Deploy Nginx static HTML on mac
2 min readJul 18, 2021
Video 1:- Basic Nginx setup
1. brew update
2. brew install nginxDocroot is: /opt/homebrew/var/wwwThe default port has been set in /opt/homebrew/etc/nginx/nginx.conf to 8080 so that
nginx can run without sudo.3. ps -ef | grep nginx
4. nginx
5. ps -ef | grep nginx
6. lsof -i -P | grep LISTEN
7. Go to 0.0.0.0:8080
8. Update index.html (Docroot: /opt/homebrew/var/www)
9. Change the port /opt/homebrew/etc/nginx/nginx.conf
10. nginx -s reload
Video 2:- HTTPS config
1. Create the CAmkdir ~/CA
openssl genrsa -out ~/CA/ca.key 2048
openssl req -new -x509 -key ~/CA/ca.key -out ~/CA/ca.crt2. Add CA to firefox browser
Burger > settings > cert > View Certificates > Import3. Create CSRmkdir ~/nginx-certs
openssl genrsa -out ~/nginx-certs/example.org.key 2048
openssl req -new -key ~/nginx-certs/example.org.key -out ~/nginx-certs/example.org.csr4. Sign the csr with the CAopenssl x509 -req -in ~/nginx-certs/example.org.csr -CA ~/CA/ca.crt -CAkey ~/CA/ca.key -CAcreateserial -out ~/nginx-certs/example.org.crt5. Configure nginx to use httpsvi /opt/homebrew/etc/nginx/nginx.conf
/Users/saluton/nginx-certs/example.org.crt
/Users/saluton/nginx-certs/example.org.keynginx -s reload6. Add the hostname to /etc/hostssudo vi /etc/hosts
127.0.0.1 www.example.com7. Visit www.example.com & check it is using the certificate, and found the right CA8. Visit example.com & check it is not validated
Video 3:- What about example.com? (not www.example.com)
Problem: www.example.com -> returns the correct certificate and is accepted by the browserexample.com -> returns the same certificate with CN=*.example.com but this address is not accepted by the browser with error: "Warning: Potential Security Risk Ahead"Solution: Add example.com to the SAN of the certificate1. Create new certificate for www.example.comvi ~/nginx-certs/example.conf[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = GB
ST = North
L = Liverpool
O = Example
OU = IT
CN = *.example.com
[v3_req]
subjectAltName = @alt_names
[alt_names]
DNS.1 = *.example.com
DNS.2 = example.comopenssl req -new -key ~/nginx-certs/example.org.key -config ~/nginx-certs/example.conf -out example.org.csr
openssl req -text -noout -verify -in ~/nginx-certs/example.org.csr2. Sign the certificate using new signing commandopenssl x509 -req -in ~/nginx-certs/example.org.csr -CA ~/CA/ca.crt -CAkey ~/CA/ca.key -CAcreateserial -out ~/nginx-certs/example.org.crt -extfile ~/nginx-certs/example.conf -extensions v3_reqopenssl x509 -text -in ~/nginx-certs/example.org.crt -noout3. Add this Certificate to nginx and restartnginx -s reload4. Visit www.example.com & example.com and validate the new cert is provided
Video 4:- Nginx Server Blocks
1. Create a test site html filesmkdir /opt/homebrew/var/www/test/
vi /opt/homebrew/var/www/test/index.html<html>
<head>
<title>Hello World Test!</title>
</head>
<body>
<h1>test.com server block is working</h1>
</body>
</html>2. Create sites-available and sites-enabled directoriesmkdir /opt/homebrew/etc/nginx/sites-available
mkdir /opt/homebrew/etc/nginx/sites-enabled3. Create file for test.com in sites-availablevi /opt/homebrew/etc/nginx/sites-available/test.confserver {
listen 80 default_server;
listen [::]:80 default_server;root /opt/homebrew/var/www/test;
index index.html ;server_name test.com www.test.com;location / {
try_files $uri $uri/ =404;
}
}4. Link the file to sites-enabledln -s /opt/homebrew/etc/nginx/sites-available/test.conf /opt/homebrew/etc/nginx/sites-enabled/test.conf5. Add sites-enabled to nginx.confvi /opt/homebrew/etc/nginx/nginx.confinclude /opt/homebrew/etc/nginx/sites-enabled/*;6. Reload nginx7. Add test.com to /etc/hosts8. Visit test.com & example.com
