Introduction
SSL is a security mechanism that allows switching from HTTP to HTTPS
HTTPS is a secure connection type with SSL encryption.
When accessed, HTTP will listen on port 80, while HTTPS will listen on port 443 of the system.
To be able to install SSL, we will use the certbot tool
Deployment method
To install certbot, first we need to update the installation packages of the VM
sudo apt-get update
Next, we will install certbot with the following command
sudo apt-get install certbot python3-certbot-nginx
Before installing SSL, make sure your nginx config already has the server_name that we need to deploy
To install SSL for a specific domain, we will use the following command
certbot --nginx -d nglearns.test
After installation, the config file will be reset as follows
server {
server_name nglearns.test;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/nglearns.test/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/nglearns.test/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = nglearns.test) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name nglearns.test;
return 404; # managed by Certbot
}
Here, we can see that certbot has set up listening and ssl configuration for us.
SSL will expire after 30 days, but certbot will help us renew it when it expires.
On This Page
Introduction
Deployment method