NGINX

Setup reverse proxy with NGINX

Start by installing the NGINX HTTP server using

apt-get install nginx

Once NGINX is installed, create the following configuration file in /etc/nginx/sites-available/glassfish.conf:

vim /etc/nginx/sites-available/glassfish.conf
upstream glassfish { 
  server 127.0.0.1:8080 weight=100 max_fails=5 fail_timeout=5;
}

server {
  listen          80;
  server_name     domain.tld;
 
  location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://glassfish/appname/;
  }
}

Next, navigate to /etc/nginx/sites-enabled and create a symbolic link to the glassfish.conf configuration file you just created:

cd /etc/nginx/sites-enabled
ln -s /etc/nginx/sites-available/glassfish.conf

Now, check if Nginx configuration syntax is OK by running:

nginx -t

and restart and enable NGINX on your virtual server startup using:

service nginx restart
update-rc.d -f nginx enable

NGINX multiple server blocks

Create separately two files (you don’t have to, but it will be much clearer) in /etc/nginx/sites-available/www.example.com and /etc/nginx/sites-available/www.example.net.

As an example to redirect the second one to the first one

server {
  listen        80;
  server_name   www.example.net;
  return  301   http://www.example.com/;
}

SSL/TLS Certificate

Install certbot

apt-get install python-certbot-nginx

Generate certificates with the NGINX plug‑in

sudo certbot --nginx -d example.com -d www.example.com

verify the syntax of the configuration and restart NGINX

nginx -t && nginx -s reload

Automatically Renew Certificates

Open the crontab file

crontab -e

Add the certbot command to run every day at noon. The command checks to see if the certificate on the server will expire within the next 30 days, and renews it if so. The –quiet directive tells certbot not to generate output.

0 12 * * * /usr/bin/certbot renew --quiet

Save and close the file. All installed certificates will be automatically renewed and reloaded.