██╗ ███████╗████████╗███████╗ ███████╗███╗ ██╗ ██████╗██████╗ ██╗ ██╗██████╗ ████████╗
██║ ██╔════╝╚══██╔══╝██╔════╝ ██╔════╝████╗ ██║██╔════╝██╔══██╗╚██╗ ██╔╝██╔══██╗╚══██╔══╝
██║ █████╗ ██║ ███████╗ █████╗ ██╔██╗ ██║██║ ██████╔╝ ╚████╔╝ ██████╔╝ ██║
██║ ██╔══╝ ██║ ╚════██║ ██╔══╝ ██║╚██╗██║██║ ██╔══██╗ ╚██╔╝ ██╔═══╝ ██║
███████╗███████╗ ██║ ███████║ ███████╗██║ ╚████║╚██████╗██║ ██║ ██║ ██║ ██║
╚══════╝╚══════╝ ╚═╝ ╚══════╝ ╚══════╝╚═╝ ╚═══╝ ╚═════╝╚═╝ ╚═╝ ╚═╝ ╚═╝ ╚═╝
██╗
██║
████████╗
██╔═██╔═╝
██████║
╚═════╝
██████╗███████╗██████╗ ████████╗██████╗ ██████╗ ████████╗
██╔════╝██╔════╝██╔══██╗╚══██╔══╝██╔══██╗██╔═══██╗╚══██╔══╝
██║ █████╗ ██████╔╝ ██║ ██████╔╝██║ ██║ ██║
██║ ██╔══╝ ██╔══██╗ ██║ ██╔══██╗██║ ██║ ██║
╚██████╗███████╗██║ ██║ ██║ ██████╔╝╚██████╔╝ ██║
╚═════╝╚══════╝╚═╝ ╚═╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝
Deploying a secure web application in production with Let's Encrypt and Certbot details a way to deploy an app or service securely. In doing so, it takes advantage of iptables rules to intercept traffic on port 80 or 443 and reroute that traffic to the port your app or service is runming on.
-
Install the
iptables-persistent
packageNewer *Nix Distros
sudo apt install iptables-persistent
Older *Nix Distros
sudo apt-get install iptables-persistent
-
On installation of
iptables-persistent
package, you will be asked to save the current files. Accept Yes -
Optional: Check your iptables rule file
cat /etc/iptables/rules.v4
It should look like
# Generated by iptables-save v1.6.1 on Fri Aug 20 02:40:14 2021 *filter :INPUT ACCEPT [71277:316681291] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [58801:6540250] COMMIT # Completed on Fri Aug 20 02:40:14 2021 # Generated by iptables-save v1.6.1 on Fri Aug 20 02:40:14 2021 *nat :PREROUTING ACCEPT [1:52] :INPUT ACCEPT [1636:90337] :OUTPUT ACCEPT [613:66497] :POSTROUTING ACCEPT [613:66497] -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 443 -A PREROUTING -i eth0 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 3000 COMMIT # Completed on Fri Aug 20 02:40:14 2021
-
If you were not given the option to save the iptables rules, do so by running the following commmand
sudo iptables-save > /etc/iptables/rules.v4
If you get a permission denied error, try:
sudo iptables-save
-
Save your newly updated iptables rules to a file
sudo service iptables save
-
Restart the service
sudo service iptables restart
-
Make them permanent
sudo chkconfig iptables on