Update Production HTTPS Setup

2025-02-07 19:29:27 +00:00 · 2025-02-07 19:29:27 +00:00 · a14af6b9e1
commit a14af6b9e1
parent 5c97ec33fa
1 changed files with 50 additions and 0 deletions
--- a/Production-HTTPS-Setup.md
+++ b/Production-HTTPS-Setup.md
@ -1,5 +1,30 @@
 ## Production HTTPS Setup [ How to Secure Your Applications with HTTPS Using Docker, NGINX, and Let's Encrypt ](https://www.youtube.com/watch?v=J9jKKeV1XVE)

+- First cd to project where the repo is intialized `cd /home/lasthour/repositories/automatisch`
+- Create an env file, and add the env vars and save the file: `sudo nano .env`. Make sure to update the `IPV6_SUBNET` var to to a range that isn't already in use:
+
+ex):
+```
+ENABLE_IPV6=true
+PORT=7757
+HOST=automatisch.lasthourhosting.org
+PROTOCOL=https
+APP_ENV=production
+REDIS_HOST=redis
+POSTGRES_HOST=postgres
+POSTGRES_DATABASE=automatisch
+POSTGRES_USERNAME=automatisch_user
+POSTGRES_PASSWORD=automatisch_password
+ENCRYPTION_KEY
+WEBHOOK_SECRET_KEY
+APP_SECRET_KEY
+SSL_CERT_EMAIL=support@shilohcode.com
+SSL_SELF_SIGNED_CRT=shiloh_automatisch.local.crt
+SSL_SELF_SIGNED_KEY=shiloh_automatisch.local.key
+IPV6_SUBNET=2001:db8:1::/64
+
+```
+- change .env file's owner and group to lasthour: `sudo chown lasthour:lasthour .env`
 - In docker-compose.yml, uncomment production nginx and certbot services:
 ```
  nginx:
@ -45,6 +70,31 @@ sudo nano .env
 HOST=automatisch.lasthourhosting.org
 SSL_CERT_EMAIL=support@shilohcode.com
 ```
+- Add the HOST entries to `automatisch_letsencrypt_nginx.conf` and save before continuing:
+```
+# initial nginx conf file needed when running certbot container the first time to generate ssl certs
+# replace <HOSTNAME> with your DNS i.e.automatisch.lasthourhosting.org
+
+events {
+    worker_connections  1024;
+}
+
+http {
+
+    server {
+        listen 7757;
+        server_name <HOSTNAME>;
+
+        location / {
+            proxy_pass http://<HOSTNAME>:7757;
+        }               
+
+        location ~ /.well-known/acme-challenge/ {
+            root /var/www/certbot;
+        }        
+    }
+}
+```
 - Run `sudo docker compose up` to generate SSL cert
 - There should be a new /certbot folder created at the project root, and the cert and key `.pem` files should be created at `/etc/letsencrypt/live`
 - After this completes, stop the containers `ctrl+c` and overwrite the `automatisch_letsencrypt_nginx.conf` file with the `secondary_automatisch_letsencrypt_nginx.conf` file's contents which has the 443 https and SSL configs: `cp https/nginx/secondary_automatisch_letsencrypt_nginx.conf https/nginx/automatisch_letsencrypt_nginx.conf`