One place for hosting & domains

      How To Create a Self-Signed SSL Certificate for Nginx on Debian 9


      A previous version of this tutorial was written by Justin Ellingwood

      Introduction

      TLS, or transport layer security, and its predecessor SSL, which stands for secure sockets layer, are web protocols used to wrap normal traffic in a protected, encrypted wrapper.

      Using this technology, servers can send traffic safely between the server and clients without the possibility of the messages being intercepted by outside parties. The certificate system also assists users in verifying the identity of the sites that they are connecting with.

      In this guide, we will show you how to set up a self-signed SSL certificate for use with an Nginx web server on a Debian 9 server.

      Note: A self-signed certificate will encrypt communication between your server and any clients. However, because it is not signed by any of the trusted certificate authorities included with web browsers, users cannot use the certificate to validate the identity of your server automatically.

      A self-signed certificate may be appropriate if you do not have a domain name associated with your server and for instances where the encrypted web interface is not user-facing. If you do have a domain name, in many cases it is better to use a CA-signed certificate. To learn how to set up a free trusted certificate with the Let’s Encrypt project, consult How to Secure Nginx with Let’s Encrypt on Debian 9.

      Prerequisites

      Before you begin, you should have a non-root user configured with sudo privileges. You can learn how to set up such a user account by following our initial server setup for Debian 9.

      You will also need to have the Nginx web server installed. If you would like to install an entire LEMP (Linux, Nginx, MySQL, PHP) stack on your server, you can follow our guide on setting up LEMP on Debian 9.

      If you just want the Nginx web server, you can instead follow our guide on installing Nginx on Debian 9.

      When you have completed the prerequisites, continue below.

      Step 1 — Creating the SSL Certificate

      TLS/SSL works by using a combination of a public certificate and a private key. The SSL key is kept secret on the server. It is used to encrypt content sent to clients. The SSL certificate is publicly shared with anyone requesting the content. It can be used to decrypt the content signed by the associated SSL key.

      We can create a self-signed key and certificate pair with OpenSSL in a single command:

      • sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt

      You will be asked a series of questions. Before we go over that, let’s take a look at what is happening in the command we are issuing:

      • openssl: This is the basic command line tool for creating and managing OpenSSL certificates, keys, and other files.
      • req: This subcommand specifies that we want to use X.509 certificate signing request (CSR) management. The “X.509” is a public key infrastructure standard that SSL and TLS adheres to for its key and certificate management. We want to create a new X.509 cert, so we are using this subcommand.
      • -x509: This further modifies the previous subcommand by telling the utility that we want to make a self-signed certificate instead of generating a certificate signing request, as would normally happen.
      • -nodes: This tells OpenSSL to skip the option to secure our certificate with a passphrase. We need Nginx to be able to read the file, without user intervention, when the server starts up. A passphrase would prevent this from happening because we would have to enter it after every restart.
      • -days 365: This option sets the length of time that the certificate will be considered valid. We set it for one year here.
      • -newkey rsa:2048: This specifies that we want to generate a new certificate and a new key at the same time. We did not create the key that is required to sign the certificate in a previous step, so we need to create it along with the certificate. The rsa:2048 portion tells it to make an RSA key that is 2048 bits long.
      • -keyout: This line tells OpenSSL where to place the generated private key file that we are creating.
      • -out: This tells OpenSSL where to place the certificate that we are creating.

      As we stated above, these options will create both a key file and a certificate. We will be asked a few questions about our server in order to embed the information correctly in the certificate.

      Fill out the prompts appropriately. The most important line is the one that requests the Common Name (e.g. server FQDN or YOUR name). You need to enter the domain name associated with your server or, more likely, your server’s public IP address.

      The entirety of the prompts will look something like this:

      Output

      Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:New York Locality Name (eg, city) []:New York City Organization Name (eg, company) [Internet Widgits Pty Ltd]:Bouncy Castles, Inc. Organizational Unit Name (eg, section) []:Ministry of Water Slides Common Name (e.g. server FQDN or YOUR name) []:server_IP_address Email Address []:admin@your_domain.com

      Both of the files you created will be placed in the appropriate subdirectories of the /etc/ssl directory.

