- Create EC2 instance
Ubuntu 20.04t3.micro(cpu cores > 1)public subnetenable public ip
- Create Security Group
nginx- open port
80, and443
- open port
- Create
devopskep pair - Update permissions on
devopskey pair- Keys need to be only readable by you
chmod 400 devops.pem
- Keys need to be only readable by you
- SSH to the Ubuntu server
ssh -i devops.pem ubuntu@34.229.113.7- Update Ubuntu packages
sudo apt update- Check version of
nginxto be installed
apt policy nginx- Check current versions of
nginxhere - Add
nginxdeb repository
sudo vi /etc/apt/sources.list.d/nginx.listdeb https://nginx.org/packages/ubuntu/ focal nginx
deb-src https://nginx.org/packages/ubuntu/ focal nginx
deb lines are relative to binary packages, that you can install with apt. deb-src lines are relative to source packages (as downloaded by apt-get source $package) and next compiled. Source packages are needed only if you want to compile some package yourself, or inspect the source code for a bug. Ordinary users don't need to include such repositories.
- Update Ubuntu packages
sudo apt update- Add GPG key
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ABF5BD827BD9BF62- Update Ubuntu packages
sudo apt update- Check version of
nginxto be installed
apt policy nginx- Install
nginx
sudo apt install nginx=1.20.1-1~focal- Start
nginx
sudo systemctl start nginx- Enable
nginx
sudo systemctl enable nginx- Check
nginxstatus
sudo systemctl status nginx(Can't open PID file /run/nginx.pid (yet?) after start: Operation not permitted)
- Go to browser
- Check the main
nginxconfig
cat /etc/nginx/nginx.conf- Check default
nginxconfig
cat /etc/nginx/conf.d/default.conf- Create folder for our website
sudo mkdir -p /var/www/devopsbyexample.io/html- Update ownership
sudo chown -R $USER:$USER /var/www/devopsbyexample.io/html- Update permissions
sudo chmod -R 755 /var/www/devopsbyexample.io- Create a web page
vi /var/www/devopsbyexample.io/html/index.html
<html>
<head>
<title>Welcome to devopsbyexample.io!</title>
</head>
<body>
<h1>Success! The devopsbyexample.io server block is working!</h1>
</body>
</html>- Create
sites-availabledirectory
sudo mkdir /etc/nginx/sites-available/- Create
sites-enableddirectory
sudo mkdir /etc/nginx/sites-enabled- Create
nginxserver block
sudo vi /etc/nginx/sites-available/devopsbyexample.ioserver {
listen 80;
root /var/www/devopsbyexample.io/html;
index index.html;
server_name devopsbyexample.io www.devopsbyexample.io;
location / {
try_files $uri $uri/ =404;
}
}- Add include statement
sudo vi /etc/nginx/nginx.confinclude /etc/nginx/sites-enabled/*;
- Create a symlink
sudo ln -s /etc/nginx/sites-available/devopsbyexample.io /etc/nginx/sites-enabled/- Test
nginxconfig
sudo nginx -t- Reload
nginxconfig
sudo nginx -s reload- Create A records
- Check DNS (if you are using cloudflare enable full strict by ssl/tsl>overview>full_strict)
dig devopsbyexample.io
dig www.devopsbyexample.io
snap version- If you don't have it
apt policy snapdandapt install snapd - Ensure that your version of snapd is up to date
sudo snap install core; sudo snap refresh core- Remove certbot-auto and any Certbot OS packages
sudo apt-get remove certbot- Install Certbot
sudo snap install --classic certbot- Prepare the Certbot command
sudo ln -s /snap/bin/certbot /usr/bin/certbot- Check certbot version
sudo certbot --version
- Test certbot
sudo certbot --nginx --test-cert- Open nginx block
cat /etc/nginx/sites-available/devopsbyexample.io- Go to browser https://devopsbyexample.io
- Issue real certificate
sudo certbot --nginx
- Go to browser https://devopsbyexample.io
- Go to browser https://www.devopsbyexample.io
- Test renewal
sudo certbot renew --dry-run- Check systemctl times
systemctl list-timers- Delete EC2 instance
- Delete security group
nginx - Delete key pair
devops - Remove A records