Calum

Make your web app use HTTPS in 30 minutes with Let’s Encrypt and NGINX

So you have an application which works over HTTP and you want to switch to HTTPS. You can do it for free with Let’s Encrypt and NGINX. It should only take about 30 minutes…

Register a free domain name (if you don’t already have one) 10 minutes Set up your NGINX proxy 10 minutes Use certbot to generate certificates 10 minutes

Register a free domain name (if you don’t already have one)

You need to have a domain name to use HTTPS. If you don’t already have one, you can register one for free at dot.tk.

Once you have registered a domain, you need to set up your DNS records for it. If you used dot.tk then you want to click through Services -> My Domains -> Manage Domain -> Manage Freenom DNS and then add a blank record with the Target set to be your server’s IP address.

Set up your NGINX proxy

You need to install NGINX onto your server and setup the configuration so that NGINX will forward any traffic onto your application.

If you are having problems with NGINX, then take a look at their beginner guide

Install NGINX

The quickest way to install is to use a package manager. Find steps on how to install NGINX onto your operating system using the NGINX install guide.

If you are using Ubuntu, then it is as easy as

$ sudo apt-get update $ sudo apt-get install nginx $ sudo nginx -v nginx version: nginx/1.6.2

or for CentOS/Red Hat

$ sudo yum install epel-release $ sudo yum update $ sudo nginx -v nginx version: nginx/1.6.3

Configure NGINX

You want to edit the NGINX configuration file. On Ubuntu this is found at /etc/nginx/conf.d/virtual.conf . You will need to edit the file as root.

$ sudo nano /etc/nginx/conf.d/virtual.conf

Then change the file to be the following config (swapping yourdomain.cf with your registered domain name)

server { listen 80; server_name yourdomain.cf localhost; location / { proxy_pass http://localhost:8000; proxy_http_version 1.1; } }

After changing the configuration file you need to restart NGINX. If you are using Ubuntu, this is $ sudo service nginx restart . If you are having problems with NGINX, then take a look at their beginner guide.

Use certbot to generate certificates

Now for the fun part. You want to use certbot to setup your Let’s Encrypt certificates. Certbot will also update your NGINX configuration file to use HTTPS instead of HTTP!

Go to certbot’s website and select I'm using Nginx on ... and your operating system. If you are using amazon web services then you can select Other UNIX .

Certbot will then give you the commands to run. While you run the scripts, certbot will ask you questions to help you with your configuration. When certbot asks about updating your NGINX config file for you, make sure you select yes - it makes the process slightly easier.

And you’re done! Test it out by going to https://yourdomain.cf . Your web application is now running encrypted!

Home