      While we are using OpenSSL, we should also create a strong Diffie-Hellman group, which is used in negotiating Perfect Forward Secrecy with clients.

      We can do this by typing:

      • sudo openssl dhparam -out /etc/nginx/dhparam.pem 4096

      This will take a while, but when it’s done you will have a strong DH group at /etc/nginx/dhparam.pem that we can use in our configuration.

      Step 2 — Configuring Nginx to Use SSL

      We have created our key and certificate files under the /etc/ssl directory. Now we just need to modify our Nginx configuration to take advantage of these.

      We will make a few adjustments to our configuration.

      1. We will create a configuration snippet containing our SSL key and certificate file locations.
      2. We will create a configuration snippet containing strong SSL settings that can be used with any certificates in the future.
      3. We will adjust our Nginx server blocks to handle SSL requests and use the two snippets above.

      This method of configuring Nginx will allow us to keep clean server blocks and put common configuration segments into reusable modules.

      Creating a Configuration Snippet Pointing to the SSL Key and Certificate

      First, let’s create a new Nginx configuration snippet in the /etc/nginx/snippets directory.

      To properly distinguish the purpose of this file, let’s call it self-signed.conf:

      • sudo nano /etc/nginx/snippets/self-signed.conf

      Within this file, we need to set the ssl_certificate directive to our certificate file and the ssl_certificate_key to the associated key. In our case, this will look like this:

      /etc/nginx/snippets/self-signed.conf

      ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
      ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
      

      When you’ve added those lines, save and close the file.

      Creating a Configuration Snippet with Strong Encryption Settings

      Next, we will create another snippet that will define some SSL settings. This will set Nginx up with a strong SSL cipher suite and enable some advanced features that will help keep our server secure.

      The parameters we will set can be reused in future Nginx configurations, so we will give the file a generic name:

      • sudo nano /etc/nginx/snippets/ssl-params.conf

      To set up Nginx SSL securely, we will be using the recommendations by Remy van Elst on the Cipherli.st site. This site is designed to provide easy-to-consume encryption settings for popular software.

      The suggested settings on the site linked to above offer strong security. Sometimes, this comes at the cost of greater client compatibility. If you need to support older clients, there is an alternative list that can be accessed by clicking the link on the page labelled “Yes, give me a ciphersuite that works with legacy / old software.” That list can be substituted for the items copied below.

      The choice of which config you use will depend largely on what you need to support. They both will provide great security.

      For our purposes, we can copy the provided settings in their entirety. We just need to make a few small modifications.

      First, we will add our preferred DNS resolver for upstream requests. We will use Google’s for this guide.

      Second, we will comment out the line that sets the strict transport security header. Before uncommenting this line, you should take take a moment to read up on HTTP Strict Transport Security, or HSTS, specifically about the “preload” functionality. Preloading HSTS provides increased security, but can have far reaching consequences if accidentally enabled or enabled incorrectly.

      Copy the following into your ssl-params.conf snippet file:

      /etc/nginx/snippets/ssl-params.conf

      ssl_protocols TLSv1.2;
      ssl_prefer_server_ciphers on;
      ssl_dhparam /etc/nginx/dhparam.pem;
      ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
      ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
      ssl_session_timeout  10m;
      ssl_session_cache shared:SSL:10m;
      ssl_session_tickets off; # Requires nginx >= 1.5.9
      ssl_stapling on; # Requires nginx >= 1.3.7
      ssl_stapling_verify on; # Requires nginx => 1.3.7
      resolver 8.8.8.8 8.8.4.4 valid=300s;
      resolver_timeout 5s;
      # Disable strict transport security for now. You can uncomment the following
      # line if you understand the implications.
      # add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
      add_header X-Frame-Options DENY;
      add_header X-Content-Type-Options nosniff;
      add_header X-XSS-Protection "1; mode=block";
      

      Because we are using a self-signed certificate, SSL stapling will not be used. Nginx will output a warning but continue to operate correctly.

      Save and close the file when you are finished.

