Let’s Encrypt

Requirements

Sudo

Installation

sudo pkg install py35-certbot

Configuration

sudo certbot certonly --noninteractive --email mvoortman@pointpark.edu --agree-tos \
                      --webroot --webroot-path /home/mvoortman/www \
                      --domain mvoortman.it.pointpark.edu

You have to replace all the usernames with your own.

Make the following changes in this file using sudo ee /usr/local/etc/nginx/nginx.conf:

...
http {
    ...

    # new server section to redirect all traffic to https
    server {
        listen 80 default_server;
        server_name _;
        return 301 https://$host$request_uri;
    }

    # this is the original server section now using https
    server {
        # comment or remove the next line
        #listen       80;
        # now enable https
        listen       443 ssl;
        server_name  localhost;
        
        ssl_certificate /usr/local/etc/letsencrypt/live/mvoortman.it.pointpark.edu/fullchain.pem;
        ssl_certificate_key /usr/local/etc/letsencrypt/live/mvoortman.it.pointpark.edu/privkey.pem;
        ssl_trusted_certificate /usr/local/etc/letsencrypt/live/mvoortman.it.pointpark.edu/chain.pem;
        
        ...
    }
    ...
}

And restart nginx:

sudo service nginx restart

Open the crontab with sudo ee /etc/crontab and add the following line to automatically renew the certificates:

13 3 * * * root /usr/local/bin/certbot renew --post-hook "service nginx restart"

If you want to proxy a project to node you can use the following few lines:

...
http {
    ...
    server {
        ...
        location /project/ {
            proxy_pass http://127.0.0.1:3000/;
        }
        ...
    }
    ...
}

Leave A Reply

Your email address will not be published.