Introduction
In the modern web development world, managing multiple websites on a single server is no longer uncommon. Whether you’re a developer needing a staging environment, a freelancer managing client projects, or a small business requiring hosting for multiple services, this need is very common. Along with this comes the demand for stable performance and robust security. HTTPS is no longer an option today but a mandatory standard.
I’ve been using Fedora as my primary development machine for two years and am quite satisfied with its package update speed. Therefore, when I need to deploy a simple yet effective web server environment, Fedora is always my first choice. This article will detail how I configured Nginx as a web server and integrated Let’s Encrypt to provide free SSL/TLS certificates on Fedora, helping you host multiple websites securely and optimally.
Comparing Popular Web Server Approaches
When it comes to web servers, a few names always come up: Apache, Nginx, and more recently, Caddy. Each tool has its own design philosophy and advantages, suitable for different use cases:
- Apache HTTP Server + Certbot: This is a classic combination. Apache is one of the oldest and most popular web servers, with a huge module ecosystem. Integrating SSL certificates from Let’s Encrypt via Certbot is also very straightforward.
- Nginx + Certbot: Nginx emerged later but quickly gained market share due to its high-performance architecture, excelling particularly in serving static files, load balancing, and acting as a reverse proxy. Combining Nginx with Certbot for HTTPS has also become a standard procedure.
- Caddy Server: Caddy is a relatively new but very powerful web server, designed with simplicity and security as top priorities. Caddy’s most notable feature is its ability to automatically issue and renew SSL/TLS certificates from Let’s Encrypt or ZeroSSL as soon as you configure a domain, without needing any separate Certbot setup steps.
Pros and Cons Analysis
-
Apache HTTP Server
- Pros: Very stable, large community support, extensive documentation, rich modules, flexible configuration via file
.htaccess. - Cons: Can consume more resources than Nginx, especially when handling a large number of concurrent connections. Its process-based architecture might not be as optimized as Nginx’s event-driven architecture.
- Pros: Very stable, large community support, extensive documentation, rich modules, flexible configuration via file
-
Nginx
- Pros: High performance, lightweight, very efficient at serving static files and acting as a reverse proxy. Uses fewer system resources than Apache. Its event-driven architecture handles a large number of concurrent connections better.
- Cons: Configuration can be slightly more complex than Apache for beginners, especially when dealing with dynamic web applications (although Nginx is often used in conjunction with PHP-FPM, Gunicorn, uWSGI…).
-
Caddy Server
- Pros: Extremely simple configuration, automatic HTTPS, easy to use for small projects or when you want to save maximum time.
- Cons: Community and module ecosystem are not as large as Apache or Nginx. May lack some advanced features or flexibility required for complex enterprise environments.
The Right Choice: Nginx on Fedora
After careful consideration, I find that Nginx on Fedora is the optimal combination for hosting multiple small to medium-sized websites, requiring good performance and high security without excessive complexity.
Fedora, with its rapid package update speed, ensures that I always have the latest versions of Nginx and Certbot, taking advantage of performance and security improvements. Nginx is powerful enough to handle websites with moderate traffic, and while its configuration might initially differ from Apache, once familiar, it becomes very clear and streamlined.
Detailed Deployment Guide
1. Preparing the Fedora System
First, ensure your Fedora system is updated and necessary tools are installed.
Updating the System:
sudo dnf update -y
sudo dnf upgrade -yInstalling Nginx:
sudo dnf install nginx -yEnabling and Starting Nginx:
sudo systemctl enable --now nginxTo check Nginx status:
sudo systemctl status nginxConfiguring FirewallD: Open HTTP (80) and HTTPS (443) ports for Nginx to operate.
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reloadRegarding SELinux: Fedora has SELinux enabled by default, which is a very important security feature. In most cases, Nginx on Fedora already has appropriate SELinux policies. However, if you encounter file access permission errors, recheck. I have an article on SELinux configuration; you can refer to it if you need customization.
2. Configuring Nginx for Multiple Websites (HTTP)
Nginx uses the concept of “server blocks” (similar to Apache’s virtual hosts) to define configurations for each website. I will create separate directories for each website and their corresponding configuration files.