      Adjusting the Nginx Configuration to Use SSL

      Now that we have our snippets, we can adjust our Nginx configuration to enable SSL.

      We will assume in this guide that you are using a custom server block configuration file in the /etc/nginx/sites-available directory. We will use /etc/nginx/sites-available/example.com for this example. Substitute your configuration filename as needed.

      Before we go any further, let’s back up our current configuration file:

      • sudo cp /etc/nginx/sites-available/example.com /etc/nginx/sites-available/example.com.bak

      Now, open the configuration file to make adjustments:

      • sudo nano /etc/nginx/sites-available/example.com

      Inside, your server block probably begins similar to this:

      /etc/nginx/sites-available/example.com

      server {
          listen 80;
          listen [::]:80;
      
          server_name example.com www.example.com;
      
          root /var/www/example.com/html;
          index index.html index.htm index.nginx-debian.html;
      
          . . .
      }
      

      Your file may be in a different order, and instead of the root and index directives you may have some location, proxy_pass, or other custom configuration statements. This is ok, as we only need to update the listen directives and include our SSL snippets. We will be modifying this existing server block to serve SSL traffic on port 443, then create a new server block to respond on port 80 and automatically redirect traffic to port 443.

      Note: We will use a 302 redirect until we have verified that everything is working properly. Afterwards, we can change this to a permanent 301 redirect.

      In your existing configuration file, update the two listen statements to use port 443 and SSL, then include the two snippet files we created in previous steps:

      /etc/nginx/sites-available/example.com

      server {
          listen 443 ssl;
          listen [::]:443 ssl;
          include snippets/self-signed.conf;
          include snippets/ssl-params.conf;
      
          server_name example.com www.example.com;
      
          root /var/www/example.com/html;
          index index.html index.htm index.nginx-debian.html;
      
          . . .
      }
      

      Next, paste a second server block into the configuration file, after the closing bracket (}) of the first block:

      /etc/nginx/sites-available/example.com

      . . .
      server {
          listen 80;
          listen [::]:80;
      
          server_name example.com www.example.com;
      
          return 302 https://$server_name$request_uri;
      }
      

      This is a bare-bones configuration that listens on port 80 and performs the redirect to HTTPS. Save and close the file when you are finished editing it.

      Step 3 — Adjusting the Firewall

      If you have the ufw firewall enabled, as recommended by the prerequisite guides, you’ll need to adjust the settings to allow for SSL traffic. Luckily, Nginx registers a few profiles with ufw upon installation.

      We can see the available profiles by typing:

      You should see a list like this:

      Output

      Available applications: . . . Nginx Full Nginx HTTP Nginx HTTPS . . .

      You can see the current setting by typing:

      It will probably look like this, meaning that only HTTP traffic is allowed to the web server:

      Output

      Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere Nginx HTTP ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6) Nginx HTTP (v6) ALLOW Anywhere (v6)

      To additionally let in HTTPS traffic, we can allow the "Nginx Full" profile and then delete the redundant "Nginx HTTP" profile allowance:

      • sudo ufw allow 'Nginx Full'
      • sudo ufw delete allow 'Nginx HTTP'

      Your status should look like this now:

      Output

      Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere Nginx Full ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6) Nginx Full (v6) ALLOW Anywhere (v6)

      Step 4 — Enabling the Changes in Nginx

      Now that we've made our changes and adjusted our firewall, we can restart Nginx to implement our new changes.

      First, we should check to make sure that there are no syntax errors in our files. We can do this by typing:

      If everything is successful, you will get a result that looks like this:

      Output

      nginx: [warn] "ssl_stapling" ignored, issuer certificate not found nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful

      Notice the warning in the beginning. As noted earlier, this particular setting throws a warning since our self-signed certificate can't use SSL stapling. This is expected and our server can still encrypt connections correctly.

      If your output matches the above, your configuration file has no syntax errors. We can safely restart Nginx to implement our changes:

      • sudo systemctl restart nginx

      Step 5 — Testing Encryption

      Now, we're ready to test our SSL server.

