I host this blog on my own server. The server is running Ubuntu 18.04 and NGINX. To increase the security and trust towards my blog, I will be using a free Let’s Encrypt SSL certificate.

Table of contents

Create a site for NGINX

Installing NGINX under Ubuntu is done via APT:

$ sudo apt update
$ sudo apt install nginx

After installing NGINX, the configuration will be available under /etc/nginx. For now, two folders inside /etc/nginx are interesting:

  1. sites-available which contains the configuration of every site / server
  2. sites-enabled which contains symlinks to running sites / servers

A good practice is to create site configurations and store them in sites-available and then symlink them in sites-enabled, so that a single site can be deactivated by simply deleting the symlink.

Of course it is possible to just store the configurations right in sites-enabled, but then the certbot (see later) would not work.

The nginx site for a static site like this one is pretty straight forward:

server {
    listen 80;

    # /var/www/html is the default docroot. On my server, for every
    # domain, I create an additional folder inside the default docroot.
    root /var/www/html/daccurso.net;

    # Since this is a static site consisting of .html files, only
    # index.html is needed as index. If other things are used, like PHP
    # scipts, index.php would need to be added to this line as well.
    index index.html;

    # The server_name is the domain name. In this case, daccurso.net. If
    # the domain must also work with www, an additional value is required.
    server_name daccurso.net www.daccurso.net;

    # This is a standard and could be changed to a nice, good-looking
    # 404 Page. 
    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }
}

I saved the file as /etc/nginx/sites-available/daccurso. Therefore, to enable the site, a symlink in /etc/nginx/sites-enabled is required.

$ sudo ln -s /etc/nginx/sites-available/daccurso \
/etc/nginx/sites-enabled/daccurso

NGINX is a very powerful tool and a lot of further explanation about the server configuration can be found inside the Beginner’s Guide.

Set-up Let’s Encrypt

Under Ubuntu, both a PPA and a package to handle Let’s Encrypt certificates with NGINX are available.

$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx

The now installed certbot can be used with the NGINX plugin --nginx to take care about the configuration automatically.

$ sudo certbot --nginx -d daccurso.net -d www.daccurso.net

If this is the first execution of certbot, an email address will be required.

The certificate is only valid for 90 days. But, a systemd timer should have been set up by certbot automatically, to renew the certificate when required. On distributions without systemd, a cronjob should be set-up automatically.

The timer should be found under:

/etc/systemd/system/timers.target.wants/certbot.timer