TL;DR Version
To install Nginx and Certbot on Ubuntu/Debian systems, you first need to make sure that your FQDN has an A record pointing at your server's public IP, and then simply run:
$ sudo apt install nginx; $ sudo snap install core; sudo snap refresh core $ sudo snap install --classic certbot
To issue a free SSL/TLS certificate from Let's Encrypt, and automatically modify Nginx to use those certificates, run the below command:
$ sudo certbot --nginx
That's it! Nginx is now serving it's default website, at /etc/nginx/sites-enabled/default as an HTTPS website.
A More Detailed Explanation
One of the most basic tasks you will perform while setting up your next website, app or API server is to ensure that the traffic is encrypted between the client and the server, and that the identity of the original server is verifiable. TLS enables us to do that. Continuing our series on Nginx Basics, we will see how to procure a TLS (also known as SSL) certificate and make Nginx use it to encrypt and secure all web traffic.
Prerequisites
In order to follow along, you need the following:
- A very basic understanding of Nginx configuration, as discussed here.
- A very basic understanding ofhow TLS works, as discussed here.
- A VPS with a public IP, running Ubuntu 20.04 LTS. If you don't already have one, head over to SSDNodes and treat yourself to some delicious compute :)
- A registered domain name, like www.example.com where you want to host your project.
Initial Setup
1. Setting Up DNS Record
The first thing you need to do, is to point visit the DNS management service that you are using. This could be the very place that you bought your domain name from, like Hover, Namecheap, Gandi or GoDaddy. Or it could be the third party DNS service provider like Cloudflare. At your name server control panel, create an A record for your domain pointing to the Public IP address of your VPS.
For example, if you own example.com and want to run a website called test.example.com, then create an A record for test.example.com pointing at your IP address which itself would look something like 127.74.45.11 Here, example.com is known as your Domain Name and, test.example.com is known as your Fully Qualified Domain Name or FQDN
To find your IP, simply use the command:
$ ip addr
Output:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlenby subscribing to our newsletter.
A note about tutorials: We encourage our users to try out tutorials, but they aren't fully supported by our team—we can't always provide support when things go wrong. Be sure to check which OS and version it was tested with before you proceed.
If you want a fully managed experience, with dedicated support for any application you might want to run, contact us for more information.
