From bf6add1765578921bbd2a0b09aefa82321932c7e Mon Sep 17 00:00:00 2001 From: Linden Crandall Date: Sat, 8 Feb 2025 00:07:06 +0000 Subject: [PATCH] Update Production HTTPS Setup --- Production-HTTPS-Setup.md | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) diff --git a/Production-HTTPS-Setup.md b/Production-HTTPS-Setup.md index aacdc6b..80bf999 100644 --- a/Production-HTTPS-Setup.md +++ b/Production-HTTPS-Setup.md @@ -1,7 +1,7 @@ ## Production HTTPS Setup [ How to Secure Your Applications with HTTPS Using Docker, NGINX, and Let's Encrypt ](https://www.youtube.com/watch?v=J9jKKeV1XVE) - First cd to project where the repo is intialized `cd /home/lasthour/repositories/automatisch` -- Create an env file, and add the env vars and save the file: `sudo nano .env`. Make sure to update the `IPV6_SUBNET` var to to a range that isn't already in use: +- Create an env file, and add the env vars and save the file: `sudo nano .env`. Get name from Tony. Make sure to update the `IPV6_SUBNET` var to to a range that isn't already in use: ex): ``` @@ -9,7 +9,7 @@ ENABLE_IPV6=true MAIN_HTTP_PORT=7757 NGINX_HTTP_PORT=80 NGINX_HTTPS_PORT=443 -HOST=automatisch.lasthourhosting.org +HOST= PROTOCOL=https APP_ENV=production REDIS_HOST=redis @@ -58,15 +58,7 @@ IPV6_SUBNET=2001:db8:2::/64 # - ./https/certs/${SSL_SELF_SIGNED_KEY}:/etc/nginx/certs/${SSL_SELF_SIGNED_KEY}:ro # - ./https/nginx/automatisch_self_signed_nginx.conf:/etc/nginx/conf.d/ ``` -- Add SSL_CERT_EMAIL and HOST env vars: -``` -sudo nano .env -``` -``` -HOST=automatisch.lasthourhosting.org -SSL_CERT_EMAIL=support@shilohcode.com -``` -- Add the HOST entries to `automatisch_letsencrypt_nginx.conf` and save before continuing: +- Replace the with the DNS in the `.env` file and save before continuing: ``` # initial nginx conf file needed when running certbot container the first time to generate ssl certs # replace with your DNS i.e.automatisch.lasthourhosting.org @@ -96,7 +88,7 @@ server { cp https/nginx/secondary_automatisch_letsencrypt_nginx.conf https/nginx/automatisch_letsencrypt_nginx.conf ``` -- Add the HOST entries again to `automatisch_letsencrypt_nginx.conf` and save before continuing: +- Replace entries again with `.env` DNS and save before continuing: ``` # nginx conf file to use after LetsEncrypt SSL certs have been created # replace with your DNS i.e.automatisch.lasthourhosting.org @@ -143,7 +135,7 @@ server { } } ``` -- Then rebuild the containers: `docker compose up -d`. After it is rebuilt we should be able to pull up Automatisch at (staging) `https://automatisch.lasthourhosting.org` with a valid cert +- Then rebuild the containers: `docker compose up -d`. After it is rebuilt we should be able to pull up Automatisch at the DNS with a valid SSL cert bound to it ## Cronjob for auto SSL Cert renewals - Locate Docker binary: `whereis docker` or `sudo whereis docker` - It should be in `/usr/bin/docker`, but wherever it is on the system, run `crontab -e` and enter this task to renew the ssl cert, replace `/path/to/docker-compose.yml` with the actual path where the docker-compose.yml file is: