Title here
Summary here
Nginx web server
Install Nginx
sudo dnf -y install nginxCreate a self-signed certificate
For testing purposes, link to create Let’s Encrypt certificate below.
sudo mkdir -p /etc/nginx/ssl
sudo openssl genrsa -out /etc/nginx/ssl/selfsigned.key 2048
sudo openssl req -new -x509 -key /etc/nginx/ssl/selfsigned.key -out /etc/nginx/ssl/selfsigned.crt -days 365 -subj "/CN=domain.tld"# /etc/nginx/conf.d/www.domain.tld.conf
server {
listen 80;
server_name www.domain.tld;
return 301 https://$host$request_uri;
}
# HTTPS server block
server {
listen 443 ssl;
server_name www.domain.tld;
ssl_certificate /etc/nginx/ssl/selfsigned.crt;
ssl_certificate_key /etc/nginx/ssl/selfsigned.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}Configure port forwarding to web server
- See the port forwarding with OPNsense guide.
Configure domain registrar
Create a Let’s Encrypt wildcard certificate
Update the Nginx configuration to use the Let’s Encrypt certificate
# /etc/nginx/conf.d/www.domain.tld.conf
server {
listen 80;
server_name www.domain.tld;
return 301 https://$host$request_uri;
}
# HTTPS server block
server {
listen 443 ssl;
server_name www.domain.tld;
ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}