{"id":11,"date":"2023-08-19T11:06:53","date_gmt":"2023-08-19T11:06:53","guid":{"rendered":"https:\/\/www.dbaldwin.net\/?p=11"},"modified":"2023-08-21T21:31:00","modified_gmt":"2023-08-21T21:31:00","slug":"setting-up-an-nginx-webserver-on-alma-linux-9-step-by-step","status":"publish","type":"post","link":"https:\/\/www.dbaldwin.net\/?p=11","title":{"rendered":"Setting up an Nginx Webserver on Alma Linux 9 – Step by Step"},"content":{"rendered":"\n

Note: Although this was wrote for Alma Linux, its highly likely most, if not all, of the commands will work for most of the other Red-Hat based family of Linux distros.<\/strong><\/em><\/p>\n\n\n\n

I have written this guide step by step and dealing with one section at a time and as a result it is more long-winded than it needs to be. This could be condensed down into less commands by combining the different parts and doing them together such as the packages installs. However I have left it in a longer form to make it clear what the different steps that are involved are for people who are learning.<\/p>\n\n\n\n

Install Nginx<\/h3>\n\n\n\n

Don’t forget to update the server<\/p>\n\n\n\n

sudo dnf update -y<\/code><\/pre>\n\n\n\n
The first step is to to pull down and install the Nginx web server. <\/p>\n\n\n\n
sudo dnf install nginx -y<\/code><\/pre>\n\n\n\n
Once Nginx has come down and been installed onto the machine you need to start & enable it to load on reboot:<\/p>\n\n\n\n
sudo systemctl enable nginx\nsudo systemctl start nginx<\/code><\/pre>\n\n\n\n
Open up firewall ports<\/h3>\n\n\n\n
Whether you are hosting yourself or running a VM in the cloud there are likely two different firewalls you need to approve the HTTP & HTTPS traffic through. The machine itself as well as the network firewall.<\/p>\n\n\n\n
On your network firewall you need to allow TCP traffic through on ports 80 (HTTP) & 443 (HTTPS). You also need to allow traffic through your device firewall. To do this you need to add the following rules to firewalld your Alma Linux install.<\/p>\n\n\n\n
sudo firewall-cmd --zone=public --add-service=http --permanent\n\nsudo firewall-cmd --zone=public --add-service=https --permanent\n\n sudo firewall-cmd --reload\n<\/code><\/pre>\n\n\n\n
Once you have done this you should find that you can load the default Nginx page in your web browser by going to the computer’s public IP address. Note that it isn’t secure as you have not yet enabled SSL\/TLS<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Set your domain address to point to our server.<\/h3>\n\n\n\n
We need to set our domain address to have an A record to point to our server. It can take some time for the change to propagate around all the DNS servers across the internet. You may wish to also add a C Name for www. and point it to your A record.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
On your personal computer you can use the dig or nslookup command to check if your DNS server records have changed and now points to your server’s IP address.<\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
Once your DNS server has updated you should be able to load the Nginx test page via your domain name in your web browser.<\/p>\n\n\n\n
Configuring Nginx to use our domain name<\/h3>\n\n\n\n
We need to edit some Nginx configuration files to enter in our domain name. I found my minimal version of Alma Linux does not have Nano installed so I had to use vi(m) for my text editing. <\/p>\n\n\n\n
sudo vi \/etc\/nginx\/nginx.conf<\/code><\/pre>\n\n\n\n
If you are unfamiliar with vi\/vim  you need to learn a few key commands. Once it is open use the i key to enter edit mode. Once you are done with your edits and want to save press esc then type :wq (write and quit). If you have made a mistake and don’t <\/strong>want to save your changes type :q!<\/em><\/p>\n\n\n\n
\"\"<\/figure>\n\n\n\n
You can choose to change your website root here as well, however be aware that doing so you may experience permission issues with SElinux that you would need to resolve.<\/p>\n\n\n\n
Setting UP HTTPS using Letsencrypt & Certbot<\/h3>\n\n\n\n
Probably the easiest way to get a TLS\/SSL certificate is to use certbot, however we need to add the Extra Packages for Enterprise Linux Repository. Thankfully this is simple by using one command.<\/p>\n\n\n\n
sudo dnf install epel-release -y<\/code><\/pre>\n\n\n\n
Now we can install Certbot and the required Nginx plugin<\/p>\n\n\n\n
sudo dnf install certbot python3-certbot-nginx -y<\/code><\/pre>\n\n\n\n
Now that certbot has installed we can setup TLS encryption for our server:<\/p>\n\n\n\n
sudo certbot --nginx<\/code><\/pre>\n\n\n\n
It will as you for an email address for urgent renewal notifications, feel free to enter an address you check regularly, then you will have to agree to the T&C’s and choose if you wish to join their mailing list. Finally you should be presented with your domain name to request a certificate for. you can just press enter here, or select the number.<\/p>\n\n\n\n
You should get a message congratulating you for enabling HTTPS on your site, now you need to restart your Nginx server to allow it to start using your new certificate:<\/p>\n\n\n\n
sudo systemctl restart nginx<\/code><\/pre>\n\n\n\n
Optionally we can set Letsencrypt to auto renew the TLS certificates so that we don’t have to do this manually.<\/p>\n\n\n\n
sudo systemctl start certbot-renew.timer && sudo systemctl enable certbot-renew.timer<\/code><\/pre>\n\n\n\n
That’s it! Congratulations your Nginx web server should be setup and working and you should now be ready to host your site.<\/p>\n","protected":false},"excerpt":{"rendered":"
Note: Although this was wrote for Alma Linux, its highly likely most, if not all, of the commands will work for most of the other Red-Hat based family of Linux distros. I have written this guide step by step and dealing with one section at a time and as a result it is more long-winded … Read more<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[4,6,3,5],"_links":{"self":[{"href":"https:\/\/www.dbaldwin.net\/index.php?rest_route=\/wp\/v2\/posts\/11"}],"collection":[{"href":"https:\/\/www.dbaldwin.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dbaldwin.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dbaldwin.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dbaldwin.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11"}],"version-history":[{"count":11,"href":"https:\/\/www.dbaldwin.net\/index.php?rest_route=\/wp\/v2\/posts\/11\/revisions"}],"predecessor-version":[{"id":35,"href":"https:\/\/www.dbaldwin.net\/index.php?rest_route=\/wp\/v2\/posts\/11\/revisions\/35"}],"wp:attachment":[{"href":"https:\/\/www.dbaldwin.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dbaldwin.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dbaldwin.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}