nginx+ssl

A quick guide on setting up ssl cert on a domain, and configuring nginx for the same.

While there are quite a few options to get ssl certificates from trusted third parties, the most economical option is letsencrypt as it offers certs for free.

Please donate to https://letsencrypt.org to keep them continuing the good work.

For managing certs with letsencrypt, certbot is often a sufficient tool.

Go to https://certbot.eff.org/ and select nginx on ubuntu 20.04 in the section of My http website is running below:

_or you can go here directly if you've ubunut and nginx: https://certbot.eff.org/lets-encrypt/ubuntufocal-nginx _

Follow the instructions from default or wildcard from there.

If you're serving only one domain on nginx, you can let certbot auto configure nginx for you from above steps.

Your config would similar to below, if application is running on 3000 locally:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name <site-name>;
    root </path/to/root/dir>;

    ssl_certificate /etc/letsencrypt/<site-name>/fullchain.cer;
    ssl_certificate_key /etc/letsencrypt/<site-name>/<site-name>.key;
    include /etc/nginx/snippets/ssl-params.conf;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $http_host;
        proxy_pass http://127.0.0.1:3000;

    }

    location ~ /.well-known {
        allow all;
    }

    client_max_body_size 50m;
}

You can configure redirect from 80 to 443 if that's needed, with below snippet above the previous one in same config file:

server {
    listen 80;
    listen [::]:80;

    server_name <site-name>;
    return 301 https://$host$request_uri;
}

Run sudo nginx -t to test config and sudo systemctl nginx reload to make the config changes.

Happy ssl!