      Open your web browser and type https:// followed by your server's domain name or IP into the address bar:

      https://server_domain_or_IP
      

      Because the certificate we created isn't signed by one of your browser's trusted certificate authorities, you will likely see a scary looking warning like the one below (the following appears when using Google Chrome) :

      Nginx self-signed cert warning

      This is expected and normal. We are only interested in the encryption aspect of our certificate, not the third party validation of our host's authenticity. Click "ADVANCED" and then the link provided to proceed to your host anyways:

      Nginx self-signed override

      You should be taken to your site. If you look in the browser address bar, you will see a lock with an "x" over it. In this case, this just means that the certificate cannot be validated. It is still encrypting your connection.

      If you configured Nginx with two server blocks, automatically redirecting HTTP content to HTTPS, you can also check whether the redirect functions correctly:

      http://server_domain_or_IP
      

      If this results in the same icon, this means that your redirect worked correctly.

      Step 6 — Changing to a Permanent Redirect

      If your redirect worked correctly and you are sure you want to allow only encrypted traffic, you should modify the Nginx configuration to make the redirect permanent.

      Open your server block configuration file again:

      • sudo nano /etc/nginx/sites-available/example.com

      Find the return 302 and change it to return 301:

      /etc/nginx/sites-available/example.com

          return 301 https://$server_name$request_uri;
      

      Save and close the file.

      Check your configuration for syntax errors:

      When you're ready, restart Nginx to make the redirect permanent:

      • sudo systemctl restart nginx

      Conclusion

      You have configured your Nginx server to use strong encryption for client connections. This will allow you serve requests securely, and will prevent outside parties from reading your traffic.



      Source link

      Kickstart your block with TMDHosting


      We have got the complete toolkit to help you start your Blog or website in no time.

      Speed – All new webhosting accounts are hosted on high performance SSD (Solid State Drive) servers. SSD is the latest invention in the field of data storing, which will make your blog perform incredibly fast.

      Support – Our expert technical support is available day and night to assist you with any questions and queries you might have, including Installation of applications, templates, plugins and addons, website and application upgrades, and many more.

      Backups- We know how important your blog is for you and your business. In order to prevent data loss, we are creating regular backups of all the information on your blog. We use an advanced SAN technology to keep the copy of your website stored on a remote location.

      Security – Your website security is our top priority. We have combined a variety of security tools for a complete website protection. We have designed our own firewall , which in combination with the free spam protection by the industry leading brand “SpamExperts” and our free backups, makes your website practically inaccessible by hackers and spammers.

      Design: To make things even better for you and provide you with the ultimate hosting experience, we have created official trusted partnership with some of the most popular open source applications. PrestaShop, Social Engine, Boonex Dolphin, OpenCart, and Concrete5 are only a few to name. Recently, we became partners with Weebly – a web based service that allows you to create a fully-functional website by using its drag-and-drop feature.

      Price – The most important factor that concerns the new bloggers is the price. At TMDHosting we have done the impossible to squeeze the price of our basic hosting package. Now you can start your blog only for $2.85/mo.

      We make the whole process of setting up and running your blog pretty easy.

      There are 3 easy steps you should take to start your blog with TMDHosting.

      Step 1. Find 10 minutes of free time. That is all the time you need in order to start being a successful blogger with TMDHosting.

      Step 2. Think of a good domain name – The domain name is crucial because it contains the keywords your visitors will search you by.

      Step 3. Design your blog – The beauty of the self-hosted blog is that you could choose what content management system works best for you. Ask our technical support which one will fit your blog content. They will not only make a recommendation but will also install the application on your website free of charge.They could also install an awesome theme that will highlight the topic of your blog.
      Once you have completed these steps you will be ready to develop your professional blog and watch it grow and gather more and more visitors and followers.



      Source link

      10 Easy Social Media Tips for Your Hard-Working Small Business


      Whether you sell routers, pillows, shared web hosting, or car washes, your customers — and potential customers — are on social media. Not only do you need to be there too, but you also need to be there in the right way.

      Jumping into the world of likes, snaps, pins, and tweets can feel overwhelming. But if you know the basics, you can build a social media brand that supports your company the same way a loyal employee does. Follow these 10 rules as you start this journey.  

      1. Limit Your Platforms

      From Twitter to Snapchat, there are a lot of social media sites and apps out there that everyone seems to be using — plus another dozen you’ve probably never used or even heard of. However, being active on social media doesn’t have to mean using every social media platform there is. Choose just two or three and learn to use them expertly, rather than floundering your way through them all.

      To determine which two or three to pick, figure out where your business’ audience already is. One way to find out is by surveying your mailing list. You can also check Google Analytics to see which social media sites most readers use to find your website by looking under Acquisitions → Social. A third way would be to watch where your competitors and other influencers in your niche spend their digital free time.

      Once you’ve narrowed down your social media targets, it’ll be a lot easier to focus on offering quality content for your audience. (Plus, since you’ve only got a few places in which to learn the ropes, you won’t have to worry as much about making embarrassing social media snafus! Not that you ever would. We believe in you.)

      2. Plan Everything

      Although many people are attached to their phones, they are hesitant to actually use them for calling a stranger. Nowadays it’s much easier, often preferable, to post a question to a company page or feed. And if your company is too slow to respond, it will most definitely make you look bad.

      Social media, however, can suck up a lot of time for busy small business owners. That’s why we recommend picking one day a week to schedule all of your posts in advance and then checking in daily to review comments and answer questions. Schedulers like Hootsuite, Buffer and Sprout Social all allow you to sync multiple social media accounts and plan your posts in advance. You could also use If This Then That to apply a rule. (For example, “If I add a new item to my Etsy shop, automatically post a photo of it on my Instagram.”)

      Also strategically choose when you’re going to post. Morning is better because then you’re on the clock when questions and comments come in — as opposed to when you’re driving home in the evening.

      3. Curate Content

      Scheduling a week’s worth of social media in advance might seem daunting if you’re worried about where all that content is going to come from. But you don’t have to do it alone.

      Chances are you already see a lot of share-worthy content online that is extremely relevant to your business. For example, if you run a grocery for people with food allergies, you probably read a lot of articles about food and health in the news. Perhaps you’ve read relevant blog posts from chefs or health advocates. These types of content may come from other people, but as long as you give credit where it’s due, there’s no reason you can’t share these links.

      Sharing other people’s work isn’t just a useful way to provide content to your audience — it’s also just a nice thing to do. When you promote other people’s work (with attribution) on your social media accounts, it’s likely they’ll notice and perhaps even return the favor. Get into the habit of bookmarking helpful missives from other people so you can schedule them into posts.

      4. Be Pretty

      Taking Picture

      Gone are the days in which you can use boring or low-quality pictures. People expect professional businesses — even small ones — to have a social media image to match.

      While a slightly blurry photo may slide on Snapchat, that same picture will not translate well on Facebook viewed on a desktop, and it can subtly damage your reputation.

      A couple of options: watch tutorials on how to take good shots with your smartphone. Or track down someone with a nice camera who can spend a few hours taking pictures of your office, candids of your employees, and stylized products.

      If you decide to DIY, take multiple shots, pay attention to lighting (natural light is usually best), use the rule of thirds, and remember that a picture is worth a thousand words.

      5. Write Killer Captions

      As important as it is to have good images, a strong caption will take your photo to the next level. Review the following tips for making your captions captivating.

      Tell a Little Story

      You could introduce your new sales manager with a simple “Here is so-and-so” or you could share her experience selling Girl Scout cookies. Which one would make a lasting impression? Cookies. Always.

      Watch out for Repetitive Info

      You don’t have much space to capture readers’ attention, so carefully choose your words. Use the “location” tool if available so you don’t have to repeat that info. Avoid using the same word twice and be succinct.

      Always Proofread

      Reading your captions slowly and out loud will catch a lot of embarrassing typos. You’re just one “s” away from turning “assess” into a social media blunder.

      Avoid Clichés

      “And they’re off!” “We had so much fun today!” “We’re over the moon.” If you don’t see these phrases on social media posts every day, you’re not on it enough. Just kidding. But start to think of using clichés like filing your taxes — an annual event.

