We will setup HTTPS on Nginx using Certbot on an Azure Ubuntu VM
1) Create VM
2) Config Ports
3) Install Nginx
4) HTTPS using Certbot
- Let's get started by creating Azure VM.
- I'm using ubuntu 18.04 LTS -Ge1 as OS Image and Size :Standard_B1ls - 1vcps. With SSH connection on PORT 22.
- After that I'm going with default settings.
-- SAVE YOUR PRIVATE KEY, KEEP IT SECURE AND DON'T SHARE IT.
- Now we change Dynamic to Static Assigment
- We set the Assignment as Static then we choose a DNS name label.
- Here we choose nova-test therefore the VM will be accessible at nova-test.eastus2.cloudapp.azure.com.
- After it is saved let's connect our azure using SSH in terminal.
Now let's connect our terminal to server using SSH.
Note: You can always find intructions in VM's Connect Tab
In my PC, I have saved my Private Key(Generated during VM creation) in a root folder called "Key".
- Connection String
ssh -i key.pem user_name@server_name
Note: You can also use public IP to connect instead of server_name
- But before we access the key we need to change the permission of the private key otherwise you might face an issue saying, "Unprotected Private Key File!"
- In order to do that, we need to goto key's dir and fire these commands
sudo chmod 600 test-vm_key.pem
And Volla! We are connected to our server.
Now let's get started with our nginx server !
Install nginx server first:
$ sudo apt-get update $ sudo apt-get install nginx
And Done ???
-- Well technically, yes. Server is ready.
-- But wait you can't access it from browser right now because we haven't added port rule.
-- To access the server we need to add PORT 80 Access Rule to our VM.
-- In order to add rule for port 80, goto Networking Tab and click
Add Inbound Port Rule
Note: You can always check your inbound port rules and add custom rules in VM's Networking Tab.
Now our server can be accessed by browser by visiting nova-test.eastus2.cloudapp.azure.com
As you can see our server is ready but it not secure. We can solve that by adding SSL certificate to our server.
-- And ....yes about the bookmarkbar, I forgot to hide it.
In order to do that we need to add one last PORT 443 rule. As we know HTTPS runs on port 443 and without 443 access browser can't use https connection.
Now we are ready for SSL certificate.
Fire following commands to get started:
-- Installing and updating snap
$ sudo snap install core; sudo snap refresh core
-- Installing Certbot
$ sudo snap install --classic certbot
Note: For More Info visit: https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx.html
Before we initialize our certification process we need to configure our nginx default file.
-- Fire following commands to goto nginx default file
-- Now edit default file. I'm using nano as text edtor.
sudo nano default
- Add domain after
-- Save the file by pressing Ctrl+O, Enter(To Save). Ctrl+X (To Exit)
Run this command to get a certificate and have Certbot edit your Nginx configuration automatically to serve it, turning on HTTPS access in a single step.
$ sudo certbot --nginx
-- Fill the details.
-- Once all the steps completed, you will see message similiar to this:
Congratulations ! We have successfully added certificate to our server.
VOLLA ! We did it. There is just one step remaining which is to restart nginx server.
We can restart it by following command:
$ sudo service nginx reload
We did it, we setup HTTPS on our server for free using Certbot. We did it by creating a VM on Azure and used a custom DNS, added port inbound rules for PORT 80 & 443, installed Nginx and configure default Nginx file. At the end we installed a SSL certification and configured Nginx with Certbot.