Skip to content

Setting Up HTTPS with Revers Proxy on Ubuntu from clean server with only AMP installed

Larkum edited this page Sep 24, 2019 · 1 revision

This tutorial is a work In Progress

With thanks to Dries Dokter who laid the foundations for this tutorial.

To start I am sorry but I am writing this in a way that guides people in assuming they have only a basic knowladge of linux, there are a few things I am going to assume, you have installed AMP and there for know how to accesss your servers command line and file system.

To continue, you need a domain name pointing at to your server;

  • First you need to register domain name, I use 123-reg and https://godaddy.com
  • secound you need to setup DNS record to point to your server, if you have a static IP address you can setup with most domain registrar, alternitvly you can setup a dynamic ip service such as no-ip.

Assuming you have your domain name setup with it pointing at your server, I will continue assuming your domain address is 'example.com' and ip address in 12.34.56.78.

First we are going to install NGINX

This tutorial is based on Ubuntu, if you are running on a different version of Linux, please see HERE

Installing a Prebuilt Ubuntu Package from an Ubuntu Repository

-- Referance; this part of the tutorial is taken from NGINX, installing NGINX Open Source

  1. Update the Ubuntu repository information: $ sudo apt-get update

  2. Install the NGINX package: sudo apt-get install nginx

  3. Verify the installation: sudo nginx -v

  • nginx version: nginx/1.4.6 (Ubuntu)

Download and Install the Let’s Encrypt Client

--Referance; this part of the tutorial is taken from Using Free Let’s Encrypt SSL/TLS Certificates with NGINX

First, download the Let’s Encrypt client, certbot:

  1. Create the certbot repository: $ add-apt-repository ppa:certbot/certbot

  2. Install certbot: $ apt-get update $ apt-get install python-certbot-nginx

The Let’s Encrypt client is now ready to use.

Set Up NGINX

--Referance; this part of the tutorial is taken from Using Free Let’s Encrypt SSL/TLS Certificates with NGINX

certbot can automatically configure NGINX for SSL/TLS. It looks for and modifies the server block in your NGINX configuration that contains a server_name directive with the domain name you’re requesting a certificate for. In our example, the domain is example.com.

  1. Assuming you’re starting with a fresh NGINX install, use a text editor to create a file in the /etc/nginx/conf.d directory named domain‑name.conf (so in our example, example.com.conf).

sudo nano /etc/nginx/conf.d/example.com.conf

  1. Specify your domain name (and variants, if any) with the server_name directive: server { listen 80 default_server; listen [::]:80 default_server; root /var/www/html; server_name example.com; }

  2. Save the file, then run this command to verify the syntax of your configuration and restart NGINX:

$ nginx -t && nginx -s reload

Obtain the SSL/TLS Certificate

--Referance; this part of the tutorial is taken from Using Free Let’s Encrypt SSL/TLS Certificates with NGINX

The NGINX plug‑in for certbot takes care of reconfiguring NGINX and reloading its configuration whenever necessary.

  1. Run the following command to generate certificates with the NGINX plug‑in: $ sudo certbot --nginx -d example.com -d www.example.com

  2. Respond to prompts from certbot to configure your HTTPS settings, which involves entering your email address and agreeing to the Let’s Encrypt terms of service.

When certificate generation completes, NGINX reloads with the new settings. certbot generates a message indicating that certificate generation was successful and specifying the location of the certificate on your server.

Congratulations! You have successfully enabled https://example.com


IMPORTANT NOTES:

Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/example.com//privkey.pem Your cert will expire on 2017-12-12.

Note: Let’s Encrypt certificates expire after 90 days (on 2017-12-12 in the example). For information about automatically renenwing certificates, see Automatic Renewal of Let’s Encrypt Certificates below.

If you look at domain‑name.conf, you see that certbot has modified it:

`server { listen 80 default_server; listen [::]:80 default_server; root /var/www/html; server_name example.com www.example.com;

listen 443 ssl; # managed by Certbot

# RSA certificate
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot

include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

# Redirect non-https traffic to https
if ($scheme != "https") {
    return 301 https://$host$request_uri;
} # managed by Certbot

}`

Automatically Renew Let’s Encrypt Certificates

--Referance; this part of the tutorial is taken from Using Free Let’s Encrypt SSL/TLS Certificates with NGINX

Let’s Encrypt certificates expire after 90 days. We encourage you to renew your certificates automatically. Here we add a cron job to an existing crontab file to do this.

  1. Open the crontab file. $ crontab -e Note. if this is the first time accessing 'crontab' you will be required to select a defalt editor, I personaly use 'nano'

2.Add the certbot command to run daily. In this example, we run the command every day at noon. The command checks to see if the certificate on the server will expire within the next 30 days, and renews it if so. The --quiet directive tells certbot not to generate output.

0 12 * * * /usr/bin/certbot renew --quiet

  1. Save and close the file. All installed certificates will be automatically renewed and reloaded.

Recap

So far we have NGINX running with a web server and its corisponding SSL/TLS certificates.

Setup Reverse Proxy

-- Referance; Expanded from Dries Dokter entry HERE

You can’t perform that action at this time.