Editar /etc/hostname y colocar el nombre del servidor
sudo nano /etc/hostname
Editar /etc/hosts y colocar el nombre del servidor
sudo nano /etc/hosts
o con hostnamectl de la siguiente forma
hostnamectl set-hostname SU_SERVIDOR
Lo verificamos con
hostname -f
Instalar Nginx y crear las claves ssl
sudo apt install nginx
Crear claves ssl (omitir si se instalo mkcert y se crearon claves validas)
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
crear el archivo dhparam.pem
sudo openssl dhparam -out /etc/nginx/dhparam.pem 4096
Dar permiso correcto a las carpetas y agregando al usuario al grupo www-data
sudo chgrp -R www-data /var/www/html sudo find /var/www -type d -exec chmod 2775 {} ; sudo find /var/www -type f -exec chmod ug+rw {} ; sudo usermod -a -G www-data $USER
Si se va a instalar Jitsi omitir el resto
editar o crear /etc/nginx/snippets/ssl-params.conf
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
#Disable strict transport security for now. You can uncomment the following
#line if you understand the implications.
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
editar o crear /etc/nginx/snippets/self-signed.conf
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
editar /etc/nginx/sites-available/default.conf
server {
listen 80;
listen [::]:80;
root /var/www/html;
index index.php index.html index.htm;
server_name example.com www.example.com;
return 302 https://$server_name$request_uri;
location / {
try_files $uri $uri/ =404;
}
# pass PHP Script to Fast CGI server
#
location ~.php${
include snippers/fastcgi-php.conf;
#
#
# With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;#
#With php-cgi (or other tcp sockets):
#fastcgi_pass 127.0.0.1:9000;
}
}
editar /etc/nginx/sites-available/default-ssl.conf
server { listen 443 ssl; listen [::]:443 ssl; include snippets/self-signed.conf; include snippets/ssl-params.conf; server_name example.com www.example.com; root /var/www/html; index index.php index.html index.htm index.nginx-debian.html; }
Crear los enlaces simbólicos
sudo ln -s /etc/nginx/sites-available/default.conf /etc/nginx/sites-enabled/ sudo ln -s /etc/nginx/sites-available/default-ssl.conf /etc/nginx/sites-enabled/
Para probar si hay errores en la configuración
sudo nginx -t