How to Set Up Secure and Scalable Linux Web Servers with Nginx and Let’s Encrypt

by

Learn how to set up secure and scalable Linux web servers using Nginx and Let’s Encrypt. A step-by-step guide for Oracle Linux and Ubuntu, complete with SSL setup and optimization tips.

In the ever-evolving world of Linux server administration, ensuring your web servers are both secure and scalable is more important than ever. A secure server protects sensitive user data, while scalability ensures your infrastructure can handle increasing traffic loads. For administrators managing Oracle Linux or Ubuntu servers, mastering the setup of Nginx with Let’s Encrypt is a vital skill.
This comprehensive guide will walk you through a step-by-step process to deploy a secure and scalable web server using Nginx, an industry-leading web server and reverse proxy, along with Let’s Encrypt, a trusted authority for free SSL/TLS certificates. Whether you’re a junior system administrator taking your first steps or a seasoned professional looking to streamline your server deployments, this guide covers everything from installation to advanced configurations.

Linux Web Servers with Nginx and Let's Encrypt

By the end of this article, you’ll understand how to:

  • Install and configure Nginx on Oracle Linux and Ubuntu.
  • Secure your server with Let’s Encrypt SSL certificates.
  • Automate SSL certificate renewals.
  • Optimize Nginx for performance and scalability.

Let’s dive in to make Linux server management a seamless experience.

Why Choose Nginx and Let’s Encrypt?

  • Nginx: Known for its high performance and scalability, Nginx excels as a web server and reverse proxy.
  • Let’s Encrypt: A free and automated certificate authority that provides SSL/TLS certificates to secure your website traffic.

By combining these tools, you can ensure that your web servers are optimized for performance and protected with HTTPS.

See also  How to Configure SSL Certificate in Apache Web Server

Prerequisites

  1. A Linux server running Oracle Linux (7, 8, 9) or Ubuntu.
  2. Root or sudo user access.
  3. A registered domain name pointing to your server’s IP address.
  4. Basic knowledge of the command line.

Step 1: Install Nginx

On Oracle Linux (7, 8, 9):

  1. Update the system packages: 
    sudo yum update -y   # For Oracle Linux 7
sudo dnf update -y   # For Oracle Linux 8 and 9
  2. Install Nginx: 
    sudo yum install nginx -y   # Oracle Linux 7
sudo dnf install nginx -y   # Oracle Linux 8 and 9
  3. Start and enable Nginx: 
    sudo systemctl start nginx
sudo systemctl enable nginx

On Ubuntu Server:

  1. Update the system packages: 
    sudo apt update && sudo apt upgrade -y
  2. Install Nginx: 
    sudo apt install nginx -y
  3. Start and enable Nginx: 
    sudo systemctl start nginx
sudo systemctl enable nginx

Step 2: Configure the Firewall

Allow HTTP and HTTPS traffic through the firewall.

On Oracle Linux (using firewalld):

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

On Ubuntu (using ufw):

sudo ufw allow 'Nginx Full'

Step 3: Install Certbot for Let’s Encrypt

On Oracle Linux (7, 8, 9):

  1. Enable the EPEL repository: 
    sudo yum install epel-release -y   # Oracle Linux 7
sudo dnf install epel-release -y   # Oracle Linux 8 and 9
  2. Install Certbot: 
    sudo yum install certbot python3-certbot-nginx -y   # Oracle Linux 7
sudo dnf install certbot python3-certbot-nginx -y   # Oracle Linux 8 and 9

On Ubuntu Server:

  1. Install Certbot: 
    sudo apt install certbot python3-certbot-nginx -y

Step 4: Obtain and Install SSL Certificates

  1. Run Certbot to configure SSL for Nginx: 
    sudo certbot --nginx
  2. Follow the prompts:
    • Enter your email address.
    • Agree to the terms of service.
    • Choose the domain(s) for which you want to enable HTTPS.
  3. Verify the SSL installation: Once completed, Certbot automatically configures Nginx to use the new certificates. Visit your domain in a browser to confirm HTTPS is working.
See also  How to Install Nginx with PHP-FPM on CentOS 7

Step 5: Set Up Automatic Certificate Renewal

  1. Test the renewal process: 
    sudo certbot renew --dry-run
  2. Ensure the renewal service is running: 
    sudo systemctl status certbot.timer

Step 6: Configure Nginx as a Reverse Proxy (Optional)

  1. Create a new Nginx server block: 
    sudo nano /etc/nginx/conf.d/reverse-proxy.conf
  2. Add the following configuration: 
    server {
    listen 80;
    server_name yourdomain.com;

    location / {
        proxy_pass http://backend_server_ip:backend_port;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}
  3. Test and reload Nginx: 
    sudo nginx -t
sudo systemctl reload nginx

Step 7: Optimize Nginx for Scalability

  1. Increase worker processes: Edit the /etc/nginx/nginx.conf file and set worker_processes to the number of CPU cores.
  2. Enable caching: Use proxy_cache or fastcgi_cache for better performance.
  3. Use load balancing: Add multiple proxy_pass directives in the reverse proxy configuration.

Conclusion

Setting up a secure and scalable web server is no longer a daunting task, thanks to tools like Nginx and Let’s Encrypt. By following this guide, you’ve equipped yourself with the knowledge to deploy a high-performance, HTTPS-enabled web server on Oracle Linux or Ubuntu. Not only does this setup protect user data with robust encryption, but it also ensures that your server can handle increasing demands effectively.

As a system administrator, mastering these configurations empowers you to build and maintain reliable web infrastructures. Take it a step further by experimenting with advanced Nginx features like load balancing and caching to enhance scalability. Stay ahead in your Linux administration journey and create web servers that are secure, scalable, and future-proof!

Recommended Reading

Leave a Comment