      Captions Just Want to Have Pun

      See what happened there? While you generally want to avoid clichés, you do have permission to take one, tweak it to make it relevant, and voila: you’ve just entered a whole new level of caption writing. Use this site to find the idiom that’s right for you.

      Run Captions by Someone Else

      Something that’s funny to one person could be offensive to another. And when social blunders happen online, people take note.

      Quality Is Way Better Than Quantity

      If you’re showing up too often in people’s feeds, you’ll look too eager and possibly annoying. Composing thoughtful posts or tweets twice a week will fare better than hastily sharing two every day.

      6. Harness Hashtags

      Who would have guessed that the symbol formerly known as the pound sign would have a mid-life crisis and rebrand itself as a hashtag?

      These little guys are A-list characters now, and using them correctly can help your business reach a wider audience. Obsessed with the venture capital world? Search for #VC on Twitter, for example, and you will find hundreds of thousands of posts to peruse — and lots of infographics too. Instagram now lets users follow hashtags specifically instead of individual accounts.

      Using popular hashtags for your field can help potential customers find you, but, like anything that should seem simple, there are a few dos and don’ts for this catchy form of communication.

      Do:

      • Use popular hashtags to garner a broader interest. Instagram, for example, quantifies how many others are using a particular hashtag  (Search function > tag tab). Say you’re in the business of selling bow ties. The most-popular hashtags are #bowtie, followed obviously by #bowties. Scroll down, and #bowtiesarecool, #bowtietuesday, and #bowtieready are other top options. Using all these hashtags will help you reach people who are obsessed with this form of neckwear. 
      • Include your company’s name and nickname in your hashtag list.
      • Jump on the #TBT bandwagon. #TBT, also known as Throwback Thursday, has more than 413 million TBT hashtags on Instagram. Read this article for more marketing tips related to this retro movement.
      • Try using hashtags to make people smile. If you’re selling socks, try something like #nostinkyfeet or #happyfeet.

      Don’t:

      • Use too many. Unless someone is really patient — or married to an employee — he or she won’t read through a long list of hashtags. Put the most relevant ones at the beginning and the funniest ones at the end, the two places people are most likely to read.
      • Create long hashtags. Since they are harder to read without spaces, limit them to four words.
      • Use hashtags that beg for bots to follow you. Remember that quantity is nice, but real, live people are best. And begging for followers is not professional. Avoid hashtags like #followme, #like4like, or anything else that could be considered pandering. 
      • Forget to proofread. Some words without spaces can be read different ways.

      7. Know — and Engage — your Audience

      Figuring out your demographic is an important step as you understand your audience. The more specific details you know about your customers, the more effective your social media messages will be. An easy way to start is to review the questions and exercises presented here.

      Another tip is to build suspense. Got a new product coming out soon? Tease it a few times before you introduce it at a specific time on your accounts. If your company is hosting a conference, highlight individual presenters via social media the weeks before registration goes live.

      You could also try hosting a contest or a giveaway. We all love the idea of getting something for nothing. One popular contest strategy is to give people extra entries in exchange for tagging a friend, who may end up following you. Check out a few more tips here.

      Instagram App on Phone

      Be sure to take advantage of the polls functions on Instagram and Facebook. They offer quick and painless ways to get into the minds of your customers. Or flat out ask a question in one of your posts. If you haven’t noticed by now, people are more than willing to share their opinions online.

      You can also get help from your fans. Gently encourage the people who already love your business to make it a point of discussion on social media. The easiest way to do this is to make your website effortlessly shareable. You can use the Social Bookmarks or Shareaholic plugin for WordPress to add one-click share buttons for a variety of different social media sites to each post and page. Since images improve shares, you can also use a plugin like WP Facebook Open Graph Protocol to ensure that your posts automatically include a featured image when posted on Facebook.

      8. Keep a Social Eye on Competitors

      Imitation is the sincerest form of flattery, right? Obviously, copying everything your competition is posting is bad business. But looking at other accounts can also spark creativity. (And in reality, there isn’t a ton of originality on social media anymore, just everyone doing the same thing a little differently.)

