Introduction
Nginx is a high-performance open-source web server that powers a huge number of high-load sites around the world. Nginx has gained widespread popularity due to its light weight, reliability, scalability, and ease of setup.
Today, we will install Nginx together with Let's Encrypt on Rocky Linux 9.
Installation Guide
1. Update the system
First, update your system:
dnf update -y
2. Install Nginx
Run this command to install Nginx:
dnf install nginx -y
3. Start Nginx
Once Nginx is installed, run this command to start Nginx:
systemctl start nginx
To automatically start Nginx on every boot, run the following command:
systemctl enable nginx
4. Allow HTTP and HTTPS
Now you need to allow HTTP and HTTPS in your firewall. You can do this in IPtables or a firewall.
IPtables:
If you use IPtables, run these commands:
iptables -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -p tcp --dport 443 -j ACCEPT
Save changes:
iptables-save | tee /etc/sysconfig/iptables
Restart iptables to apply the changes:
systemctl restart iptables
Firewalld:
If you are using firewalld, run these commands to allow HTTP and HTTPS:
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
5. Create a test HTML page
Create a folder for your domain (type your actual domain instead of your_domain):
mkdir -p /var/www/your_domain/html
Assign ownership of the directory:
chown -R $USER:$USER /var/www/your_domain/html
Create a simple HTML page to test the Nginx setup:
vi /var/www/your_domain/html/index.html
Paste this text:
Then restart Nginx to apply the changes:
systemctl restart nginx
6. Modify Nginx Server Block
Open the Nginx configuration file for your domain (type your actual domain instead of yourdomain.ltd):
vi /etc/nginx/conf.d/yourdomain.ltd.conf
Paste this content and change yourdomain.ltd to your actual domain:
Save the file and exit (press "Esc", then type :wq and click "Enter").
Restart nginx for changes to take effect:
systemctl restart nginx
7. Install Let's Encrypt certificate
Run this command to install Certbot:
dnf install certbot python3-certbot-nginx -y
After that, you can obtain a certificate for your domain (type your actual domain instead of your_domain):
certbot --nginx -d your_domain -d www.your_domain
You will need to select the domain you want to secure and enter your email address to receive notifications from Let's Encrypt. You will also need to agree to the Terms of Service (mandatory) and agree or disagree to share your email address with Electronic Frontier Foundation (optional).
After this, you can open your web browser, go to the created test page, and see if it opens with a valid SSL certificate (via HTTPS). Click on the padlock icon in the address bar to see information about the certificate.
8. Manual and automatic SSL renewal
Let's Encrypt certificates are valid for 90 days. You can renew them manually or automatically.
To renew manually, run this command:
certbot renew
If the certificate is less than 30 days away from expiration, this command will renew it.
If you want to specify auto-renewal, you can create cronjob to run the above command twice a day automatically:
crontab -e
Add this line to the crontab:
You're all set. When necessary, certbot will renew your certificates and reload Apache to pick up the changes.