OVERVIEW
Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache. It is easy to configure in order to serve static web content or to act as a proxy server.
Nginx is built to offer low memory usage and high concurrency. Rather than creating new processes for each web request, Nginx uses an asynchronous, event-driven approach where requests are handled in a single thread. In this one master process can control multiple worker processes. The master maintains the worker processes, while the workers do the actual processing. Because Nginx is asynchronous, each request can be executed by the worker concurrently without blocking other requests.
Features:
Reverse proxy with caching
IPv6
Load balancing
Fast CGI support with caching
Web Sockets
Handling of static files, index files, and auto-indexing
TLS/SSL with SNI
GOALS
One-click launch
Easy configurable AMI with pre-installed Nginx Server with SSL
INSTALLATION VIA AWS MARKETPLACE
Kindly click on the below link to install the server via AWS Marketplace:
Pending...
GET STARTED
To verify the installation, follow the below instructions
Open browser
In the address bar of the browser, type http://<your-ip-address>
You will see the Nginx default page (see screenshot below)
Step 1. Connect to SSH
In a terminal window, use the ssh command to connect to the instance. You specify the user name for your instance, and the public DNS name or IPv6 address for your instance, the path and file name of the private key (.pem).
ssh rocky@publicIP -i [Path of key pair file]
If it shows access denied message run the following command , then run the above command again to connect via ssh.
chmod 400 [Path of key pair file]
Step 2. Activate SSL Encryption
Follow the steps to activate SSL Encryption on the system
1. Open the configuration file for your domain using nano or your favorite text editor. example.com is domain just for the reference. You need to input your Domain name instead of example.com
sudo nano /etc/nginx/sites-available/example.com
2. Find the existing server_name line. It should look like this:
...
server_name example.com www.example.com;
...
3. Now run below commands
sudo nginx -t
sudo systemctl reload nginx
4. Now run the below command with your domain name.
sudo certbot --nginx -d example.com -d www.example.com
5. At the prompt Enter email address (used for urgent renewal and security notices),
and press Enter.
6. Agree to the Let's Encrypt Terms of Service at the prompt. Enter "A"
--------------------------------------------------------------------------
Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory
--------------------------------------------------------------------------(A)gree/(C)ancel: A
7. If that’s successful, certbot will ask how you’d like to configure your HTTPS settings.
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):
8. Select your choice then hit ENTER. The configuration will be updated, and Nginx will reload to pick up the new settings. certbot will wrap up with a message telling you the process was successful and where your certificates are stored:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com/privkey.pem
Your cert will expire on 2020-08-18. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Your certificates are downloaded, installed, and loaded. Try reloading your website using https:// and notice your browser’s security indicator. It should indicate that the site is properly secured, usually with a lock icon
Comments