      Ask yourself these things about your competitors — and other top brands on social media. What hashtags are they using? What kinds of posts are generating lots of comments or shares? What pins are getting lots of saves?  

      You can also look at the people who are interacting the most with your competitors — and follow those people too. If they are taking the time to converse about the field, there’s a good chance they will engage with you too.

      Beyond social media stalking, you could even try following or liking your competitors’ posts. Just because they’re rivals doesn’t mean you can’t be friends. Who knows? They may even like you back.

      9. Show Personality

      If you make people snooze, you’re going to lose — followers. Brainstorm with key people to conceptualize the image you want to present, but keep in mind that social media is all about fun. It’s an escape for people, and you want to be subtle as you promote your company — and even post things that aren’t self-serving.

      To get your creative juices flowing, consider these ideas and read the success stories of some other bigger businesses.

      Highlight Your Employees

      That guy who wears flip-flops year round? The woman who brings in a new scented candle each month for her desk? Share their stories, and you’ve got an opportunity to connect with followers.

      Showcase Your Customers

      Same idea here. Who was your first customer? Who was your last? Who’s your youngest? Who comes to your store every day at 2:15? It doesn’t have to be super unique — it just has to make people smile. Then, as people start posting and tagging your company, you can share their posts (assuming they’re positive and have high-quality images), and you’ve just scored some extra content in minimal time.

      Use Holidays to Your Advantage

      You know the main ones: Halloween, April Fools, Christmas, etc., etc. But then there are hundreds of other, slightly unofficial holidays that people go crazy for, like Star Wars Day (May 4), National French Fry Day (July 13 this year), and there’s even a Programmers Day (September 13 this year). Use this list and start brainstorming how you can use these “hashtag holidays” to influence your social media accounts. Don’t forget to tag these posts with the correct holiday name to reach a wider audience.

      Share Inspirational Quotes or Fun Facts

      Creating a simply-designed quote or a meme is another way to connect with your audience. Sending out happy vibes is always a good idea, just make sure you’re sourcing the right person and sharing accurate stats.  

      10. Product Promotions

      Always Link Up

      The product you’re touting needs to be a tap or a click away or else people will lose interest quickly. Including links on some social media platforms can be a little trickier than others. Instagram, for example, relegates links to bios and stories, and Snapchat has only recently allowed clickable URLs. But the extra seconds that it takes will pay off in the long run.

      Offer Discounts

      Who isn’t hunting for a good deal nowadays? Sharing discount codes or free shipping for followers will keep them bonded to your business. Forbes reported that 72 percent of Millennials search for a coupon before making an online purchase. Another survey said 71 percent of consumers follow specific brands on social media with the purpose of getting coupons.

      Connect with Influencers

      Influencers — the lifestyle accounts with large social media circles — live up to their title, and most thrive off of collaborations too. By connecting with an influencer and offering a free product in exchange for social media promotion, you’ll not only get a personal endorsement (the marketing equivalent of gold), but you’ll also get a potential new audience from their followers. Here are more details on what to expect if you dabble in influencer marketing.

      Purchase Ads

      We know, we know. We’ve spent the last 2,000+ words talking about how you can do this yourself. But hear it out. A lot of these social media platforms can figure out who might be a potential follower/customer/friend based on things like bios, web and app usage, and other algorithms. (If you’re really interested, read this article on some ways Facebook collects data on its users — fascinating and a little creepy too.)

      If you’re serious about taking this to the next level — and especially if your target audience is on the younger side — then spending money on social media ads can help. Chances are these ads will go much further than any email newsletter will.

      Although social media is used all over the world, it doesn’t mean you have to have deep pockets to jump into the game. The ads can be targeted, and these platforms offer a variety of pricing options. Check out this detailed social media advertising guide — broken down by platform — complete with steps on how to buy and create your ads.

      So now you’re armed and ready with enough information to make your head spin. But just remember: social media is an escape for most people. Enjoy the creative outlet and the ability to connect with your customers in a whole new way. There will be a little rush when you get that first retweet, guaranteed.





      Source link