added new article

collections/_posts/2021-12-27-setup-nginx-https-web-server-with-lets-encrypt-plus-strapi-4.0-headless-cms.txt

@@ -0,0 +1,185 @@
+---
+layout: journal_single
+
+author: Charles #case sensitive, please use capitalization for names.
+
+title: Setup a Secure NGINX HTTPS Web Server with Let's Encrypt + Strapi 4.0 Headless CMS
+sub_heading: Static Websites with CMS
+
+banner_image: "/uploads/2021/santa-rudolph-unsplash.webp" #Size of banner_image 840x560
+banner_image_alt: "Qt5 Compile"
+
+category: Tutorials
+tag: Linux, Strapi, Nginx, JAMstack
+
+updated: December 27, 2021
+---
+
+## General
+For this tutorial, we will launch a secure SSL NGINX web server for your website domain example.org and enable an API to be consumed from the subdomain i.e. api.example.org with Strapi 4.0. 
+
+*Tip:* For each reference, I add the **[reference name]** in brackets at the end of the "transmission." **[AWK example]**
+ 
+## Requirements: 
+- a Ubuntu Linux 20.04 VPS with SSH access
+- CLI knowledge
+- a registered web domain i.e. example.org
+- Basic knowledge of DNS and managing a VPS with SSH 
+
+## Dependencies & Packages
+- NodeJS v12 or v14 (v14 is recommended for Strapi 4.0)
+- Npm v6+ & Yarn (Yarn is optional)
+- Certbot with Let's Encrypt
+- Nano editor
+
+## Prepare Operating System 
+Let's Begin! We begin by installing nginx, certbot and verifying versions Strapi needs. Keep in mind, if you are reading this from the future, the versions will change.
+
+### Update System
+```sudo apt update```
+
+### Install Nginx Certbot Packages
+```sudo apt install certbot python3-certbot-nginx``
+
+### Install NGINX & verify version 
+```sudo apt install nginx```
+```node -v && nginx -v```
+
+**Tip:** Strapi recommends nodejs v14, but v12 works.
+
+### Install Yarn (Corepack) 
+```npm i -g corepack``` **[Install Yarn]**
+
+## Configure NGINX 
+Next, we will configure your newly installed Nginx server. By default the configurations are located at: /etc/nginx/ & /etc/nginx/sites-available/. To keep things tidy and organized, we create a new api.example.org conf for each domain we are publicly facing to WWW. 
+
+### Make Directory & Copy Default HTML page 
+```sudo mkdir -p /var/www/api.example.org/html/```
+```sudo cp -R /var/www/html/index.nginx-debian.html /var/www/api.example.org/html/index.html```
+
+### Duplicate Default Config 
+```sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/api.example.org```
+
+### Update NGINX api.example.org Config File
+
+The **Proxy Config** is important and allows the Strapi 4.0 server to run with nginx. In general, the rest allows SSL and redirects all HTTP traffic to HTTPS, plus denies automated user-agents like wget.
+```
+server {
+        # Redirect all HTTP requests to HTTPS
+        listen 80;
+        server_name _;
+        return 301 https://$host$request_uri;
+
+        # Deny Automated User-Agents
+        if ($http_user_agent ~* (netcrawl|npbot|malicious|LWP::Simple|BBBike|wget)) {
+        return 403;
+        }
+}
+
+server {
+    # Listen HTTPS
+    listen 443 ssl http2; # managed by Certbot
+    listen [::]:443 ssl http2;
+    server_name api.example.org www.api.example.org;
+
+    # sites document root
+    root /var/www/api.example.org/html;
+    index index.html index.htm;
+
+    # SSL Config
+    ssl_certificate /etc/letsencrypt/live/api.example.org/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/api.example.org/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+    # Proxy Config
+    location / {
+        proxy_pass http://strapi;
+        proxy_http_version 1.1;
+        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Server $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header Host $http_host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "Upgrade";
+        proxy_pass_request_headers on;
+    }
+
+}
+
+```
+``` CTRL+X, then Y for Yes to save```
+
+### Symbolic Link to sites-enabled
+This creates a 'mirror' like reference to the sites-available folder. 
+
+```sudo ln -s /etc/nginx/sites-available/api.exampleorg /etc/nginx/sites-enabled/```
+
+#### Verify Symbolic Link 
+```ls /etc/nginx/sites-enabled/```
+
+## DNS Configuration
+We now point our domain to the server we are hosting our Strapi on. i.e. 123.123.1.1
+
+### Update DNS Settings
+Depending on your DNS provider or maybe you have your own Domain Name Server, we point our DNS settings for example.org to 123.123.1.1 as type A. I personally recommend Cloudflare.
+
+## Create SSL Certs
+We run the automated tool Certbot and create all the needed files and update our *api.example.org* configuration file. 
+
+### Run Certbot
+```sudo  certbot --nginx```
+```Choose api.example.org for the site to create certs. for.```
+```Choose option 1 to disable auto redirect HTTP traffic to HTTPS since we already redirected the traffic manually.```
+
+**Note** sudo certbot renew --dry-run will test for automatic renewal for your certs. [Certbot Insturctions]
+
+### Verify api.example.org Updated with Correct Domain
+```sudo nano /etc/nginx/sites-enabled/api.example.org```
+
+### Test Config & Restart Nginx
+```sudo nginx -t```
+```sudo systemctl restart nginx```
+
+## Firewall Configuration
+Allow public to connect via HTTPS, we need to open up ports 80 & 443 (HTTP & HTTPS).
+
+### Allow UFW Ports for Public Traffic
+```sudo ufw allow HTTPS```
+```sudo ufw allow HTTP```
+
+### Verify Status & Reload UFW
+```sudo ufw status```
+```sudo ufw reload```
+
+**Tip** sudo ufw allow 'Nginx Full' opens both port 80 & 443 (For SSL / TLS encryption).
+
+## Getting Started with Strapi
+Now, we must install Strapi 4.0 on the server and launch the Strapi server.
+
+### Strapi Default Installation
+Goto desired place to install Strapi project i.e. ~/development/my-strapi-project, then,
+```yarn create strapi-app my-project```
+
+**Note:** The default Strapi installation uses SQLite as the database. You are able to use other databases like PostgreSQL. See [Strapi Installation] for more details.
+
+### Launch Strapi Development Server
+```yarn develop```
+
+### Launch Strapi from Domain URL 
+```Goto: api.example.com via web browser of your choice```
+```Follow the instructions and continue creating a new Strapi administrator.```
+
+## References:
+[Nginx Strapi Configuration:](https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/deployment/optional-software/nginx-proxy.html#nginx-upstream)
+[Strapi Installation](https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/installation/cli.html#creating-a-strapi-project)
+[Nginx Server Blocks:](https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-server-blocks-virtual-hosts-on-ubuntu-16-04)
+[Install Yarn:](https://yarnpkg.com/getting-started/install)
+[Certbot Insturctions:](https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal)
+
+## Donations Are Welcome
+[Cash App](https://cash.app/$sharpeee)
+
+<script type="text/javascript" src="https://cdnjs.buymeacoffee.com/1.0.0/button.prod.min.js" data-name="bmc-button" data-slug="odinzu" data-color="#FFDD00" data-emoji="🍕" data-font="Cookie" data-text="Buy me a pizza" data-outline-color="#000000" data-font-color="#000000" data-coffee-color="#ffffff" ></script>