Virtual Hosting and SSL Configuration in Nginx Web Server in Linux

Nginx is an open-source and globally popular web server. In our previous tutorials. In this guide, we will discuss how we can host multiple websites and configure ssl on Nginx webserver. Similarly how we do configure virtual hosting and SSL Configuration in Nginx Web Server in Linux. Nginx has Server Blocks to host multiple websites.

By default, Nginx has a single server block to host a single website the default webpage in /var/www/html. The default document directory for Nginx. Now let’s see how you can host multiple websites with Nginx by using multiple server blocks.

Create Server Blocks on Nginx

The first thing you have to do is to create a separate document directory for each websites that you want to host. Here we are going to host 2 websites, so we will create 2 more document directories for those particular websites as follows,

$ sudo mkdir -p /usr/share/nginx/website1

$ sudo mkdir -p /usr/share/nginx/website2

You can use some other directory instead ‘/var/www’ to create the document directories but we using ‘/var/www’ is for ease.

Next, you have to create ‘Index.html’ page for these websites,

$ sudo vi /usr/share/nginx/website1/index.html
<html>
    <head>
         <title>This is Website1.com!</title>
    </head>
    <body>
         <h1> Website1 is working fine.</h1>
    </body>
</html>

Similarly create index.html file for second website as well,

$ sudo vi /usr/share/nginx/website2/index.html
<html>
    <head>
         <title>This is Website2.com!</title>
    </head>
    <body>
        <h1>Website2 is working fine</h1>
    </body>
</html>

Now you will have to create server blocks to host multiple websites on the Nginx server. Let’s move into nginx configuration directory, 

$ cd /etc/nginx/conf.d

Next create two configuration files for hosting these two websites and put below entries,

$ vi /etc/nginx/conf.d/website1.conf
server {
    listen 80;
    listen [::]:80;
    root /var/www/website1;
    index index.html index.htm index.nginx-debian.html;
    server_name website1.com www.website1.com;
    location / {
        try_files $uri $uri/ =404;
    }
}

Similarly create the same for second website,

$ vi /etc/nginx/conf.d/website2.conf
server {
    listen 80;
    listen [::]:80;
    root /var/www/website2;
    index index.html index.htm index.nginx-debian.html;
    server_name website2.com www.website2.com;
    location / {
        try_files $uri $uri/ =404;
    }
}

After this you must reload or restart the nginx server to implement the changes,

$ sudo systemctl reload nginx

$ sudo systemctl restart nginx

Finally, now you can access the websites from the browser. To access the web server using the URL hostname, yu need to add the web URL in the local DNS server but you can also use the host entries in the file ‘/etc/hosts’ to access websites with the hostname.

Manage Host Entry

Create host entries in ‘/etc/hosts’,

$ sudo vi /etc/hosts

192.168.72.130 website1.com website2.com

Save the file & exit.

Here “192.168.72.130” is the IP address for the Nginx webserver. This entry needs to create on all the servers from which we have to access the website.

Read Also : How to Generate a SELF-SIGNED SSL Certificate with Openssl in Linux

Read Also : Install FREE SSL/TLS Certificate on Apache with Let’s Encrypt on Ubuntu

SSL Configuration in NGINX

To configure SSL Certificate in Nginx, private key and certificate are required . You can use ‘/etc/nginx/nginx.conf’ to configure the ssl in Nginx but it is recommended to create a separate file for ssl.

First, generate your DH parameters with OpenSSL:

$ cd /etc/ssl/certs

$ openssl dhparam -out dhparam.pem 4096

$ sudo vi /etc/nginx/conf.d/ssl.conf

Then enter the following lines to the ssl.conf file,

server {
    listen 443 ssl;
    server_name website.com;
    ssl_certificate /etc/nginx/ssl/test.crt;
    ssl_certificate_key /etc/nginx/ssl/test.key;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    root /var/www/html;
    index index.html index.htm index.nginx-debian.html;
}

Next, you should reload the nginx to complete the Nginx SSL configuration,

# systemctl reload nginx

Now you are good to access our website with the https followed by the website URL,

https://website.com

Since this is a self-signed certificate, you might get a warning but you can ignore that & click on ‘Proceed anyway’.

Additional Parameters for SSL

The above-mentioned parameters are the basic configuration for SSL, you can select a number of options like TLS versions. Ciphers suites as well depending on your need. The additional parameters that can be used are,

server {
    listen 443 ssl;
    server_name example.com;
    ssl_certificate /etc/nginx/ssl/test.crt;
    ssl_certificate_key /etc/nginx/ssl/test.key;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    root /var/www/html;
    index index.html index.htm;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers “EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH”;
    ssl_ecdh_curve secp384r1;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 5s;
    add_header Strict-Transport-Security “max-age=63072000; includeSubdomains”;
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
}

Conclusion

This guide describes Virtual Hosting and SSL Configuration in Nginx Web Server in Linux.  Please stay tuned for more on Linux, Python, Devops and Cloud Computing.

Read Also : Top 20 Linux Find Command Practical Examples

Share on:

Ravindra Kumar

Hi, This is Ravindra. I am founder of TheCodeCloud. I am AWS Certified Solutions Architect Associate & Certified in Oracle Cloud as well. I am DevOps and Data Science Enthusiast.

Recommended Reading..

1 thought on “Virtual Hosting and SSL Configuration in Nginx Web Server in Linux”

Leave a Comment