The Essential Guide to Domain Setup and SSL Security
Vijeth Simha
Posted on January 19, 2024
Thank you for taking the time to read this post.
In my last post, I discussed automating the deployment process using GitHub CI/CD. Building on that topic, this post will delve into how to connect your domain and attach SSL.
Before proceeding, I highly recommend checking the previous articles in the deployment series, as this post is a continuation of the previous two.
With that said, let's dive in.
Attach Domain
The first step is to edit the existing Nginx configuration file. You can do this by opening the file in a text editor, such as nano, with the following command
sudo nano /etc/nginx/sites-available/<<YOUR_PROJECT_NAME>>
Note: For the following step to work, you must point your domain to the DigitalOcean IP address, or else the domain connection won't work.
Add your domain to the configuration as shown below.
server {
listen 80;
server_name <<your_domain_name>>;
location / {
proxy_pass http://localhost:<<YOUR_NODE_JS_PORT>>;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Replace <<your_domain_name>>
with your domain name and <<YOUR_NODE_JS_PORT>>
with the port number where your Node.js app is running.
You can test the configuration by running below command.
sudo nginx -t
If you encounter an error, reopen the server block file and carefully review it for any typos or missing characters. After ensuring that your configuration file's syntax is correct, you should reload Nginx to apply the new configuration by running below command
sudo systemctl reload nginx
Attach SSL
The first step in using Let’s Encrypt to obtain an SSL certificate is to install the Certbot software on your server. Execute the following command to do so.
sudo apt install certbot python3-certbot-nginx
If you have a firewall enabled, you'll need to adjust its settings to allow HTTPS traffic. Fortunately, Nginx registers several profiles with UFW (Uncomplicated Firewall) upon installation. You can check the current firewall status with
sudo ufw status
To allow HTTPS traffic, enable the 'Nginx Full' profile, which covers both HTTP and HTTPS. This step makes the separate 'Nginx HTTP' profile redundant, so you can remove it
sudo ufw allow 'Nginx Full'
sudo ufw delete allow 'Nginx HTTP'
After these changes, verify the updated firewall status by running
sudo ufw status
The status should now show as 'active', similar to the example in the image below.
Certbot offers several methods to obtain SSL certificates, facilitated by its plugins. The Nginx plugin, in particular, is designed to automatically reconfigure Nginx and reload its configuration as needed. To utilize this plugin, enter the following command
sudo certbot --nginx -d <<your_domain_name>>
Ensure you replace <<your_domain_name>>
with your actual domain name.
When you run this command, Certbot will prompt you for several pieces of information:
Email Address: For important notifications related to your SSL certificate.
Terms and Conditions Acceptance: You'll need to agree to the Let's Encrypt terms of service.
Redirection Details: Certbot will ask whether you want to redirect HTTP traffic to HTTPS, effectively enforcing a secure connection.
Let’s Encrypt's certificates have a validity period of ninety days. This relatively short duration is intentional, aimed at encouraging users to automate the process of certificate renewal.
Fortunately, the certbot
package, which we've already installed, simplifies this process. It adds a systemd
timer to your system, configured to run twice daily. This timer automatically renews any certificate that's within thirty days of expiration.
You can query the status of the timer with systemctl
sudo systemctl status certbot.timer
You will get output as the image below.
To test the renewal process without making any actual changes, you can perform a dry run with certbot
using the following command
sudo certbot renew --dry-run
If the dry run completes without any errors, you're all set. Certbot will handle the renewal of your certificates and will ensure that Nginx is reloaded to apply the changes.
In the event that the automated renewal process encounters an issue, Let’s Encrypt will send a notification to the email address you provided. This notification will serve as a warning, alerting you when your certificate is nearing its expiration date.
That's it for this guide.
Thank you so much for reading through to the end!.
Finally
As you embark on this journey, feel free to use my project as a practical example to follow along with the steps outlined above.
Should you encounter any challenges or have questions during the process, please don't hesitate to leave a comment below.
Feel free to reach out to me on
Posted on January 19, 2024
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.
Related
November 29, 2024