Step-by-Step Guide to Setting Up Let's Encrypt SSL on Nginx for Ubuntu
How to Securely Set Up SSL on Your Nginx Server Using Let's Encrypt and Ubuntu
Table of contents
Let's Encrypt and Nginx are among the most popular technologies for deploying your app on a server. Today, we'll learn how to set up Nginx and a free SSL with Certbot on your Ubuntu server.
Prerequisites
To make sure your Nginx works, you need to set up your DNS records properly:
Create an A record pointing to your server's public IP address:
Record Type: A``Name: @``Content: YOUR_SERVER_IP
For subdomains, create an A record like this:
Record Type: A``Name: your_subdomain``Content: YOUR_SERVER_IP
If you want to find your server ip just type this command on your command line:
$ ifconfig
NGINX
First we are going to install NGINX on your system.
$ sudo apt update
$ sudo apt install nginx
Now we are going to check if nginx is working
$ systemctl status nginx
Output:
Output
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2024-04-20 16:00:00 UTC; 3 days ago
Docs: man:nginx(8)
Main PID: 2569 (nginx)
Tasks: 2 (limit: 1153)
Memory: 3.5M
CGroup: /system.slice/nginx.service
├─2369 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
└─2380 nginx: worker process
Also if you go to your server public if you should see this page:
Let's Encrypt
The next step is to intall certbot in order to create ssl certificates for free. Certbot recommends using snapd to install so this is what we are going to use.
$ sudo snap install core; sudo snap refresh core
$ sudo snap install --classic certbot
$ sudo ln -s /snap/bin/certbot /usr/bin/certbot
Now we are going to create the certificate using the command below.
certbot --nginx -d test.com -d www.test.com --redirect --non-interactive --agree-tos --email your_email@example.com --keep-until-expiring
Here's what the command does:
--nginx
: This tellscertbot
to configure the SSL certificate for a domain using the Nginx web server.-d
test.com
-d
www.test.com
: These are the domain names for which you want to generate the SSL certificate.--redirect
: This option configures HTTPS redirection, automatically setting up redirects from HTTP to HTTPS for your domain.--non-interactive
: This flag ensures the script runs non-interactively and does not require user input.--agree-tos
: This option automatically agrees to the terms of service forcertbot
.--email
youremail@example.com
: Replaceyouremail@example.com
with your email address to receive notifications about the certificate's status and renewal.--keep-until-expiring
: This flag ensures thatcertbot
will only renew the certificate when it is close to expiration.
Configurations
Because of the --nginx
flag, the configuration will be set up for nginx. However, your configuration depends on the type of app you are going to deploy, so below, I will provide some common examples.
All nginx configuration files are typically located at this path:
/etc/nginx/conf.d/default.conf
Configuration for a static app:
# HTTP server block
server {
listen 80;
listen [::]:80;
server_name test.com www.test.com;
# Path to index.html of your application
root /var/www/html/front;
location / {
try_files $uri $uri/ /index.html;
}
# Redirect all HTTP traffic to HTTPS
return 301 https://$host$request_uri;
}
# HTTPS server block
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name test.com www.test.com;
# Path to index.html of your application
root /var/www/html/front;
# SSL certificate and key
ssl_certificate /path/to/your/certificate.crt;
ssl_certificate_key /path/to/your/private.key;
location / {
try_files $uri $uri/ /index.html;
}
}
Deploying a server-side app like Next.js
# HTTP server block
server {
listen 80;
listen [::]:80;
server_name yourdomain.com www.yourdomain.com;
# Redirect all HTTP traffic to HTTPS
return 301 https://$host$request_uri;
}
# HTTPS server block
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name yourdomain.com www.yourdomain.com;
# SSL certificate and key
ssl_certificate /path/to/your/certificate.crt;
ssl_certificate_key /path/to/your/private.key;
# Proxy configuration for Next.js
location / {
# Proxy requests to the Next.js server running on port 8080
proxy_pass http://localhost:8080;
# Set headers to preserve the original client IP and other information
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Timeout settings for proxying
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# Ensure that the server responses are not cached
proxy_buffering off;
}
}
Again everything depends on what you want to deploy so making small changes on your nginx config might be necessary.
Conclusion
In this guide, we covered how to set up Let's Encrypt SSL on an Nginx server running Ubuntu. We started with DNS configuration, installed Nginx, and secured it with a free SSL certificate from Certbot. Each step helps make your web application secure and operational.
Keep in mind, your Nginx configuration may need adjustments based on your app's needs, and regular updates are essential for security.
Thanks for reading, and I hope you found this article helpful. If you have any questions, feel free to email me at kourouklis@pm.me, and I will respond.
You can also keep up with my latest updates by checking out my X here: x.com/sotergreco