Creating root directories for websites:
sudo mkdir -p /var/www/site1.com/html
sudo mkdir -p /var/www/site2.com/htmlGrant appropriate permissions (for example, for the Nginx user to read and execute, and for your user to write):
sudo chown -R $USER:$USER /var/www/site1.com/html
sudo chown -R $USER:$USER /var/www/site2.com/html
sudo chmod -R 755 /var/wwwCreate a simple index.html file in each directory for testing:
echo "<h1>Welcome to Site 1!</h1>" | sudo tee /var/www/site1.com/html/index.html
echo "<h1>Welcome to Site 2!</h1>" | sudo tee /var/www/site2.com/html/index.htmlCreating Nginx configuration files for each website:
I will create separate .conf files in the /etc/nginx/conf.d/ directory. Nginx will automatically load these files.
File /etc/nginx/conf.d/site1.com.conf:
server {
listen 80;
listen [::]:80;
server_name site1.com www.site1.com;
root /var/www/site1.com/html;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
}
File /etc/nginx/conf.d/site2.com.conf:
server {
listen 80;
listen [::]:80;
server_name site2.com www.site2.com;
root /var/www/site2.com/html;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
}
Test and restart Nginx:
sudo nginx -t
sudo systemctl reload nginxAt this point, if you access http://site1.com and http://site2.com (ensure DNS points to your server’s IP or you have configured /etc/hosts on your local machine), you will see the content of each website.
3. Installing Certbot and Obtaining Let’s Encrypt Certificates
Certbot is the official tool from Let’s Encrypt to automate certificate issuance and renewal. Fedora provides a conveniently integrated Certbot package with Nginx.
Installing Certbot and the Nginx plugin:
sudo dnf install certbot python3-certbot-nginx -yRunning Certbot to obtain and configure certificates:
sudo certbot --nginx -d site1.com -d www.site1.com -d site2.com -d www.site2.comCertbot will ask you for some information:
- An email address for urgent notifications and renewals.
- Agreement to the Terms of Service.
- Whether you want to share your email address with the EFF (Electronic Frontier Foundation) (optional).
- Most importantly, Certbot will ask if you want to automatically redirect HTTP to HTTPS. I recommend choosing this option to ensure all traffic is secure.
Once completed, Certbot will automatically modify your Nginx configuration files to add the necessary directives for HTTPS and SSL.
4. Optimizing Nginx Configuration with HTTPS
Certbot typically does an excellent job of automatically configuring HTTPS. After running Certbot, you can review the configuration files in /etc/nginx/conf.d/. They will look similar to this (e.g., for site1.com.conf):
server {
listen 80;
listen [::]:80;
server_name site1.com www.site1.com;
# Redirect HTTP to HTTPS
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name site1.com www.site1.com;
root /var/www/site1.com/html;
index index.html index.htm;
ssl_certificate /etc/letsencrypt/live/site1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site1.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
try_files $uri $uri/ =404;
}
}
You can see a new server block for port 443 (HTTPS) with ssl_certificate and ssl_certificate_key lines pointing to the Let’s Encrypt certificate files. Additionally, the server block for port 80 (HTTP) has been configured to redirect to HTTPS.
Test and restart Nginx again:
sudo nginx -t
sudo systemctl reload nginx5. Automatic Certificate Renewal
Let’s Encrypt certificates are only valid for 90 days. To ensure your website remains uninterrupted, you need to set up automatic renewal. Certbot automatically creates a systemd timer to handle this.
You can check if this timer has been installed:
systemctl list-timers | grep certbotIf you see a result similar to certbot.timer, it means it has been successfully installed. Certbot will automatically run the certbot renew command periodically (usually twice a day). This command will check which certificates are about to expire and renew them if necessary.
You can test the renewal process without actually changing certificates using the command:
sudo certbot renew --dry-run6. Verification and Validation
After completing the configuration, verification is crucial.
- Access websites: Open your browser and visit
https://site1.comandhttps://site2.com. You should see a green padlock icon, confirming the connection is secure. - Check SSL quality: Use the SSL Labs Server Test tool. Enter your domain name, and this tool will analyze your SSL configuration in detail, providing a score (usually A or A+ if everything is configured correctly).
Conclusion
Configuring Nginx and Let’s Encrypt on Fedora to host multiple websites has now become easier and more efficient than ever. From my personal experience, this combination provides a powerful, secure, and easy-to-manage web server platform, leveraging Nginx’s performance advantages and Fedora’s rapid update capabilities. I hope this article has given you enough knowledge and confidence to deploy your own websites on a solid Fedora foundation.
