Category: Linux

how to install and configure nginx with Let’s Encrypt on Debian:

1. First, make sure you have a domain name registered and pointing to your server. This will be necessary for the Let’s Encrypt certificate to work properly.
2. Next, update your package repositories and install the nginx and certbot (the Let’s Encrypt client) packages:

sudo apt update
sudo apt install nginx certbot

3. Once the installation is complete, open the nginx configuration file (/etc/nginx/nginx.conf) and make sure that the server_names_hash_bucket_size directive is set to 64:

http {
    ...
    server_names_hash_bucket_size 64;
    ...
}

This will allow nginx to support long domain names, which are required for Let’s Encrypt certificates.

4. Create a new nginx server block configuration file for your domain in the /etc/nginx/sites-available directory. For example, if your domain is example.com, you would create a file called example.com:

sudo nano /etc/nginx/sites-available/example.com

Inside this file, you can add a basic configuration for your server block. For example:

server {
    listen 80;
    listen [::]:80;
    server_name example.com www.example.com;
    root /var/www/example.com;
}

This configuration tells nginx to listen for HTTP requests on port 80 for the example.com and www.example.com domains, and to serve content from the /var/www/example.com directory.

5. Next, create a symbolic link from the sites-available directory to the sites-enabled directory to enable the server block:

sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/

6. Now it’s time to get a Let’s Encrypt SSL certificate for your domain. To do this, run the certbot command with the --nginx flag, which will automatically configure nginx to use the certificate:

sudo certbot --nginx -d example.com -d www.example.com

This will start the certificate issuance process, which will involve verifying that you own the domain and setting up an SSL certificate for it. Follow the prompts to complete the process.

7. Once the certificate is issued, nginx will be automatically configured to use it. However, you may want to modify the nginx configuration to redirect all HTTP traffic to HTTPS. To do this, open the server block configuration file for your domain and add the following lines:

server {
    listen 80;
    listen [::]:80;
    server_name example.com www.example.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name example.com www.example.com;
    root /var/www/example.com;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
}

This configuration tells nginx to listen for HTTP traffic on port 80 and redirect it to HTTPS on port 443, and to listen for HTTPS traffic on port 443 and serve content from the /var/www/example.com directory.

8. Save the configuration file and test the nginx configuration to make sure there are no syntax errors:

sudo nginx -t

If the configuration is valid, you should see a message saying “syntax is ok” and “test is successful”.

9. If the configuration is valid, reload nginx to apply the changes:

sudo systemctl reload nginx

10. Your nginx server is now configured to use a Let’s Encrypt SSL certificate and redirect all HTTP traffic to HTTPS. To ensure that your certificate is automatically renewed before it expires, you can set up a cron job to run the certbot renew command on a regular basis. To do this, open the crontab editor:

sudo crontab -e

And add the following line to run the certbot renew command every week:

0 0 * * 0 certbot renew

This will ensure that your certificate is renewed automatically and your server stays secure.

That’s it! You have successfully installed and configured nginx with a Let’s Encrypt SSL certificate on Debian.

To set up an OpenSSH server on Ubuntu 22.04, you will need to perform the following steps:

1. Install the OpenSSH server package by running the following command:

sudo apt-get update
sudo apt-get install openssh-server

2. Once the installation is complete, the SSH service will start automatically. You can check the status of the service by running:

systemctl status ssh

3. If you want to start or stop the SSH service, you can use the following commands:

sudo systemctl start ssh
sudo systemctl stop ssh

4. By default, the OpenSSH server listens on port 22. If you want to change the default port, you can do so by editing the file /etc/ssh/sshd_config and changing the value of the Port directive.
5. Once you have made any necessary changes to the configuration file, you will need to restart the SSH service for the changes to take effect. You can do this by running the following command:

sudo systemctl restart ssh

6. You can now connect to the OpenSSH server from a remote machine using a client such as ssh. For example, to connect to the server as the user “username” using the default port (22), you would run the following command:

ssh username@server_ip_or_hostname

7. If you have changed the default port, you will need to specify the port number when connecting. For example, to connect to the server using port 2222, you would run the following command:

ssh -p 2222 username@server_ip_or_hostname

That’s it! You should now have a working OpenSSH server on your Ubuntu 22.04 machine.