DigitialOcean: First Web Host

Here I contineu to setup SSL certificates for all sites on my web host


UFW, or Uncomplicated Firewall, is a front-end to iptables. Its main goal is to make managing your firewall drop-dead simple and to provide an easy-to-use interface.


DO NOT enable UFW without reading through the instructions

Enable IP V6

  • Open the UFW configuration with vi:

    sudo vi /etc/default/ufw
  • Make sure “IPV6” is set to “yes”, like so:


Set default rules

sudo ufw deny incoming
sudo ufw allow outgoing

Allow SSH / OpenSSH

  • Check app list & enable OpenSSH

    # List applications
    sudo ufw app list
    # Allow SSH
    sudo ufw allow OpenSSH
  • Directly allow port 22 or other SSH port, e.g. 2222

    sudo ufw allow 22 

Enable UFW

sudo ufw enable
sudo ufw sattus verbose


Install Nginx

sudo apt install ngix


# show applications 
sudo ufw app list

# Allow Nginx 
sudo ufw allow 'Nginx Full'
sudo ufw reload

Build Web Host Block

Create the Directory Structure

  • The document root is the directory where the website files for a domain name are stored and served in response to requests. You can set the document root to any location you want.

  • Basically, we will create a separate directory for each domain we want to host on our server inside the /var/www directory, which will store the domain website files.

    ├── domain-one.com
    │   └── index.html
  • Create the root directory domain-one.com:

    sudo mkdir -p /var/www/domain-one.com
  • Create an index.html file inside the domain’s root directory.

    sudo touch /var/www/domain-one.com/index.html
  • Copy following content to the file: /var/www/domain-one.com/index.html

    <!DOCTYPE html>
    <html lang="en" dir="ltr">
    <meta charset="utf-8">
    <title>domain-one.com </title>
            `<h1>Welecome to domain-one.com  
                 ${new Date().toLocaleString()} 
  • To avoid any permission issues, change the ownership of the domain document root directory to the Nginx user (www-data):

    sudo chown -R www-data: /var/www/domain-one.com

Create a Server Block

By default on Ubuntu systems, Nginx server blocks configuration files are stored in /etc/nginx/sites-available directory, which are enabled through symbolic links to the /etc/nginx/sites-enabled/ directory.

Open your editor of choice and create the following server block file: /etc/nginx/sites-available/domain-one.com

server {
    listen 80;
    listen [::]:80;

    root /var/www/domain-one.com;

    index index.html;

    server_name domain-one.com www.domain-one.com;

    access_log /var/log/nginx/domain-one.com.access.log;
    error_log /var/log/nginx/domain-one.com.error.log;

    location / {
        try_files $uri $uri/ =404;
  • To enable the new server block file, create a symbolic link from the file to the sites-enabled directory, which is read by Nginx during startup:

    sudo ln -s /etc/nginx/sites-available/domain-one.com /etc/nginx/sites-enabled/
  • Test the Nginx configuration for correct syntax:

    sudo nginx -t
    # If there are no errors, the output will look like this:
    # nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
    # nginx: configuration file /etc/nginx/nginx.conf test is successful
  • Restart the Nginx service for the changes to take effect

    sudo systemctl restart nginx

Disable Default Nginx site

  • Chanage the default site configuration as below.

    server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
    deny all;
    return 444;


  • Next steg is to setup Les’s Encrpyt.