# Serve with Nginx and certify with Certbot SSL Note: `snapd` isnt stable on Almalinux 10 at the time of writing, you might wanna install it via `pip` or some other way. ## Installing packages ```sh # Install packages sudo dnf install snapd nginx && systemctl enable nginx && systemctl start nginx # Snapd for certbot (https certs) sudo systemctl enable --now snapd.socket && sudo ln -s /var/lib/snapd/snap /snap && sudo ln -s /snap/bin/certbot /usr/bin/certbot && sudo snap install --classic certbot && sudo ln -s /snap/bin/certbot /usr/bin/certbot ``` This installed our nginx and certbot. ## Serving a website via nginx Create an empty config file ```sh nvim /etc/nginx/conf.d/$YOUR_SERVICE.conf ``` and then add ```nginx server { server_name sub.yourdomain.com location / { root html; index index.html; } } ``` then ```sh sudo certbot --nginx -d sub.yourdomain.com sudo certbot renew --dry-run # test renewal ``` This is all you need to have a self-renewing certificate for a service or website. ## Passing the traffic thru to your APIs with `upstream` For an API service, do the same as above point, but go into your config and change the `/your_api` block to include: ```nginx upstream your_api { server 127.0.0.1:3498; } # ... server { # ... location / { proxy_pass http://your_api; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket support (if needed) proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; # Timeouts proxy_connect_timeout 5s; proxy_read_timeout 60s; proxy_send_timeout 60s; } # ... } ``` Test and reload nginx by: ```sh # Test configuration sudo nginx -t # Reload nginx sudo systemctl reload nginx ``` ## Deleting Certbot certificates ```sh # List your certificates sudo certbot certificates # Delete by name sudo certbot delete --cert-name sub.domain.com ```