This commit is contained in:
@@ -374,6 +374,7 @@ Open the existing `default` config file in an editor, replace it's contents **en
|
|||||||
```
|
```
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
|
#server_name ayanova.example.com www.ayanova.example.com;
|
||||||
location / {
|
location / {
|
||||||
proxy_pass http://127.0.0.1:7575;
|
proxy_pass http://127.0.0.1:7575;
|
||||||
proxy_http_version 1.1;
|
proxy_http_version 1.1;
|
||||||
@@ -387,6 +388,8 @@ server {
|
|||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Note that the server name is _intentionally_ commented out with a # symbol for now. In a later step you will uncomment it and replace the example domain with the one registered previously.
|
||||||
|
|
||||||
In a later step the Lets Encrypt Certbot will automatically update this file with the correct settings for ongoing use, this is only the initial configuration to allow Lets Encrypt access.
|
In a later step the Lets Encrypt Certbot will automatically update this file with the correct settings for ongoing use, this is only the initial configuration to allow Lets Encrypt access.
|
||||||
|
|
||||||
Confirm that NGINX sees the configuration as valid:
|
Confirm that NGINX sees the configuration as valid:
|
||||||
@@ -401,14 +404,80 @@ Restart NGINX so the new configuration takes effect:
|
|||||||
sudo systemctl restart nginx
|
sudo systemctl restart nginx
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Confirm DNS is active
|
#### Confirm DNS has propagated
|
||||||
|
|
||||||
Confirm that you can now navigate to AyaNova web app login page through regular un-encrypted HTTP via the domain name configured earlier. i.e. `http://ayanova.yourdomain.com` or `http://yourdomain.com` if not using a subdomain.
|
Confirm that you can now navigate to AyaNova web app login page through regular un-encrypted HTTP via the domain name configured earlier. i.e. `http://ayanova.yourdomain.com` or `http://yourdomain.com` if not using a subdomain.
|
||||||
|
|
||||||
|
Once DNS has propagated and you see the AyaNova web app login page over unecrypted HTTP it's time for the next step.
|
||||||
|
If DNS has propogated but you see an NGINX error page instead, confirm that AyaNova server is up and running and re-check the NGINX configuration.
|
||||||
|
|
||||||
### Login to AyaNova web app
|
### Add domain name to NGNIX config
|
||||||
|
|
||||||
Open your web browser and navigate to the AyaNova server URL. Assuming the default port of 7575 is in use then the URL would be http://YOUR_AYANOVA_SERVER_IP_ADDRESS:7575
|
Open the NGINX config file previously modified again in your editor, remove the `#` symbol that is commenting out the `server_name` line and replace the server name `example.com` with your domain and or subdomain names previously registered, save and exit.
|
||||||
The AyaNova login page should open and allow login.
|
|
||||||
|
### SSL Certificate through Lets Encrypt
|
||||||
|
|
||||||
|
Install the Lets Encrypt Certbot application and it's NGINX handler at the server:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo apt install certbot python3-certbot-nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
Request a certificate from Lets Encrypt for the domain or subdomains previously registered and set in the NGINX config file:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo certbot --nginx -d ayanova.example.com -d www.ayanova.example.com
|
||||||
|
```
|
||||||
|
|
||||||
|
(Each separate server name and dns record can be appended to the command line with `-d [YOUR_DOMAIN]`)
|
||||||
|
|
||||||
|
Accept the prompts choose the option to redirect to https. Certbot will re-write the default config file to properly include the https ports and SSL certificates.
|
||||||
|
|
||||||
|
The NGINX default config file will now have new entries looking something like this:
|
||||||
|
|
||||||
|
```
|
||||||
|
server {
|
||||||
|
server_name ayanova.example.com www.ayanova.example.com;
|
||||||
|
location / {
|
||||||
|
proxy_pass http://127.0.0.1:7575;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection keep-alive;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_cache_bypass $http_upgrade;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
}
|
||||||
|
|
||||||
|
listen 443 ssl; # managed by Certbot
|
||||||
|
ssl_certificate /etc/letsencrypt/live/green.helloayanova.com/fullchain.pem; # managed by Certbot
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/green.helloayanova.com/privkey.pem; # managed by Certbot
|
||||||
|
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
||||||
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
||||||
|
|
||||||
|
}
|
||||||
|
server {
|
||||||
|
if ($host = green.helloayanova.com) {
|
||||||
|
return 301 https://$host$request_uri;
|
||||||
|
} # managed by Certbot
|
||||||
|
|
||||||
|
|
||||||
|
listen 80;
|
||||||
|
|
||||||
|
server_name ayanova.example.com www.ayanova.example.com;
|
||||||
|
return 404; # managed by Certbot
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
Certbot will also install a systemd timer event which will auto-renew the SSL certificate if it is within 30 days of expiration. Certificates are valid for 90 days currently with Let's Ecrypt.
|
||||||
|
|
||||||
|
#### Confirm AyaNova can be access securely
|
||||||
|
|
||||||
|
Confirm that you can now navigate to AyaNova web app login page through encrypted HTTPS via the domain name configured earlier. i.e. `https://ayanova.yourdomain.com` or `https://yourdomain.com` if not using a subdomain.
|
||||||
|
|
||||||
|
You should now see the login page through an encrypted SSL connection and AyaNova is ready for use.
|
||||||
|
|
||||||
## Getting started and using AyaNova
|
## Getting started and using AyaNova
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user