Photo by Jordan Harrison on Unsplash
Configuring subdomains on Nginx in centos 7
Deploying your API or Code to production on linux and securing with SSH
Subdomains can be a powerful tool for organizing and scaling your web applications. In this tutorial, we will explore how to configure subdomains on Nginx in CentOS 7. By following these steps, you'll be able to set up subdomains and direct traffic to different applications or sections of your website efficiently. Let's say you have a blog and want to have it on blog.domain.com or have an API and want to deploy it to production on api.domain.com.
Prerequisites: Before we begin, ensure that you have the following prerequisites in place:
CentOS 7 server with Nginx installed.
Access to the server with administrative privileges.
A registered domain name with DNS configured to point to your server's IP address.
Step 1: Update DNS Records
To set up subdomains, you need to update your DNS records. This can usually be done through your domain registrar's control panel. Add an "A" record for each subdomain, pointing it to your server's IP address. For example:
api.yourdomain.com -> your_server_ip
blog.yourdomain.com -> your_server_ip
Step 2: Nginx Configuration
Create an Nginx configuration file and open the config file for your domain using a text editor:
cd /etc/nginx/conf.d touch api.domain.com.conf sudo nano api.domain.com.conf
Inside the server block, Configure it as you wish. For example:
server { listen 80; server_name api.domain.com; index index.php index.html index.htm; root /usr/share/nginx/blog.domain.com; location / { # Configuration for the subdomain try_files $uri $uri/ /index.php?$query_string; } location ~ \.(env|htaccess|gitignore|gitattributes)$ { return 403; } }
Repeat Steps 1 and 2 for other subdomains: You can copy/duplicate the first configuration file and modify the server_name and location directives accordingly on the new config file.
Save the file and exit the text editor.
Step 3: Test and Reload Nginx
Check the Nginx configuration for syntax errors:
sudo nginx -t
If there are no errors, reload Nginx to apply the changes:
sudo systemctl reload nginx
Step 4: Verify Subdomain Setup
Open a web browser and visit your subdomains (e.g., api.yourdomain.com, blog.yourdomain.com). If everything is configured correctly, you should see the respective applications or web pages.
Optionally, you can configure SSL/TLS certificates for your subdomains using Certbot or other certificate authorities to enable HTTPS access.
Step 5: Installing Certbot for HTTPS with Let's Encrypt
Securing your website with HTTPS is crucial for protecting user data and gaining trust. I will walk you through the process of installing Certbot, a widely-used tool for obtaining and managing SSL/TLS certificates, on CentOS 7. By the end of this guide, you'll have a valid SSL/TLS certificate from Let's Encrypt, enabling secure communication over HTTPS.
Step 1: Update System Packages Start by updating your system packages to ensure you have the latest software versions:
sudo yum update
Step 2: Install Certbot
Add the EPEL repository to access additional packages:
sudo yum install epel-release
Install Certbot using the package manager:
sudo yum install certbot
Step 3: Obtain SSL/TLS Certificate
Stop your web server temporarily to allow Certbot to listen on port 80 during the certificate issuance process. For Nginx, use:
sudo systemctl stop nginx
For Apache, use:
sudo systemctl stop httpd
Run the
certbot
command to obtain a certificate for your domain. Replaceyourdomain.com
with your actual domain:sudo certbot certonly --standalone -d yourdomain.com
Or run certbot
to update all domains with HTTPs
Certbot reads the subdomains from the configuration files of your Nginx server. In CentOS with Nginx, the configuration files are typically located in the
/etc/nginx/conf.d/
directory.
Certbot identifies the available subdomains by scanning the Nginx configuration files for server blocks or virtual host configurations that listen to port 80 (HTTP). It extracts the server_name directives within those blocks to determine the subdomains. In the provided example, Certbot is listing the subdomains it has detected based on the Nginx configuration. You can select the appropriate subdomains for which you want to activate HTTPS by entering the corresponding numbers separated by commas or spaces. Alternatively, you can choose all options by leaving the input blank, or cancel the operation by entering 'c'. Certbot will automatically configure Nginx to use the obtained certificates and reload the server to apply the changes.
Step 4: Test SSL/TLS Configuration
Open a web browser and visit your website using the HTTPS protocol (e.g., yourdomain.com). If everything is configured correctly, you should see a secure connection with a valid SSL/TLS certificate.
Optionally, you can use online SSL/TLS validation tools to verify the certificate installation and configuration.
Step 4: Automate Certificate Renewal
Certbot certificates have a validity period, typically 90 days. To ensure uninterrupted HTTPS access, it's important to set up automatic certificate renewal.
Edit the crontab and add a new entry:
crontab -e
0 0 * * 0 certbot renew --post-hook "systemctl reload nginx"
The cron expression 0 0 * * 0
specifies that the command should run at midnight (00:00) every Sunday (day of the week = 0). This cron schedule will trigger the command once a week.
The command certbot renew --post-hook "systemctl reload nginx"
is executed after the certificate renewal process. It will run the certbot renew
command, which checks for any certificates that need renewal, and if renewal is required, it will renew them. The --post-hook
option specifies the command to be executed after successful certificate renewal. In this case, it reloads the Nginx server using the systemctl reload nginx
command.
By using this cron schedule and command, you can automate the renewal of SSL/TLS certificates and reload the Nginx server to apply the renewed certificates.
Conclusion
By following this guide, you have successfully installed a subdomain, secured your blog or API using HTTP and used Certbot to get SSL/TLS certificates for your Nginx server in CentOS 7. Your website is now secured with HTTPS, ensuring encrypted and trustworthy communication between your users and the server. Remember to automate the certificate renewal process to avoid any service interruptions.
Enjoy the enhanced security and trustworthiness of your website with Certbot and Nginx!
Please ensure that you regularly update your server and follow best practices for server and application security to maintain a secure environment.
I'm excited to see what you’ll build next. Connect and share with me on LinkedIn. Let us know what you think of this on Twitter!