September 29, 2023

Set up your own webserver (& webpage) with nginx, LetsEncrypt and Certbot

This webpage is more of a note to myself to remember the commands I ran rather than a standalone tutorial.
In fact, I followed this guide: https://fedfree.org/docs/http/debian-nginx.html.

The process took me about 3 hours.

Prerequisite: a VPS with GNU/Linux running and a SSH connection. You can follow the following tutorials to get a VPS running with Trisquel GNU/Linux and SSH connection:

These are the commands I ran (as root) as I progressed through the Fedfree tutorial:

apt-get install nginx-core
apt-get install certbot openssl
openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096 # create file
systemctl stop nginx 
certbot certonly -d agency.yctct.com --rsa-key-size 4096 --must-staple --register-unsafely-without-email
ls /etc/letsencrypt/live/ # show that example.com directory is created
[back up above file]
sed -i '/server_tokens/s/^ *#//' /etc/nginx/nginx.conf  # uncomment line
sed -i '/gzip_comp_leve/s/^ *#//' /etc/nginx/nginx.conf # uncomment line
sed -i '/gzip_type/s/^ *#//' /etc/nginx/nginx.conf  # uncomment line

To back up /etc/letsencrypt/ see https://yctct.com/backup-letsencrypt-folder-from-remote-to-local.

Edit SSL settings as recommended in https://fedfree.org/docs/http/debian-nginx.html#etcnginxnginx.conf-tls - my sed skills are not good enough to do the substitution from the command line!

Edit /etc/nginx/sites-available/default as shown in https://fedfree.org/docs/http/debian-nginx.html#etcnginxsites-availabledefault-1

Run:

mkdir -p /var/www/letsencrypt/.well-known/acme-challenge 
systemctl start nginx
mkdir -p /var/www/agency.yctct.com
touch /etc/nginx/sites-available/agency.yctct.com
ln -s /etc/nginx/sites-available/agency.yctct.com agency.yctct.com

Add content of https://fedfree.org/docs/http/debian-nginx.html#etcnginxsites-availableexample.com to /etc/nginx/sites-available/agency.yctct.com.

Run as root:

nginx -t

Read the outcome of the test, check whether you spot any problems, if so act accordingly, then run:

systemctl start nginx

Open a browser.

Type the URL of your website.

The browser should display this:

Welcome to nginx!

If you see this page, the nginx web server is successfully installed and working. Further configuration is required.

For online documentation and support please refer to nginx.org.
Commercial support is available at nginx.com.

Thank you for using nginx.

Note: substitute agency.yctct.com for your website. Look at the tutorial from Fedfree to set up a redirect from www.example.com to example.com, if you are doing so.

Carry on with checks, setting up a cron job to auto-renew the certificate, etc, see: https://fedfree.org/docs/http/debian-nginx.html#ssl-labs.

See also:


personal computing command-line interface (cli) gnu linux trisquel shell literacy office applications wiki nginx hosting letsencrypt certbot

No affiliate links, no analytics, no tracking, no cookies. This work © 2016-2024 by yctct is licensed under CC BY-ND 4.0 .   about me   contact me   all entries & tags   FAQ   GPG public key

GPG fingerprint: 2E0F FB60 7FEF 11D0 FB45 4DDC E979 E52A 7036 7A88