Configuring Nginx, SSL, and Auto-Renewal on Ubuntu

There’s no shortage of guides available online for setting up Nginx on Ubuntu, configuring SSL, and ensuring your certificates renew automatically. However, for the sake of clarity and sharing within my team, I’ve decided to compile this straightforward guide to walk you through the process step by step.

Part 1: Getting Nginx Up and Running

First things first, let’s install Nginx:

1. Update Your System: Ensure your package lists are up to date.

sudo apt update

2. Install Nginx: Now, install the Nginx package.

sudo apt install nginx

3. Adjust the Firewall: Allow Nginx through your firewall.

sudo ufw allow 'Nginx Full'

Part 2: Setting Up a Reverse Proxy

Next, configure Nginx to act as a reverse proxy to port 8080:

1. Edit Nginx Configuration: Open the default configuration file.

sudo nano /etc/nginx/sites-available/default

2. Insert Configuration: Replace the file’s contents with the following, making sure to change “your_domain” to your actual domain or IP address.

    server {
        listen 80;
        server_name your_domain;

        location / {
            proxy_set_header   X-Forwarded-For $remote_addr;
            proxy_set_header   Host $http_host;
            proxy_pass         "http://127.0.0.1:8080";
        }
    }

3. Test and Reload: Verify your configuration and reload Nginx.

sudo nginx -t
sudo systemctl reload nginx

Part 3: Installing Certbot and Configuring SSL

Now, let’s secure our server with SSL:

1. Install Certbot: Get Certbot and the Nginx plugin.

sudo apt install certbot python3-certbot-nginx

2. Obtain SSL Certificate: Run Certbot and follow the prompts to configure SSL.

sudo certbot - nginx

Part 4: Ensuring Auto-Renewal of SSL Certificates

Finally, make sure your SSL certificate stays valid:

1. Test the Renewal Process: Use the dry run option to check for potential issues.

sudo certbot renew - dry-run

If the dry run completes without any problems, Certbot is all set to automatically renew your SSL certificate when it’s close to expiration.

That’s it! You’ve now got a secure, SSL-enabled Nginx server running on Ubuntu, with automatic SSL renewals to keep things running smoothly. Enjoy your secure web hosting experience!