Configuring Nginx and Installing SSL certificate from Certbot on Ubuntu

Configuring Nginx and Installing SSL certificate from Certbot on Ubuntu

Table of contents

NGINX

Before getting into nginx, lets enable the firewall 1) sudo ufw status

image.png

2) sudo ufw enable

image.png

3) Lets enable ssh, http and https

sudo ufw allow ssh sudo ufw allow http sudo ufw allow https

image.png

4) Check the status sudo ufw status

image.png

5) Now if you want to access your website only through ip and not ip:port number, we’ll install nginx for that.

sudo apt install nginx

If you hit the ip, you’ll see this page!

image.png

6) Lets configure the default file

  sudo nano /etc/nginx/sites-available/default*

  In the location section, comment try_files $uri $uri/ =404; using a #

  Add these commands-

    proxy_pass http://localhost:5000; #whatever port your app runs on
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;

image.png

Ctrl +x, y, enter

7) To check if everything is correct sudo nginx –t

image.png

8) Restart the service sudo service nginx restart

9) Now lets go back to our ip and reload it

image.png

There it is! Our node application is running on port 80. It is running on port 5000 but we are using nginx in front of it as a reverse proxy to access it through port 80

10) To additionally let in HTTPS traffic, allow the Nginx Full profile sudo ufw allow 'Nginx Full' sudo ufw status

image.png

SSL Certbot-

11) Obtaining a SSL certificate sudo apt install certbot python3-certbot-nginx

image.png

12) Certbot provides a variety of ways to obtain SSL certificates through plugins. The Nginx plugin will take care of reconfiguring Nginx and reloading the config whenever necessary. To use this plugin, type the following

sudo certbot --nginx -d example.com -d example.com

enter email A (agree) N (no)

image.png

2 (Redirect)

image.png

13) Congratulations!

image.png

Your certificates are downloaded, installed, and loaded. Try reloading your website using https:// and notice your browser’s security indicator. You’ll notice a lock!

image.png