A VM with Ubuntu 18.04 LTS running on it
Ability to SSH into the VM
VM should be connected to internet to get the IP address
Access to DNS server for your domain, in order to add an entry there to create a domain name mapping to your server
Now let's prepare our VM for the task at hand. Install various packages:
# Update dependenciessudo apt updatesudo apt -y upgradesudo apt install -y docker.iosudo apt install -y nginx
Update Firewall
# check firewall optionssudo ufw app list# enable all HTTP and HTTPs traffic from firewallsudo ufw allow 'Nginx Full'# confirm updated statussudo ufw status# NOTE: On GCP, the status will show inactive since firewall is external
sudo docker run -p 3000:8080 -e NODE_ENV='production' --name website-prod \--restart=always -d gcr.io/ivikramtiwari/website:prod
Before we can enable HTTPs access, we need to have HTTP access enabled for our app.
Make sure application has HTTP traffic enables from Compute Engine page
# it's a good idea to create a new file for each subdomainsudo nano /etc/nginx/sites-available/vikramtiwari.com
nginx.confserver {listen 80;listen [::]:80;listen 443 ssl;listen [::]:443 ssl;server_name vikramtiwari.com www.vikramtiwari.com;include snippets/ssl-vikram.tiwari.dev.conf;include snippets/ssl-params.conf;server_tokens off;root /var/www/html;location / {proxy_read_timeout 300;proxy_connect_timeout 300;proxy_redirect off;proxy_http_version 1.1;proxy_set_header Host $http_host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Forwarded-Proto $scheme;proxy_pass http://0.0.0.0:3000;}location ~ /.well-known {allow all;}}
# create a symlink in sites-enabledsudo ln -s /etc/nginx/sites-available/vikramtiwari.com /etc/nginx/sites-enabled/
# check if nginx config is correctsudo nginx -t# restart nginxsudo systemctl restart nginx# check nginx statussudo systemctl status nginx# find your IP addressdig +short myip.opendns.com @resolver1.opendns.com.
Now use your IP address to create a "A" type DNS record on your provider. As soon as the DNS settings are live, you should be able to access your app on your website.
# install certbot and nginx pluginsudo apt install certbot python3-certbot-nginx# get certificatessudo certbot --nginx -d vikramtiwari.com -d www.vikramtiwari.com# Follow through the options in the terminal until it shows "Congratulations!" message
At this point everything is setup and you are ready to receive HTTPs traffic.
Verification of HTTPs
Using CLI
sudo certbot renew --dry-run
From nginx file. Your Nginx file should have following entries now
listen [::]:443 ssl ipv6only=on; # managed by Certbotlisten 443 ssl; # managed by Certbotssl_certificate /etc/letsencrypt/live/vikramtiwari.com/fullchain.pem; # managed by Certbotssl_certificate_key /etc/letsencrypt/live/vikramtiwari.com/privkey.pem; # managed by Certbotinclude /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbotssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot