All
Nginx + Docker + Let'sEncrypt on Ubuntu
How to setup a webservice using nginx + docker + LetsEncrypt on Ubuntu VMs
Pre-requisites
- A VM with Ubuntu 18.04 LTS running on it
- Ability to SSH into the VM
- VM should be connected to internet to get the IP address
- Access to DNS server for your domain, in order to add an entry there to create a domain name mapping to your server
Now let's prepare our VM for the task at hand. Install various packages:
1
# Update dependencies
2
sudo apt update
3
sudo apt -y upgrade
4
sudo apt install -y docker.io
5
sudo apt install -y nginx
Copied!
Update Firewall
1
# check firewall options
2
sudo ufw app list
3
4
# enable all HTTP and HTTPs traffic from firewall
5
sudo ufw allow 'Nginx Full'
6
7
# confirm updated status
8
sudo ufw status
9
10
# NOTE: On GCP, the status will show inactive since firewall is external
Copied!
Start docker container
1
sudo docker run -p 3000:8080 -e NODE_ENV='production' --name website-prod \
2
--restart=always -d gcr.io/ivikramtiwari/website:prod
Copied!
Configure Nginx for HTTP access
Before we can enable HTTPs access, we need to have HTTP access enabled for our app.
- Make sure application has HTTP traffic enables from Compute Engine page
1
# it's a good idea to create a new file for each subdomain
2
sudo nano /etc/nginx/sites-available/vikramtiwari.com
Copied!
nginx.conf
1
server {
2
listen 80;
3
listen [::]:80;
4
listen 443 ssl;
5
listen [::]:443 ssl;
6
server_name vikramtiwari.com www.vikramtiwari.com;
7
8
include snippets/ssl-vikram.tiwari.dev.conf;
9
include snippets/ssl-params.conf;
10
11
server_tokens off;
12
root /var/www/html;
13
14
location / {
15
proxy_read_timeout 300;
16
proxy_connect_timeout 300;
17
proxy_redirect off;
18
proxy_http_version 1.1;
19
proxy_set_header Host $http_host;
20
proxy_set_header X-Real-IP $remote_addr;
21
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
22
proxy_set_header X-Forwarded-Proto $scheme;
23
proxy_pass http://0.0.0.0:3000;
24
}
25
26
location ~ /.well-known {
27
allow all;
28
}
29
}
Copied!
1
# create a symlink in sites-enabled
2
sudo ln -s /etc/nginx/sites-available/vikramtiwari.com /etc/nginx/sites-enabled/
Copied!
1
# check if nginx config is correct
2
sudo nginx -t
3
4
# restart nginx
5
sudo systemctl restart nginx
6
7
# check nginx status
8
sudo systemctl status nginx
9
10
# find your IP address
11
dig +short myip.opendns.com @resolver1.opendns.com.
Copied!
Now use your IP address to create a "A" type DNS record on your provider. As soon as the DNS settings are live, you should be able to access your app on your website.
Setup LetsEncrypt
1
# install certbot and nginx plugin
2
sudo apt install certbot python3-certbot-nginx
3
4
# get certificates
5
sudo certbot --nginx -d vikramtiwari.com -d www.vikramtiwari.com
6
7
# Follow through the options in the terminal until it shows "Congratulations!" message
Copied!
At this point everything is setup and you are ready to receive HTTPs traffic.
Verification of HTTPs
- Using CLI
1
sudo certbot renew --dry-run
Copied!
- From nginx file. Your Nginx file should have following entries now
1
listen [::]:443 ssl ipv6only=on; # managed by Certbot
2
listen 443 ssl; # managed by Certbot
3
ssl_certificate /etc/letsencrypt/live/vikramtiwari.com/fullchain.pem; # managed by Certbot
4
ssl_certificate_key /etc/letsencrypt/live/vikramtiwari.com/privkey.pem; # managed by Certbot
5
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
6
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
Copied!
Last modified 1yr ago