Configuring Nginx

The configuration for the web servers available and enabled on the system is located in the directories shown in Listing 7. Now you can create a minimal basic configuration for www.example1.de in the /etc/nginx/sites-available/www.example1.de file (Listing 8), and do the same for www.example2.de.

# tree /etc/nginx/sites-*
/etc/nginx/sites-available
--- default
/etc/nginx/sites-enabled
--- default -> /etc/nginx/sites-available/default

server
 {
  listen 80;
  server_name www.example1.de;
  root /var/www/www.example1.de;
  index index.html;
}

Again, you need to fire up both configurations by first manually linking the configuration files:

# ln -s /etc/nginx/sites-available/www.example1 .de/etc/nginx/sites-enabled/

Then, tell Nginx to parse the new configuration, making the virtual hosts available:

# systemctl reload nginx

Again, test the new configuration manually over Telnet as before. To disable a virtual host, just use rm to delete the matching link and reparse the configuration. In terms of the number of FQDNs per configuration file, the same applies as for Apache.

Redirects in Nginx

As a simple example of the use of virtual hosts for the same FQDN, you will again be redirecting all http://example1.de to http://www.example1.de (Listing 9). After reloading the configuration, it's time for another test with curl -I.

server {
  listen 80;
  server_name example1.de;
  return 301 http://www.example1.de$request_uri;
}
server {
  listen 80;
  server_name www.example1.de;
  root /var/www/www.example1.de;
  index index.html;
}

SSL with Let's Encrypt

Let's Encrypt [2] is the easiest way to get SSL working on your web server. Fortunately, the approach is identical for Apache and Nginx, except for one small parameter in the script call.

The installation of Let's Encrypt relies on the Snap package manager, which can be installed with:

# apt-get -y install snapd
[... New registration ...]

At this point you have to log off and log back on again to make sure that all paths are set correctly; then, set up Let's Encrypt with the commands:

# snap install core
# snap install --classic certbot
# ln -s /snap/bin/certbot /usr/bin/certbot

The next command is a call to Certbot with either --apache or --nginx as parameters. For Apache, that would be:

# certbot --apache

At this point, Certbot asks for a valid email address and then for the FQDN to be activated. The Certbot script automatically configures the FQDN selected in this process and adjusts the Apache or Nginx configuration accordingly.

The charming thing about this process is that the system now takes care of updating the certificates without any further intervention. The new web server can now only be reached at https://www.example1.de , and it automatically redirects requests to http://www.example1.de to HTTPS with a 301.

The Author

Stefan Wintermeyer (https://www.wintermeyer-consulting.de) is a consultant, coach, and book author for Ruby on Rails, Phoenix, and web performance.