Nginx and Certbot configuration in Fedora 33

This page is a guide to the installation and configuration of the http server nginx in a Linux machine.
It is specifically addressed to Fedora 33 and I am not sure if it may be useful for other distributions, too.

This has been written by Juan Domingo, University of Valencia. For questions, send me an email to
J1u2a3n4D5o6m7i8n9go#uv.es
getting rid of the numbers and substituting the hash by the @ symbol. Nevertheless, I will not always be able to answer quickly.

The guide assumes basic knowledge of Linux (console use and bash commands) and software management
(use of dnf or your distribution package management system).

Nginx will be configured to serve secure pages by https.
For this to happen you must be the recipient of a certificate and install it properly.

In our case, we will use a certificate issued by Let's Encrypt that will be installed and managed using the software called Certbot.

From now on, everything should be done with root privileges, so become root (su -) or precede all commands with sudo.

The steps are:

Install nginx
dnf -y install nginx
Edit file /etc/nginx/nginx.conf to set your domain. From here, let's suppose it is myhost.mydomain so change the line:
```
server_name myhost.mydomain
```
Create the file /usr/share/nginx/index.html with any trivial content like

<html>
<head>
<meta charset="utf-8"/>
</head>
<body>
Hello, world!
</body>
</html>

just to check later that the server works.
Install the certificate. Complete directions can be found at the Certbot site, but essentially they are as follows:
Install snap:
dnf -y install snapd
systemctl start snapd
Use snap to install certbot:
snap install core
snap refresh core
dnf remove certbot  (just in case it had been installed before from the Fedora repo. If not, dnf will do nothing.)
Make this symbolic link:
ln -s /var/lib/snapd/snap /snap  (the next command with option --classic will not work otherwise)
Include /var/lib/snap/bin in your default path (edit your .bashrc, add it to the PATH variable and open a new shell)
Now, use snap to install certbot and link it to a name in the usual path for executables:
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
If you have a firewall activated, stop it for a while, either with
systemctl stop iptables  or with
systemctl stop firewalld  depending on the firewall you use
Ask for the certificate. We use option --nginx because it will automatically add configuration to your /etc/nginx/nginx.conf file.
certbot --nginx
You will be asked for some questions, may be the name of the domain (but it should have been taken from the nginx configuration file)
and you email address. Answer them and, if everything works fine, some lines like server { if ($host = ) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; server_name myhost.mydomain; return 404; # managed by Certbot
will have been added to the end of file /etc/nginx/nginx.conf.
Start the nginx server with
systemctl start nginx
and check its status with
systemctl status nginx
If something has gone wrong, you can get more information with
journalctl -xe
Not, point your browser to https://myhost.mydomain and you should see the Hello, world! page we wrote before.
In case you use a firewall, allow the https (and, if you want, http service) to accept incoming connections.

In iptables, this is done by including the lines -A INPUT -p tcp --dport 443 --syn -j ACCEPT -A INPUT -p tcp --dport 80 --syn -j ACCEPT in the file /etc/sysconfig/iptables and activating the firewall again with
systemctl start iptables

Alternatively, check the correct procedure if you use firewalld, and whatever the case, don't forget to start it again with
systemctl start firewalld

If you have come here from my former page on ShareLaTeX installation, enable the nginx service, but stop it just now before going back.
systemctl enable nginx
systemctl stop nginx

Otherwise, if you were here just to install nginx and the certificate, don't forget to restart and enable the nginx service:
systemctl restart nginx
systemctl enable nginx