{"id":3616,"date":"2023-10-24T17:50:03","date_gmt":"2023-10-24T17:50:03","guid":{"rendered":"http:\/\/wordpress.nationaltrail.k12.oh.us\/ittech\/?p=3616"},"modified":"2023-10-27T14:17:07","modified_gmt":"2023-10-27T14:17:07","slug":"configuring-nginx-f","status":"publish","type":"post","link":"https:\/\/wordpress.nationaltrail.k12.oh.us\/ittech\/2023\/10\/24\/configuring-nginx-f\/","title":{"rendered":"Configuring Nginx for HTTPS Redirect"},"content":{"rendered":"<ul>\n<li>NOTES\n<ul>\n<li>If you already have nginx deployed, skip to the &#8220;Add a website for URL redirect&#8221; step.<\/li>\n<\/ul>\n<\/li>\n<li>\u00a0Assumptions\n<ul>\n<li>You have an Ubuntu 22.04 Linux server created\n<ul>\n<li>4GB of RAM<\/li>\n<li>30GB of Drive Storage<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Prerequisites\n<ul>\n<li>You have a DNS &#8220;A&#8221; record redirecting all subdomains to your machine.\n<ul>\n<li>For instance, if your domain is &#8220;example.com&#8221;, you need to create an A record of &#8220;*&#8221; to redirect everything to anysubdomain.example.com.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Download openssh (<span style=\"color: #ff0000\">OPTIONAL<\/span>)\n<ul>\n<li>This allows the user to ssh into the machine to allow for easier copying and pasting of commands\n<ul>\n<li>sudo -i\n<ul>\n<li>This puts the current terminal as a super user (can run commands as an admin).<\/li>\n<\/ul>\n<\/li>\n<li>apt-get update\n<ul>\n<li>Updates the current list of Linux packages.<\/li>\n<\/ul>\n<\/li>\n<li>apt-get upgrade\n<ul>\n<li>Upgrades all of the packages\/updates the actual software<\/li>\n<\/ul>\n<\/li>\n<li>apt-get install openssh-server\n<ul>\n<li>This installs openssh so you can ssh to the Linux machine<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Connect to the Linux machine via SSH (use putty or the cmd)<\/li>\n<\/ul>\n<\/li>\n<li>Install nginx\n<ul>\n<li>apt install nginx\n<ul>\n<li>This installs the nginx software and engine<\/li>\n<\/ul>\n<\/li>\n<li>systemctl status nginx\n<ul>\n<li>this will check the status of nginx, ensuring the it is running<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Add a website for URL redirect\n<ul>\n<li>cd \/etc\/nginx\/sites-available<\/li>\n<li>nano yourwebsite.example.com\n<ul>\n<li>You will want this to actually be the URL you are redirecting. For instance, test.nationaltrail.us. &#8220;test&#8221; is the subdomain and &#8220;nationaltrail.us&#8221; is the domain we own.<\/li>\n<\/ul>\n<\/li>\n<li>Add the following configuration to the file\n<ul>\n<li>server {<br \/>\nserver_name <span style=\"color: #ff0000\">test.nationaltrail.us<\/span>;location \/ {<br \/>\nproxy_pass <span style=\"color: #ff0000\">http:\/\/10.10.8.112<\/span>; # Point to test web server<br \/>\nproxy_set_header Host $host;<br \/>\nproxy_set_header X-Real-IP $remote_addr;<br \/>\nproxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br \/>\n}<br \/>\n}<\/p>\n<ul>\n<li>This redirects &#8220;test.nationaltrail.us&#8221; to &#8220;http:\/\/10.10.8.112&#8221;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Link sites-available to sites-enabled\n<ul>\n<li>ln -s \/etc\/nginx\/sites-available\/test.nationaltrail.us \/etc\/nginx\/sites-enabled\n<ul>\n<li>This creates a link from sites-available to sites-enabled to allow nginx to start redirecting\/have access to the configuration<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Test the configuration\n<ul>\n<li>nginx -t\n<ul>\n<li>This should have an output such as &#8220;the configuration is OK&#8221;<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Restart the nginx service\n<ul>\n<li>systemctl reload nginx<\/li>\n<\/ul>\n<\/li>\n<li>You should now ab able to go to &#8220;test.nationaltrail.us&#8221; to go to the website located at &#8220;10.10.8.112&#8221;<\/li>\n<\/ul>\n<\/li>\n<li>Add Certbot and secure the site\n<ul>\n<li>At this point, you are only redirecting traffic, not adding an SSL certificate. This will add encryption to secure the site.<\/li>\n<li>Install certbot and the nginx plugin\n<ul>\n<li>apt install certbot python3-certbot-nginx<\/li>\n<\/ul>\n<\/li>\n<li>Secure your website\n<ul>\n<li>certbot &#8211;nginx -d test.nationaltrail.us<\/li>\n<\/ul>\n<\/li>\n<li>Go through the installation process. This includes adding a notification email for certificate expiration AND choosing the option for REDIRECTING traffic to HTTPS. This is the <span style=\"color: #ff0000\">second option<\/span> if you are prompted for it.<\/li>\n<li>Restart nginx\n<ul>\n<li>systemctl reload nginx<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Connect to your website! It should be secured unless the web app requires further proxy configuration (refer to the webpages documentation for this possibility).<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>NOTES If you already have nginx deployed, skip to the &#8220;Add a website for URL redirect&#8221; step. \u00a0Assumptions You have an Ubuntu 22.04 Linux server created 4GB of RAM 30GB of Drive Storage Prerequisites You have a DNS &#8220;A&#8221; record redirecting all subdomains to your machine. For instance, if your domain is &#8220;example.com&#8221;, you need &hellip; <a href=\"https:\/\/wordpress.nationaltrail.k12.oh.us\/ittech\/2023\/10\/24\/configuring-nginx-f\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Configuring Nginx for HTTPS Redirect<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1303,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[],"class_list":["post-3616","post","type-post","status-publish","format-standard","hentry","category-it-support"],"_links":{"self":[{"href":"https:\/\/wordpress.nationaltrail.k12.oh.us\/ittech\/wp-json\/wp\/v2\/posts\/3616","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.nationaltrail.k12.oh.us\/ittech\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.nationaltrail.k12.oh.us\/ittech\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.nationaltrail.k12.oh.us\/ittech\/wp-json\/wp\/v2\/users\/1303"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.nationaltrail.k12.oh.us\/ittech\/wp-json\/wp\/v2\/comments?post=3616"}],"version-history":[{"count":4,"href":"https:\/\/wordpress.nationaltrail.k12.oh.us\/ittech\/wp-json\/wp\/v2\/posts\/3616\/revisions"}],"predecessor-version":[{"id":3620,"href":"https:\/\/wordpress.nationaltrail.k12.oh.us\/ittech\/wp-json\/wp\/v2\/posts\/3616\/revisions\/3620"}],"wp:attachment":[{"href":"https:\/\/wordpress.nationaltrail.k12.oh.us\/ittech\/wp-json\/wp\/v2\/media?parent=3616"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.nationaltrail.k12.oh.us\/ittech\/wp-json\/wp\/v2\/categories?post=3616"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.nationaltrail.k12.oh.us\/ittech\/wp-json\/wp\/v2\/tags?post=3616"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}