top of page
Logo-Transparent.png
partner-logo.png

Nginx with SSL Packaged by IOanyT Innovations - RockyLinux 8


OVERVIEW


Nginx is a web server that can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache. It is easy to configure in order to serve static web content or to act as a proxy server.

Nginx is built to offer low memory usage and high concurrency. Rather than creating new processes for each web request, Nginx uses an asynchronous, event-driven approach where requests are handled in a single thread. In this one master process can control multiple worker processes. The master maintains the worker processes, while the workers do the actual processing. Because Nginx is asynchronous, each request can be executed by the worker concurrently without blocking other requests.




Features:

  • Reverse proxy with caching

  • IPv6

  • Load balancing

  • Fast CGI support with caching

  • Web Sockets

  • Handling of static files, index files, and auto-indexing

  • TLS/SSL with SNI


GOALS

  1. One-click launch

  2. Easy configurable AMI with pre-installed Nginx Server with SSL

INSTALLATION VIA AWS MARKETPLACE


Kindly click on the below link to install the server via AWS Marketplace:


Pending...


GET STARTED


To verify the installation, follow the below instructions

  1. Open browser

  2. In the address bar of the browser, type http://<your-ip-address>

  3. You will see the Nginx default page (see screenshot below)



Step 1. Connect to SSH


In a terminal window, use the ssh command to connect to the instance. You specify the user name for your instance, and the public DNS name or IPv6 address for your instance, the path and file name of the private key (.pem).


ssh rocky@publicIP -i [Path of key pair file]

If it shows access denied message run the following command , then run the above command again to connect via ssh.

chmod 400 [Path of key pair file]

Step 2. Activate SSL Encryption

Follow the steps to activate SSL Encryption on the system

1. Open the configuration file for your domain using nano or your favorite text editor. example.com is domain just for the reference. You need to input your Domain name instead of example.com

sudo nano /etc/nginx/sites-available/example.com

2. Find the existing server_name line. It should look like this:

...
server_name example.com www.example.com;
...

3. Now run below commands

sudo nginx -t
sudo systemctl reload nginx

4. Now run the below command with your domain name.

sudo certbot --nginx -d example.com -d www.example.com

5. At the prompt Enter email address (used for urgent renewal and security notices),

and press Enter.


6. Agree to the Let's Encrypt Terms of Service at the prompt. Enter "A"


--------------------------------------------------------------------------
 Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory
--------------------------------------------------------------------------(A)gree/(C)ancel: A

7. If that’s successful, certbot will ask how you’d like to configure your HTTPS settings.

       
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

8. Select your choice then hit ENTER. The configuration will be updated, and Nginx will reload to pick up the new settings. certbot will wrap up with a message telling you the process was successful and where your certificates are stored:

     IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/example.com/privkey.pem
   Your cert will expire on 2020-08-18. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Your certificates are downloaded, installed, and loaded. Try reloading your website using https:// and notice your browser’s security indicator. It should indicate that the site is properly secured, usually with a lock icon

Comments


CONTACT

Let’s Work Together

IOanyT Innovations Pvt. Ltd.

Email: aws-marketplace-support@ioanyt.com

  • LinkedIn
  • Facebook

Thanks for submitting!

bottom of page