Sample:
work_directory : home/user/website
domain_name : website.com
Steps:
Create a project in work_directory, for this case there will be a html called index.html.
then cd to the root directory and enter the command below LINE BY LINE
#check update
dnf update -y
#add nginx repo
sudo dnf install -y epel-release
sudo dnf install -y https://nginx.org/packages/mainline/oracle/nginx-release-el8-0.el8.ngx.noarch.rpm
#install nginx
sudo dnf install -y nginx
#configure firewall (if enable on server admin panel, so dont have to do this)
sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --reload
#configure the file permission
sudo chown -R nginx:user /home/user/website
sudo chmod -R 755 /home/user/website
#adjust SELinux Policies
sudo chcon -R --type=httpd_sys_content_t /home/user/website
#install the newest oracle epel release 8
sudo dnf install -y oracle-epel-release-el8
#install snapd
sudo dnf install -y snapd
sudo systemctl enable --now snapd.socket
sudo systemctl start snapd
sudo ln -s /var/lib/snapd/snap /snap
#install and refresh core
sudo snap install core
sudo snap refresh core
#check snapd status
sudo systemctl status snapd
#install certbot
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
#generate ssl
sudo /usr/bin/certbot certonly --webroot -w /home/user/website --email your-email@example.com -d website.com -d www.website.com
cd to /etc/nginx/conf.d and create a new nginx config file, better use the domain name+.conf. For this case, website.com.conf.sudo to write the file with the content below, my preference will be vim, sudo vi website.com.conf: server {
listen 80;
server_name website.com www.website.com;
access_log /var/log/nginx/website.com_access.log main;
error_log /var/log/nginx/website.com_error.log;
root /home/user/website;
index index.html;
location / {
try_files $uri $uri/ =404;
}
# Redirect all HTTP requests to HTTPS
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name website.com www.website.com;
access_log /var/log/nginx/website.com_access.log main;
error_log /var/log/nginx/website.com_error.log;
root /home/user/website;
index index.html;
ssl_certificate /etc/letsencrypt/live/website.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/website.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
location / {
try_files $uri $uri/ =404;
}
}
sudo systemctl restart nginx, sudo systemctl status nginx, the status should be active.Everything will be the same just the NGINX config file will be slightly different.
For example we have hosted the a docker app with localhost and port 1773, then our nginx config file will be:
server {
listen 80;
server_name website.com www.website.com;
access_log /var/log/nginx/website.com_access.log main;
error_log /var/log/nginx/website.com_error.log;
root /home/user/website;
index index.html;
location / {
try_files $uri $uri/ =404;
}
# Redirect all HTTP requests to HTTPS
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name website.com www.website.com;
access_log /var/log/nginx/website.com_access.log main;
error_log /var/log/nginx/website.com_error.log;
root /home/user/website;
index index.html;
ssl_certificate /etc/letsencrypt/live/website.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/website.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
location / {
proxy_pass http://localhost:1773;
}
}
just the location for 443 port will have proxy_pass variable.