crontab -e
 

And a file will be opened where you need to add a new rule for certbot, just append the line: 1 1 1 * * certbot renew (renew on the first day of every month) and you're good. Alternatively use systemd timers as stated in the Arch Linux Wiki.

@@ -223,7 +223,7 @@ http {

-

Created: Sat, Mar 13, 2021 @ 23:08 MST

+

Created: Thu, Mar 18, 2021 @ 19:58 MST