thomas

thomas

I work in infosec, collect lego, watch movies and would love to go snowboarding more often. I ignore capitals and abuse ellipses …

From console to blog: ‘Production’ site with Nginx and Let’s Encrypt

Following on from the 3rd part of this series, I will go through how to create a production environment for the new blog.example.com.

Jekyll’s web servlet should only be used for development. In production, static files generated by Jekyll should be served by a more mature, secure and feature-rich web server software. In this article, I will show how to configure Nginx with Jekyll.

Install Nginx what we need:

> sudo apt install -y nginx certbot python3-certbot-nginx

I do not need any of the modules enabled by default:

/etc/nginx/modules-enabled » sudo rm *
/etc/nginx/modules-enabled » ls -l
total 0
/etc/nginx/modules-enabled

Disable version disclosure in nginx.conf:

server_tokens off

I do not need the default site enabled:

/etc/nginx » sudo rm sites-enabled/*
/etc/nginx »

What I do need is a fairly generic server config in /etc/nginx/sites-available/blog.example.com:

server {
  listen 80;
  listen [::]:80;

  server_name blog.example.com;

  root /var/www/example.com;
  index index.html;

  location / {
    try_files $uri $uri/ =404;
  }
}

/etc/nginx » sudo mkdir /var/www/blog.example.com
/etc/nginx » sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
/etc/nginx » sudo nginx -s reload
/etc/nginx »

Obtain a certificate from Let’s Encrypt:

/etc/nginx » sudo certbot --nginx -d blog.example.com
...
/etc/nginx » sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
/etc/nginx » sudo nginx -s reload
/etc/nginx »

Generate the static files in production:

blog.example.com » JEKYLL_ENV=production bundle exec jekyll build  -d /var/www/blog.example.com
Configuration file: /home/user1/blog.example.com/_config.yml
            Source: /home/user1/blog.example.com
       Destination: /var/www/blog.example.com
 Incremental build: disabled. Enable with --incremental
      Generating...
       Jekyll Feed: Generating feed for posts
                    done in 1.022 seconds.
 Auto-regeneration: disabled. Use --watch to enable.
blog.example.com » JEKYLL_ENV=production bundle exec jekyll build  -d /var/www/html/

Reload Nginx once again:

/etc/nginx » sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
/etc/nginx » sudo nginx -s reload
/etc/nginx »