Skip to content

Latest commit

 

History

History

078

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 

How to Secure Nginx with Lets Encrypt on Ubuntu 20.04 with Certbot?

YouTube Tutorial

1. Create EC2 Instance in AWS Ubuntu 20.04 LTS

  • Create EC2 instance
    • Ubuntu 20.04
    • t3.micro (cpu cores > 1)
    • public subnet
    • enable public ip
  • Create Security Group nginx
    • open port 80, and 443
  • Create devops kep pair
  • Update permissions on devops key pair
    • Keys need to be only readable by you chmod 400 devops.pem

2. Install Nginx Ubuntu 20.04 LTS

  • SSH to the Ubuntu server
ssh -i devops.pem [email protected]
  • Update Ubuntu packages
sudo apt update
  • Check version of nginx to be installed
apt policy nginx
  • Check current versions of nginx here
  • Add nginx deb repository
sudo vi /etc/apt/sources.list.d/nginx.list
deb https://nginx.org/packages/ubuntu/ focal nginx
deb-src https://nginx.org/packages/ubuntu/ focal nginx

deb lines are relative to binary packages, that you can install with apt. deb-src lines are relative to source packages (as downloaded by apt-get source $package) and next compiled. Source packages are needed only if you want to compile some package yourself, or inspect the source code for a bug. Ordinary users don't need to include such repositories.

  • Update Ubuntu packages
sudo apt update
  • Add GPG key
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ABF5BD827BD9BF62
  • Update Ubuntu packages
sudo apt update
  • Check version of nginx to be installed
apt policy nginx
  • Install nginx
sudo apt install nginx=1.20.1-1~focal
  • Start nginx
sudo systemctl start nginx
  • Enable nginx
sudo systemctl enable nginx
  • Check nginx status
sudo systemctl status nginx

(Can't open PID file /run/nginx.pid (yet?) after start: Operation not permitted)

  • Go to browser

3. Nginx Setup Server Block

  • Check the main nginx config
cat /etc/nginx/nginx.conf
  • Check default nginx config
cat /etc/nginx/conf.d/default.conf
  • Create folder for our website
sudo mkdir -p /var/www/devopsbyexample.io/html
  • Update ownership
sudo chown -R $USER:$USER /var/www/devopsbyexample.io/html
  • Update permissions
sudo chmod -R 755 /var/www/devopsbyexample.io
  • Create a web page
  • vi /var/www/devopsbyexample.io/html/index.html
<html>
    <head>
        <title>Welcome to devopsbyexample.io!</title>
    </head>
    <body>
        <h1>Success!  The devopsbyexample.io server block is working!</h1>
    </body>
</html>
  • Create sites-available directory
sudo mkdir /etc/nginx/sites-available/
  • Create sites-enabled directory
sudo mkdir /etc/nginx/sites-enabled
  • Create nginx server block
sudo vi /etc/nginx/sites-available/devopsbyexample.io
server {
        listen 80;

        root /var/www/devopsbyexample.io/html;
        index index.html;

        server_name devopsbyexample.io www.devopsbyexample.io;

        location / {
                try_files $uri $uri/ =404;
        }
}
  • Add include statement
sudo vi /etc/nginx/nginx.conf
include /etc/nginx/sites-enabled/*;
  • Create a symlink
sudo ln -s /etc/nginx/sites-available/devopsbyexample.io /etc/nginx/sites-enabled/
  • Test nginx config
sudo nginx -t
  • Reload nginx config
sudo nginx -s reload
  • Create A records
  • Check DNS (if you are using cloudflare enable full strict by ssl/tsl>overview>full_strict)
dig devopsbyexample.io
dig www.devopsbyexample.io

4. Install Certbot on Ubuntu 20.04 LTS

  • Go to official certbot page
  • Go to install snap page
  • Check snap version
snap version
  • If you don't have it apt policy snapd and apt install snapd
  • Ensure that your version of snapd is up to date
sudo snap install core; sudo snap refresh core
  • Remove certbot-auto and any Certbot OS packages
sudo apt-get remove certbot
  • Install Certbot
sudo snap install --classic certbot
  • Prepare the Certbot command
sudo ln -s /snap/bin/certbot /usr/bin/certbot
  • Check certbot version
sudo certbot --version

5. Secure Nginx with Lets Encrypt on Ubuntu 20.04 LTS

  • Test certbot
sudo certbot --nginx --test-cert
  • Open nginx block
cat /etc/nginx/sites-available/devopsbyexample.io
sudo certbot --nginx
sudo certbot renew --dry-run
  • Check systemctl times
systemctl list-timers

Clean Up

  • Delete EC2 instance
  • Delete security group nginx
  • Delete key pair devops
  • Remove A records

Links