• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
WebSetNet

WebSetNet

Technology News

  • Technology News
    • Mobile
    • Games
  • Internet Marketing
  • System Admin
    • Windows 11
    • Linux
    • Mac & Apple
    • Website Scripts
      • Wordpress
You are here: Home / Encryption: How To Secure an NGINX web server on Ubuntu 16.04

Encryption: How To Secure an NGINX web server on Ubuntu 16.04

August 5, 2020 by Martin6


img-phpz1302033ampk98a5476e4186edb0166977da67937f0campa50355ampc679018201-9671337

 

What is Let’s Encrypt

Let’s Encrypt is a free certificate authority brought by the Internet Security Research Group (ISRG). It provides an easy and automated way to obtain free SSL/TLS certificates – a required step for enabling encryption and HTTPS traffic on web servers. Most of the steps in obtaining and installing a certificate can be automated by using a tool called Certbot.

In particular, this software can be used in presence of shell access to the server: in other words, when it’s possible to connect to the server through SSH.

In this tutorial we will see how to use certbot to obtain a free SSL certificate and use it with Nginx on an Ubuntu 16.04 server.

Install Certbot

The first step is to install certbot, the software client which will automate almost everything in the process. Certbot developers maintain their own Ubuntu software repository which contain software newer than those present in the Ubuntu repositories.

Add the Certbot repository:

# add-apt-repository ppa:certbot/certbot

Next, update the APT sources list:

# apt-get update

At this point, it is possible to install certbot with the following apt command:

# apt-get install certbot

Certbot is now installed and ready to use.

Obtain a Certificate

There are various Certbot plugins for obtaining SSL certificates. These plugins help in obtaining a certificate, while its installation and web server configuration are both left to the admin.

We will use a plugin called Webroot to obtain a SSL certificate.

This plugin is recommended in those cases where there is the ability to modify the content being served. There is no need to stop the web server during the certificate issuance process.

Configure NGINX

Webroot works by creating a temporary file for each domain in a directory called .well-known, placed inside the web root directory. In our case, the web root directory is /var/www/html. Ensure that the directory is accessible to Let’s Encrypt for validation. To do so, edit the NGINX configuration. With a text editor, open the /etc/nginx/sites-available/default file:

# $EDITOR /etc/nginx/sites-available/default

In this file, in the server block, place the following content:

 location ~ /.well-known {
    allow all;
 }

Save, exit and check the NGINX configuration:

# nginx -t

Without errors, it should display:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Restart NGINX:

# systemctl restart nginx

Obtain Certificate with Certbot

The next step is to obtain a new certificate using Certbot with the Webroot plugin. In this tutorial, we will secure (as example) the domain www.example.com. It is required to specify every domain that should be secured by the certificate. Execute the following command:

# certbot certonly --webroot --webroot-path=/var/www/html -d www.example.com

During the process, Cerbot will ask for a valid email address for notification purposes. It will also ask to share it with the EFF, but this is not required. After agreeing the Terms of Services, it will obtain a new certificate.

At the end, the directory /etc/letsencrypt/archive will contain the following files:

  • chain.pem: Let’s Encrypt chain certificate.
  • cert.pem: domain certificate.
  • fullchain.pem: combination of cert.pem and chain.pem.
  • privkey.pem: certificate’s private key.

Certbot will also create symbolic links to the most recent certificate files in /etc/letsencrypt/live/domain_name/. This is the path we will use in server configuration.

Configure SSL/TLS on NGINX

The next step is server configuration. Create a new snippet in the /etc/nginx/snippets/. A snippet is a part of a configuration file that can be included in virtual host configuration files. So, create a new file:

# $EDITOR /etc/nginx/snippets/secure-example.conf

The content of this file will be the directives specifying the locations of the certificate and key. Paste the following content:

ssl_certificate /etc/letsencrypt/live/domain_name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain_name/privkey.pem;

In our case, domain_name would be example.com.

Edit NGINX Configuration

Edit the default Virtual Host file:

# $EDITOR /etc/nginx/sites-available/default

As follows:

server {
 listen 80 default_server;
 listen [::]:80 default_server;
 server_name www.example.com
 return 301 https://$server_name$request_uri;

 # SSL configuration
 #
 listen 443 ssl default_server;
 listen [::]:443 ssl default_server;
 include snippets/secure-example.conf
 #
 # Note: You should disable gzip for SSL traffic.
 # See: https://bugs.debian.org/773332
...

This will enable encryption on NGINX.

Save, exit and check the NGINX configuration file:

# nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Restart NGINX:

# systemctl restart nginx

Conclusion

Following all the steps above, at this point we have a secured NGINX-based web server, with encryption granted by Certbot and Let’s Encrypt. This is just a basic configuration, of course, and it’s possible to use many NGINX configuration parameters for personalizing everything, but that depends on specific web server requirements.

The post Encryption: How To Secure an NGINX web server on Ubuntu 16.04 appeared first on Unixmen.

Related posts:

  1. How to Build NGINX from source on Ubuntu 18.04 LTS
  2. Install Let's Encrypt and Secure Nginx with SSL/TLS in Debian 9
  3. Install and Configure LEMP Stack in Debian 9
  4. How to Install WordPress with HHVM and Nginx on CentOS 7
  5. Install Nginx with ngx_pagespeed on CentOS 7
  6. How to configure remote and secure connections for MySQL on Ubuntu 16.04 VPS
  7. How to Install Let’s Encrypt with Apache on CentOS 7
  8. How to Install Let’s Encrypt SSL on Ubuntu 18.04 with Nginx
  9. How to Install SuiteCRM with Nginx on CentOS 7
  10. How to Install Elastic Stack on CentOS 7

Filed Under: Uncategorized Tagged With: encryption, nginx, secure, server, Ubuntu

Primary Sidebar

Popular posts

  • 5 Ways to Fix “Your SIM sent a Text Message” Issue on iPhone
  • 3 Ways to Disable GetApps on Xiaomi, Redmi, and Poco Phones Running MIUI
  • GeForce Experience not finding games? Fix it fast
  • How To Extract & Install tar.gz Files In Ubuntu
  • Discord Stream Has No Sound? 6 Ways to Fix
  • How to Highlight Duplicates in Google Sheets
  • How to check if your Android device supports Widevine DRM
  • 8 Best Sites to Read Manga Online for Free
  • 3 Ways to Hide Tabs in Google Chrome
  • Exclamation Mark on Network Signal, Mobile Data Not Working? 8 Ways to Fix
  • How to find a lost Apple Pencil using your iPad (1st and 2nd gen)
  • How to Track a Stolen or Lost Nintendo Switch
  • How to Fix YouTube Server Connection Error [400] on Android
  • What is Android System Intelligence, and why is it on your phone?
  • How to Change the Last Modified Date, Creation Date, and Last Accessed Date for Files and Folders
  • How To Search On Google Using Image or Video
  • Microsoft Edge's newest feature? Shopping in Microsoft Edge

Footer

Tags

Amazon android Apple Asus available download: edge feature features first free from galaxy Game games gaming gets google install Intel iPhone launches linux Microsoft more OnePlus phone release released review: samsung series support this Ubuntu update using video watch what will windows with xbox your

Archives

  • September 2023
  • August 2023
  • July 2023
  • June 2023
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • August 2020
  • July 2020

Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org