Certbot SSL Certificates

Its important to encrypt your web traffic to keep you and anyone who passes information through your website secure. To install LetsEncryp and Certbot to handle this for you, run the below commands.

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx
sudo certbot --nginx -d domain.com -d www.domain.com

There are a few benefits to using Certbot. Your certificates will automatically be renewed when nearing expiration, and it even configures nginx for you automatically.

Now we need a webserver to redirect traffic over https. The below nginx configuration is verified to be working on Ubuntu 19.04 using certbot certificates to decrypt the traffic on default port 80, then passing it to a container hosted locally on a specific port. See the NGINX Book for more details on configuring nginx.

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events { }

http {
  include mime.types;

  # Redirect root domains
  server {
    listen 80;
    server_name knoats.com www.domain.com;
    return 301 https://www.domain.com$request_uri;

  }


  # SSL - domain.com
  server {
    server_name website.domain.com www.website.domain.com;
    server_tokens off;

                # SSL Settings
    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/www.website.domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.website.domain.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
  
    # Passing the decrypted trafficPass to the container
    location / {
      include proxy_params;
      proxy_pass http://<CONTAINERIP>:<CONTAINERPORT>/localhost:1234/;
    }

        }



        # SSL Redirect Server Configuration
        server {
                listen 80;
                server_tokens off;
                server_name website.com www.website.com;
                return 301 https://$host$request_uri;

  }

}