Install Nginx, Setup Lets Encrypt SSL and Setup HTTP/2 on Ubuntu 15.10 Server

Monday, April 18th 2016. | how to

#howto ,#tutorial #VPS – Install Nginx, Setup Lets Encrypt SSL and Setup HTTP/2 on Ubuntu 15.10 Server – This tutorial explains step by step guide (with pics) about Install Nginx, Setup Lets Encrypt SSL and Setup HTTP/2 on Ubuntu 15.10 Server

Did you know that HTTP/2 technology has been introduced and has become the new standard of HTTP protocol? At a glance, the HTTP/2.0 is the new generation as well as replacement of HTTP/1.1. Considered new but not built from the ground up, the v2 of HTTP protocol is capable to delivering a skyrocketing performance but is still being compatible with its version-1’s HTTP methods, status codes and semantics. Fun fact: HTTP/1.1 was first introduced in 1997, so it is more than … years – you do the math – till the release of HTTP/2.0.

The main advantage of this new protocol is its high transfer speed especially for content-rich websites. The technology allows all request to be downloaded in parallel, whereas HTTP/1.1 in queue. Also, page transfers are now done through the wire as binary which is more efficient. Moreover, HTTP headers are now compressed and server can now “push” data even users do not made request. Therefore, users with high latency can have improved transfer speed. Head to Wikipedia for more info on this.

What about Nginx? Well, it is a very popular web server said having faster and lighter performance than Apache’s. Combining HTTP/2 and Nginx together will result an unbeatable speed in delivering web pages to visitors while keeping server’s load low.

Basically, HTTP/2 itself does not need SSL Certificate but two most popular web browsers, Google Chrome and Mozilla Firefox, only support HTTP/2 only for HTTPS connections due to security reasons.

In this tutorial, I show you how to install Nginx, to setup free SSL certificate from Let’s Encrypt, and finally make it serve HTTP/2.0 protocol on Ubuntu. As always, I’ll try to be brief and make the tutorial concise with instruction steps and screenshot pics.

Also read : How to install Let’s Encrypt SSL on Vestacp.

Prerequisites

  1. A SSH client like Bitvise or Putty and basic knowledge about how to use it.
  2. Basic knowledge about common Unix command to SSH to your server.
  3. A server or VPS with at least 256MB of RAM (OpenVZ) but 512MB is recommended if you are using KVM or Xen.
  4. About 30 minutes of your time.
  5. a cup of coffee or tea.

Confused on choosing which VPS provider to install VestaCP? Read my recommended VPS providers or top low end cloud server providers. Quick recommendation: Digital Ocean, Atlantic.net or Ramnode.

In this guide I am using a 512MB RAM Cloud VPS from Atlantic running Ubuntu 15.10 x64.

Do not forget to always replace domain.tld with your own domain name.

Provision a cloud server

Step 1 – Login to Atlantic.net > click on Servers > Add Server.

2016-04-17_210817

Step 2 – Give your server a name and choose in which location you want it to be hosted at. Currently, Atlantic.net has 6 different locations available: New York, Dallas, Orlando, San Fransisco, Toronto (CA), and London (UK).

Create A Server on Atlantic

Step 3 – Choose Ubuntu 15.10 as the operating system for your cloud vps.

Choose Ubuntu

Step 4 – Decide which plan you want (and you need).

Choose VPS Plan

Step 5 – Finally, click on the Create Server button.

2016-04-17_211935

Step 6 – The process should take less than 1 minute to complete.

building cloud server

Step 6 – Once done, the login details will be emailed to your inbox.

Check Email

Step 7 – Login to your server via Putty.

Login Putty

Step 8 – Type this command to change default Hostname. Use proper FQDN hostname format:

hostname host.domain.tld

## example :
hostname atlantic.servermom.org

Change Hotsname Ubuntu

Step 9 – Close Putty and re-login using new session and you should now see it has changed. It is also a good practice to change given root password with your own.

relogin putty

Install Nginx

Step 1 – Basically you can simply use apt-get to install Nginx but it is not the latest version. What we are going to do is installing newer stable version of Nginx. Now execute commands below :

wget -qO - http://nginx.org/keys/nginx_signing.key | sudo apt-key add -
echo -e "deb http://nginx.org/packages/mainline/ubuntu/ `lsb_release -cs` nginxndeb-src http://nginx.org/packages/mainline/ubuntu/ `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list

install nginx repo

Step 2 – Now do apt update.

apt-get update -y
apt-get upgrade -y

update ubuntu apt

Step 3 – Finally, let’s install Nginx.

apt-get install nginx -y

Install Nginx Latest

Once done, you can use nginx -v to check which version is installed.

nginx version

In my example, it is nginx v1.9.14. Open your web browser and access your server via IP address.

nginx default page

Setup Nginx Virtual Hosts File

Step 1 – Now nginx has been installed and it works perfectly. Now you can start adding a website to nginx configuration. However, you have to firstly define to which directory you will store all your website files. Create that directory :

mkdir -p /var/www/domain.tld/html

## Other variants:
mkdir -p /var/www/domain.tld/public_html
mkdir -p /var/www/domain.tld/htdocs
mkdir -p /var/www/html/domain.tld

## Example of mine
mkdir -p /var/www/servermom.xyz/html

Step 2 – Now make sure it has proper permission setup and proper ownership.

chmod 755 /var/www
chown -R $USER:$USER /var/www/domain.tld/html

# example
chown -R $USER:$USER /var/www/servermom.xyz/html

2016-04-17_220006

Step 3 – Next, you have to edit nginx .conf file and create Virtual Hosts configuration. You can use Nano editor.

nano /etc/nginx/conf.d/default.conf

Step 4 – Now edit few lines inside that file accordingly (see below) :

## before you edit
listen 80;
server_name localhost;

## replace that with this
listen 443 ssl http2;
server_name domain.tld www.domain.tld;

Step 5 – Also, you need to define the location of your web root directory. Edit these lines :

## before
    location / {
        root   /var/share/nginx/html;
        index  index.html index.htm;
    }

## after you edit
    location / {
        root   /var/www/servermom.xyz/html;
        index  index.html index.htm;
        try_files $uri $uri/ /index.php?$args;
    }

Step 6 – Right after that, add following lines :

    ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5';
    ssl_dhparam /etc/nginx/ssl/dhparams.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security max-age=15768000;

On the whole, it will look like this :

nginx virtual hosts file ssl

Now save changes by pressing Control+O and exit Nano editor by pressing Control+X.

Pointing Domain to Server

Simply edit / add the A and CNAME records in your DNS Management. In this example I use the one comes free with Namecheap.

Namecheap DNS

After that, you can just wait till your domain has been fully resolved to your server.

Install Let’s Encrypt SSL

Before you continue, it is important to firstly make sure your domain is pointing to your server. Otherwise, it would not work.

Step 1 – Install Git and its dependencies :

apt-get -y install git bc
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

install git nginx ubuntu

Step 2 – Now let’s try to request the free SSL certificate for your domain. But first, we need to stop nginx service first.

service nginx stop

Step 3 – Now issue following command :

cd /opt/letsencrypt
./letsencrypt-auto certonly --standalone --email your@emaill.com -d domain.tld -d www.domain.tld

example :

2016-04-18_220645

Step 4 – Usually, the first time you run the command it will take longer than usual because it downloads some necessary dependencies. Once done, you’ll see something like this :

ssl request success

Step 5 – Create new directory to store DH parameters :

mkdir /etc/nginx/ssl
cd /etc/nginx/ssl

Step 6 -Next, generate Diffie Helman parameters:

openssl dhparam -out dhparams.pem 2048

The process usually takes long time:

Diffie Helman Parameters

Step 7 -Test Nginx configuration and start the service :

nginx -t
systemctl start nginx.service

2016-04-18_221926

Step 8 – Open up your browser and then try accessing your domain via https

https://domain.tld

ssl nginx success

Step 9 – Now you need to redirect from http to https. Go edit back your nginx .conf file :

nano /etc/nginx/conf.d/default.conf

Step 10 – And put these lines in very top part:

server {
       listen         80;
       server_name    domain.tld;
       return         301 https://$server_name$request_uri;
}

so it will look similar to this

2016-04-18_222721

Testing SSL Quality

In your browser, go visit https://www.ssllabs.com/ssltest/ and try testing the quality of your ssl setup.

2016-04-18_222957

However, if you followed the steps above correctly you will get A+. Click on image below to see detailed report.

2016-04-18_223236

Testing HTTP/2 Protocol

If you are using Mozilla Firefox, then simply press Control+Shift+Q to bring up Networking tool. After that simply refresh your page and in the

httpv2 test

Done. Thank you for your attention in reading this article. Do not hesitate to leave comment below.

This post Install Nginx, Setup Lets Encrypt SSL and Setup HTTP/2 on Ubuntu 15.10 Server is part of ServerMom.

Source link