« Previous 1 2 3
Set up subdomains with Apache and Nginx
Sublet
Configuring Nginx
The configuration for the web servers available and enabled on the system is located in the directories shown in Listing 7. Now you can create a minimal basic configuration for www.example1.de
in the /etc/nginx/sites-available/www.example1.de
file (Listing 8), and do the same for www.example2.de
.
Listing 7
Configuration Directories
# tree /etc/nginx/sites-* /etc/nginx/sites-available --- default /etc/nginx/sites-enabled --- default -> /etc/nginx/sites-available/default
Listing 8
Minimal Configuration
server { listen 80; server_name www.example1.de; root /var/www/www.example1.de; index index.html; }
Again, you need to fire up both configurations by first manually linking the configuration files:
# ln -s /etc/nginx/sites-available/www.example1 .de/etc/nginx/sites-enabled/
Then, tell Nginx to parse the new configuration, making the virtual hosts available:
# systemctl reload nginx
Again, test the new configuration manually over Telnet as before. To disable a virtual host, just use rm
to delete the matching link and reparse the configuration. In terms of the number of FQDNs per configuration file, the same applies as for Apache.
Redirects in Nginx
As a simple example of the use of virtual hosts for the same FQDN, you will again be redirecting all http://example1.de
to http://www.example1.de
(Listing 9). After reloading the configuration, it's time for another test with curl -I
.
Listing 9
sites-available/www.example1.de
server { listen 80; server_name example1.de; return 301 http://www.example1.de$request_uri; } server { listen 80; server_name www.example1.de; root /var/www/www.example1.de; index index.html; }
SSL with Let's Encrypt
Let's Encrypt [2] is the easiest way to get SSL working on your web server. Fortunately, the approach is identical for Apache and Nginx, except for one small parameter in the script call.
The installation of Let's Encrypt relies on the Snap package manager, which can be installed with:
# apt-get -y install snapd [... New registration ...]
At this point you have to log off and log back on again to make sure that all paths are set correctly; then, set up Let's Encrypt with the commands:
# snap install core # snap install --classic certbot # ln -s /snap/bin/certbot /usr/bin/certbot
The next command is a call to Certbot with either --apache
or --nginx
as parameters. For Apache, that would be:
# certbot --apache
At this point, Certbot asks for a valid email address and then for the FQDN to be activated. The Certbot script automatically configures the FQDN selected in this process and adjusts the Apache or Nginx configuration accordingly.
The charming thing about this process is that the system now takes care of updating the certificates without any further intervention. The new web server can now only be reached at https://www.example1.de , and it automatically redirects requests to http://www.example1.de to HTTPS with a 301.
Infos
- Web server market shares: https://news.netcraft.com/archives/2021/01/28/january-2021-web-server-survey.html
- Let's Encrypt: https://letsencrypt.org
« Previous 1 2 3
Buy this article as PDF
(incl. VAT)