I deployed my latest opensource project which provides store fake API. and when I complete deployment my store-API project in AWS. I was researching a free SSL certificate for my ubuntu Nginx server. After a long while of research, I found a solution which was a free open source project to install SSL certificate in my node/express app. So in this tutorial, I am going to setup the SSL of my node app. Check my open-source project
Update apt-get dependency
sudo apt-get update
Install certbot and certbot-nginx package
To enable an SSL certificate in your Nginx server, you will need third-party packages. Letsencription org provides free SSL certificates which was needed to install their open-source packages. There provide very good documentation also.
sudo apt-get install certbot python3-certbot-nginx -y
Request and install SSL certificate to your nginx projects
sudo certbot --nginx
When you request an SSL certificate. it will take several inputs…
- Take a email input which was used for urgent renew or security notices.:
Email: [email protected] - https://letsencription.org you must agree to register with ACEME server. Do you agree?
(Y)es/(N)o: Y - Which names would you like to activate HTTPS for?
1. www.yourdomain.com
2. yourdomain.com
Ans: Select your multple domain with comma separator: example: 1,2 - Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access
1: No redirect – Make no further changes to the webserver configuration.
2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for
Ans: 2
So what was heppen
Great you setup SSL of your AWS instance of ubuntu Nginx serve;
Visit your domain it will redirect https://yourdomain.com
The checkout your Nginx config file, in my case
username@my-ip-addess:/$ sudo cat /etc/nginx/sites-enabled/default
server {
server_name storerestapi.com www.storerestapi.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
proxy_pass http://localhost:8000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
# pass PHP scripts to FastCGI server
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/storerestapi.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/storerestapi.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.storerestapi.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = storerestapi.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name storerestapi.com www.storerestapi.com;
return 404; # managed by Certbot
