Skip to content
This repository has been archived by the owner on Mar 27, 2022. It is now read-only.

SSL Setup

Jump to bottom
Tim Morgan edited this page Aug 30, 2018 · 15 revisions

Introduction

Your installed site is not secure by default. You must obtain and install an SSL security certificate that is provided by a certificate authority. Let's Encrypt is a freely available certificate authority provided by the Electronic Frontier Foundation, who provides and supports tools to automate the process of obtaining and renewing your certificate. This LE Getting Started article explains the basics of how it works. The instructions below give you information on completing this install for yourself.

NOTE: As of this writing, the best way to add SSL to an install using the DigitalOcean automation was to compile and run the latest version of the Certbot client as opposed to the current "released" version. This documentation should be updated once the released version includes the ability to update nginx configs.

Prerequisites

  1. You have completed the DigitalOcean push button install and verified the site is running. If you installed the deb package manually or you are using the EC2 image then that should work too.
  2. You own a domain name for the site and have set up DNS to resolve to the site's IP address, and you've proven this is working, e.g. you can access your site by visiting yourdomain.com or members.yourdomain.com or whatever.
  3. You have been able to use SSH to access a console to the server so you can run commands.

Process

  1. Open an SSH console on the server (virtual console through the DO control panel might work, but is not recommended).

  2. Edit your vhost to include your domain name by editing the file: /etc/nginx/sites-available/onebody to make it look like this (substituting www.example.com with your domain name):

     server {

     listen 80;

     client_max_body_size 25m;

     server_name www.example.com;

     ...

  3. Follow the instructions here to install certbot.

  4. Now run certbot:

    sudo certbot --nginx

If this all completed successfully, you should see messages at the end that suggest how to test your site to make sure it's working; you should also be able to go to your site at https://www.yourdomain.com and see OneBody come up.

Clone this wiki locally