How To Securing Nginx on Manjaro with Let’s Encrypt SSL

In this tutorial, we will show you how to securing Nginx on Manjaro with Let’s Encrypt SSL. In the digital age, web security is paramount. Your web server may be running the powerful Nginx on Manjaro Linux, but without proper security measures, your website is vulnerable to a host of threats. In this comprehensive guide, we will walk you through the process of securing your Nginx server with Let’s Encrypt SSL certificates.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation of Redis on a Manjaro Linux.

Prerequisites

• A server or desktop running one of the following operating systems: Manjaro, and other Arch-based distributions.
• It’s recommended that you use a fresh OS install to prevent any potential issues.
• SSH access to the server (or just open Terminal if you’re on a desktop).
• Ensure that your Manjaro system is connected to the internet. This is crucial as it allows you to download the required packages and the Nginx installation.
• A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Securing Nginx on Manjaro with Let’s Encrypt SSL

Step 1. Before diving into the Nginx installation, it’s crucial to make sure your Manjaro system is up to date. Open a terminal and execute the following commands:

sudo pacman -Syu

Step 2. Installing Nginx on Manjaro.

Install Nginx on your Manjaro system using the package manager. Run the following command:

sudo pacman -S nginx

Once Nginx is installed, start it and enable auto-start at boot with these commands:

sudo systemctl start nginx
sudo systemctl enable nginx

To check if Nginx is running, visit your server’s IP address in your web browser. You should see the default Nginx landing page.

Step 3. Installing Certbot.

Certbot provided by Let’s Encrypt, simplifies the process of obtaining SSL certificates. First, install Certbot, which is a tool for obtaining Let’s Encrypt SSL certificates:

sudo pacman -S certbot

Use Certbot to obtain the SSL certificate. Run the following command:

sudo certbot --nginx -d example.com -d www.example.com

Certbot will automatically configure Nginx to use the SSL certificate and update your Nginx configuration.

Let’s Encrypt certificates expire every 90 days. Automate the renewal process by adding a cron job:

sudo crontab -e

Add the following line to run renewal checks daily:

0 0 * * * /usr/bin/certbot renew --quiet

Certbot will automatically renew your certificates when they are about to expire.

Step 4. Firewall Configuration.

If you’re using a firewall, make sure to allow HTTP (port 80) and HTTPS (port 443) traffic. You can use ufw if it’s installed:

sudo ufw allow 'Nginx Full'

Activate the firewall:

sudo ufw enable

Step 5. Test SSL Configuration.

Periodically test your SSL configuration for vulnerabilities and performance. Use tools like SSL Labs to get a detailed report and recommendations.

Congratulations! You have successfully secured Nginx. Thanks for using this tutorial to securing Nginx on Manjaro with Let’s Encrypt SSL. For additional help or useful information, we recommend you check the official Nginx website.