setup nginx with letsencrypt

# based on the digital ocean guides 
# This is for configuring nginx to proxy_pass to multiple backend servers 
# from a gateway server. 

# 1. install 
$ sudo apt update 
$ sudo apt install nginx 

# 2. adjust firewall 
$ sudo ufw allow 'Nginx Full'

# 3. check status and hit landing page 
$ systemctl status nginx 

## Configure server block 
# 4. make a sample page for testing (can be removed later) 
$ sudo mkdir -p /var/www/your-domain.com/html 
$ sudo chown -R $USER:$USER /var/www/your-domain.com/html 
$ sudo chmod -R 755 /var/www/your-domain.com 
--- make a sample index.html and place it /var/www/your-domain.com/html/index.html

# 5. create a server block -- /etc/nginx/sites-available/your-domain.com
# NOTE: Its a good idea to delete the default located in sites-available as well as its simlink in sites-enabled

server {
        listen 80;
        listen [::]:80;

        root /var/www/example.com/html;
        index index.html index.htm index.nginx-debian.html;

        server_name example.com www.example.com;

        location / {
                try_files $uri $uri/ =404;
        }
}

# 6. link this to sites enabled dir 
sudo ln -s /etc/nginx/sites-available/your-domain.com /etc/nginx/sites-enabled/ 

# 7. Uncomment server_names_hash_bucket_size 64; in /etc/nginx/nginx.conf 

# 8. Test 
sudo nginx -t 

# 9. Restart nginx 
sudo systemctl restart nginx 

# Get certbot and build the certificate
$ sudo add-apt-repository ppa:certbot/certbot 
$ sudo apt install python-certbot-nginx 
$ sudo certbot --nginx -d your-domain.com -d staging.your-domain.com 
 NOTE: setup redirect via certbot 

# check that certbot auto-renew is setup 
$ sudo certbot renew --dry-run 

# according to the docs the cron is setup in /etc/cron.d/certbot and will auto reload 
# nginx after attempting to reload certs