server_name example.com www.example.com;<\/em><\/pre>\n\n\n\n\u2026<\/p>\n\n\n\n
If it does, good.<\/p>\n\n\n\n
If it doesn\u2019t, you are going to have to tell Nginx where to look. To do so, update the line to point it to the right domain. Then save and close the document. This should be all you have to do, but it is worth checking at this point that everything is well. You can check that your edits make sense to Nginx by running it from the command line:<\/p>\n\n\n\n
$ sudo nginx -t<\/em><\/pre>\n\n\n\nIf you get an error, something went wrong. The most likely source is a typo in your own edits, so go back and check the file for those. Once you\u2019ve got this command running with no errors, you can move on.<\/p>\n\n\n\n
The next step is to re-start Nginx so it will use the correct server block. To do this, you will need to make a system call, but don\u2019t worry. Run this command:<\/p>\n\n\n\n
$ sudo systemctl reload nginx<\/em><\/pre>\n\n\n\nAt this point, Nginx should report that it found the correct server block.<\/p>\n\n\n\n
So far so good.<\/p>\n\n\n\n
Step 3: Allow HTTPS Traffic Through your Firewall. …<\/h2>\n\n\n\n$ sudo ufw status<\/em><\/pre>\n\n\n\nThe output should look something like this:<\/p>\n\n\n\nAs you can see, at the moment only HTTP traffic is allowed through your server, so you need to tell ufw to allow HTTPS through. Nginx already comes with a profile that will allow this, so all you need to do is enable it:<\/p>\n\n\n\n
$ sudo ufw allow 'Nginx Full'<\/em><\/pre>\n\n\n\nThen disable the obsolete Nginx HTTP profile by deleting it:<\/p>\n\n\n\n
$ sudo ufw delete allow 'Nginx HTTP'<\/em><\/pre>\n\n\n\nTo check that these commands worked, you can verify the configuration settings for ufw in the same way as before. Run the same status command:<\/p>\n\n\n\n
$ sudo ufw status<\/em><\/pre>\n\n\n\nAnd you should see that the output has changed, so now HTTPs is permitted:<\/p>\n\n\n\n
Status: active\nTo Action From\n-- ------ ----\nOpenSSH ALLOW Anywhere\nNginx Full ALLOW Anywhere\nOpenSSH (v6) ALLOW Anywhere (v6)\nNginx Full (v6) ALLOW Anywhere (v6)<\/pre>\n\n\n\nSo you should now have Nginx installed, with a ufw set up that will allow HTTPs traffic through.<\/p>\n\n\n\n
Step 4: Get an SSL Certificate. …<\/h2>\n\n\n\n$ sudo certbot --nginx -d example.com -d www.example.com<\/em><\/pre>\n\n\n\nStep 5: Verifying Auto-Renewal for\u00a0Certbot<\/strong>. …<\/h2>\n\n\n\n$ sudo certbot renew --dry-run<\/em><\/pre>\n\n\n\nNext Steps and Extra Security<\/h2>\n\n\n\n <\/p>\n","protected":false},"excerpt":{"rendered":"
I know you’re in a hurry. Sysadmin’s time is so precious because we have to deal with the next incident or the next request or the next to-do. So let’s get into it…. How to …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14,7],"tags":[403,404],"class_list":["post-555","post","type-post","status-publish","format-standard","hentry","category-installation","category-operating-system","tag-linux","tag-nginx"],"_links":{"self":[{"href":"https:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/posts\/555","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/comments?post=555"}],"version-history":[{"count":1,"href":"https:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/posts\/555\/revisions"}],"predecessor-version":[{"id":557,"href":"https:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/posts\/555\/revisions\/557"}],"wp:attachment":[{"href":"https:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/media?parent=555"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/categories?post=555"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.sysadmindayph.com\/blog\/wp-json\/wp\/v2\/tags?post=555"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"Ubuntu](\"https:\/\/static.haydenjames.io\/wp-content\/uploads\/2019\/09\/ubuntu_firewall_ufw.png\" "\\"Ubuntu")
<\/figure>\n\n\n\n