Introduction
Before going to the tutorial, lets take a brief look at HTTP and HTTPS. HTTPS stands for HyperText Transfer Protocol Secure which is also referred to as HTTP over TLS or HTTP over SSL. Most websites today use HTTPS not HTTP. So, What is the difference?
The difference can be explained using the above figure.
HTTP transfers data between the browser and the web server in the hypertext format, in other words, hackers can see what you are receiving and sending between the browser and the server.
To solve these issues, HTTPS was introduced. HTTPS encrypts all the data before transferring. Hackers can not read or modify the data during the transfer between the web server and the browser. Even if they managed to intercept the communication, no one can read the encrypted data.
HTTPS uses the TLS protocol (Transport Layer Security) to encrypt communications. TLS is also known as SSL (Secure Socket Layer).The type of security method uses by the SSL is asymmetric public-key encryption that uses two different keys to encrypt and decrypt the data communication between the two parties.
The private key - stored on a web server (controlled by the owner) and this is private. This key is used to decrypt information encrypted by the public key.
The public key - Available to everyone who wants to communicate with the server. Data that is encrypted by the public key can only be decrypted by the private key.
I think now you have some basic knowledge about the differences between the HTTP and HTTPS. Let's move on to the practical part. Before that, you should be aware that there are many other ways to create an HTTPS server without using certbot application and Azure cloud platform.
The whole process can be broken down into 4 steps.
- Create a Microsoft Account
- Build a new virtual machine on Azure cloud platform.
- Connect to the VM via SSH and configure it.
- Test the connection with ssllabs.
1. Create a Microsoft Account
- First thing we need to do is signing into the Microsft Azure account. Even though they don't charge you, you have to enter credit card details when creating the account.
Create your Azure free account
If you are a university student, you may get the Microsft Azure student offer. All you have to do is providing your university email. No need to enter credit card details.
Get Azure for Students - Free Account Credit | Microsoft Azure
- After creating the account sign in to it and go to the Azure Portal. This dashboard allows you to manage each cloud service which Microsft provides.
2. Build a new virtual machine
Visit VM section by clicking on the Virtual Machines icon on the portal. Then Select Add > Virtual machine on the menu.
On the Basic tab, you need to set a name for your VM, select the region you need. Select which OS you are willing to run on the VM. I am using Ubuntu Server 16 LTS. Then select machine size and SSH as the authentication type.
The most important part is the port rules section. Select SSH(22), HTTPS(443) and HTTP(80) as inbound ports.
Leave all the setting as they are on other tabs such as Disks, Networking, Advanced, etc unless you don't know much about them. For this tutorial, these Basic setting are enough.
Click on 'Review+Create'. You can review the VM settings you have set. If something is the wrong click on the Previous button and do the changes you need. Finally, click the Create button.
Download SSH private key. Azure doesn't store the private key. After the SSH key resource is created, you will not be able to download the private key again.
It may take about a minute to create the VM. After it deployed, go to the created VM by clicking 'Go to resource' button. On this page, you can manage the VM you created.
By default the VM doesn't have a DNS name. To create a new DNS we have to stop the VM for a little. Click Stop button to stop the VM. Azure will ask whether to reserve the Public IP address or not. Check the box and click OK.
Now click configure link next do DNS name. Select the Static DNS assignment option. Type a DNS name label. A green check icon will appear if the given name is valid. Then save the configuration. Go back to VM dashboard and Start the VM.
3. Connect to the VM via SSH and configure it.
Now you have a working VM. If we visit the IP or the DNS now the browser will show an error saying the site can't be reached.
The first thing you need to do is connecting to the VM using SSH protocol. If you are on Linux, you can just do it on the terminal. But if you are on Windows, you have to download an SSH client software like putty. Download and install it on windows. Putty settings for SSHing into a server may vary a bit. But I am sure you can manage it. It is not a big deal.
Download SSH for Windows (putty)
From now on you will have to run commands in both the VM and your host machine. To avoid running those commands in the wrong machine I will label each of the commands.
(VM) <command 1>
- Run this on your VM's terminal.
(host) <command 2>
- Run on your machine.
Before using the private key, you have to change the access mode of the file.
(host) sudo chmod 400 httpsVM_key.pem
Now connect to the VM in your terminal. On Linux, use the below command.
-i
denotes for identity file. You should give the path to the downloaded private key file.
(host) sudo ssh -i httpsVM_key.pem azureuser@52.188.53.51
After remote login in, update the system repositories.
(VM) sudo apt-get update
As the next step we will install apache2.
(VM) sudo apt-get install apache2
Copy IP address or DNS name from VM page and paste it on browser URL. You will see your server is ready on port 80.
Delete default apache2 index page. /var/www/html directory contains the files of the website.
(VM) sudo rm /var/www/html/index.html
Now copy your website's index.html to /var/www/html directory. How do we copy a file from our host PC to our VM? We use SCP (secure copy) command. Open a new terminal and run these commands.
(host) sudo scp -i ~/Downloads/httpsVM_key.pem index.html azureuser@52.188.53.51:/home/azureuser
Then copy the file to the HTML directory.
(VM) sudo cp index.html /var/www/html
Check the result by visiting the IP address again.
Add certbot repository and install it using these commands.
(VM) sudo add-apt-repository universe
(VM) sudo add-apt-repository ppa:certbot/certbot
(VM) sudo apt-get install python-certbot-apache
Now obtain the SSL certificate from letsEncrypt server by running this command. Make sure your DNS name is given correctly.
(VM) sudo certbot --apache -d tenet.eastus.cloudapp.azure.com
It will ask few details step by step. Enter an email for security notices. Agree to the Terms and conditions.
When it asks, "Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access", select 2:Redirect option by entering 2.
4. Test the connection with ssllabs.
- Congratulations, now you have an HTTPS server! Now let's test our SSL server.
- Paste the domain name of your web server. It may take few minutes to get the result.
Your certificate and chain is stored at:
/etc/letsencrypt/live/<domain>/fullchain.pem
Key file:
/etc/letsencrypt/live/<domain>/privkey.pem
Web root:
/var/www/html
Your SSL configuration file is:
etc/apache2/sites-enabled/000-default-le.ssl.conf
[Important!] After you finish this tutorial stop the VM. Otherwise, you will waste your free credits for the platform.
There are other easy peasy ways of doing this job. But I hope you got a good idea about how to create an HTTPS server on Azure cloud. Stay safe!
"Why do we fall? So we can learn to pick ourselves back up." ~ Crhistoper Nolan
Top comments (4)
Good read!
Thanks pro
Nice Write up! Does this process work for nginx running in a docker container in a linux VM?
I don't think so. As I know the process is different with Nginx and dockers.
cloudbooklet.com/how-to-install-ng...
Hope this will help you in this situation.