Configuring subdomains on Nginx in centos 7

Deploying your API or Code to production on linux and securing with SSH

Subdomains can be a powerful tool for organizing and scaling your web applications. In this tutorial, we will explore how to configure subdomains on Nginx in CentOS 7. By following these steps, you'll be able to set up subdomains and direct traffic to different applications or sections of your website efficiently. Let's say you have a blog and want to have it on blog.domain.com or have an API and want to deploy it to production on api.domain.com.

Prerequisites: Before we begin, ensure that you have the following prerequisites in place:

  1. CentOS 7 server with Nginx installed.

  2. Access to the server with administrative privileges.

  3. A registered domain name with DNS configured to point to your server's IP address.

Step 1: Update DNS Records

To set up subdomains, you need to update your DNS records. This can usually be done through your domain registrar's control panel. Add an "A" record for each subdomain, pointing it to your server's IP address. For example:

Step 2: Nginx Configuration

  1. Create an Nginx configuration file and open the config file for your domain using a text editor:

     cd /etc/nginx/conf.d
     touch api.domain.com.conf
     sudo nano api.domain.com.conf
    
  2. Inside the server block, Configure it as you wish. For example:

     server {
         listen 80;
         server_name api.domain.com;
         index index.php index.html index.htm;
         root /usr/share/nginx/blog.domain.com;
    
         location / {
             # Configuration for the subdomain
             try_files $uri $uri/ /index.php?$query_string;
    
         }
        location ~ \.(env|htaccess|gitignore|gitattributes)$ {
    
                     return 403;
    
             }
    
     }
    
  3. Repeat Steps 1 and 2 for other subdomains: You can copy/duplicate the first configuration file and modify the server_name and location directives accordingly on the new config file.

  4. Save the file and exit the text editor.

Step 3: Test and Reload Nginx

  1. Check the Nginx configuration for syntax errors:

     sudo nginx -t
    

  2. If there are no errors, reload Nginx to apply the changes:

     sudo systemctl reload nginx
    

Step 4: Verify Subdomain Setup

  1. Open a web browser and visit your subdomains (e.g., api.yourdomain.com, blog.yourdomain.com). If everything is configured correctly, you should see the respective applications or web pages.

  2. Optionally, you can configure SSL/TLS certificates for your subdomains using Certbot or other certificate authorities to enable HTTPS access.

Step 5: Installing Certbot for HTTPS with Let's Encrypt

Securing your website with HTTPS is crucial for protecting user data and gaining trust. I will walk you through the process of installing Certbot, a widely-used tool for obtaining and managing SSL/TLS certificates, on CentOS 7. By the end of this guide, you'll have a valid SSL/TLS certificate from Let's Encrypt, enabling secure communication over HTTPS.

Step 1: Update System Packages Start by updating your system packages to ensure you have the latest software versions:

sudo yum update

Step 2: Install Certbot

  1. Add the EPEL repository to access additional packages:

     sudo yum install epel-release
    
  2. Install Certbot using the package manager:

     sudo yum install certbot
    

Step 3: Obtain SSL/TLS Certificate

  1. Stop your web server temporarily to allow Certbot to listen on port 80 during the certificate issuance process. For Nginx, use:

     sudo systemctl stop nginx
    

    For Apache, use:

     sudo systemctl stop httpd
    
  2. Run the certbot command to obtain a certificate for your domain. Replace yourdomain.com with your actual domain:

     sudo certbot certonly --standalone -d yourdomain.com
    

Or run certbot to update all domains with HTTPs

Certbot reads the subdomains from the configuration files of your Nginx server. In CentOS with Nginx, the configuration files are typically located in the /etc/nginx/conf.d/ directory.

Certbot identifies the available subdomains by scanning the Nginx configuration files for server blocks or virtual host configurations that listen to port 80 (HTTP). It extracts the server_name directives within those blocks to determine the subdomains. In the provided example, Certbot is listing the subdomains it has detected based on the Nginx configuration. You can select the appropriate subdomains for which you want to activate HTTPS by entering the corresponding numbers separated by commas or spaces. Alternatively, you can choose all options by leaving the input blank, or cancel the operation by entering 'c'. Certbot will automatically configure Nginx to use the obtained certificates and reload the server to apply the changes.

Step 4: Test SSL/TLS Configuration

  1. Open a web browser and visit your website using the HTTPS protocol (e.g., yourdomain.com). If everything is configured correctly, you should see a secure connection with a valid SSL/TLS certificate.

  2. Optionally, you can use online SSL/TLS validation tools to verify the certificate installation and configuration.

Step 4: Automate Certificate Renewal

Certbot certificates have a validity period, typically 90 days. To ensure uninterrupted HTTPS access, it's important to set up automatic certificate renewal.

Edit the crontab and add a new entry:

crontab -e
0 0 * * 0 certbot renew --post-hook "systemctl reload nginx"

The cron expression 0 0 * * 0 specifies that the command should run at midnight (00:00) every Sunday (day of the week = 0). This cron schedule will trigger the command once a week.

The command certbot renew --post-hook "systemctl reload nginx" is executed after the certificate renewal process. It will run the certbot renew command, which checks for any certificates that need renewal, and if renewal is required, it will renew them. The --post-hook option specifies the command to be executed after successful certificate renewal. In this case, it reloads the Nginx server using the systemctl reload nginx command.

By using this cron schedule and command, you can automate the renewal of SSL/TLS certificates and reload the Nginx server to apply the renewed certificates.

Conclusion

By following this guide, you have successfully installed a subdomain, secured your blog or API using HTTP and used Certbot to get SSL/TLS certificates for your Nginx server in CentOS 7. Your website is now secured with HTTPS, ensuring encrypted and trustworthy communication between your users and the server. Remember to automate the certificate renewal process to avoid any service interruptions.

Enjoy the enhanced security and trustworthiness of your website with Certbot and Nginx!

Please ensure that you regularly update your server and follow best practices for server and application security to maintain a secure environment.

I'm excited to see what you’ll build next. Connect and share with me on LinkedIn. Let us know what you think of this on Twitter!