DEV Community

Arbythecoder
Arbythecoder

Posted on

1

Day 32: Securing Your Personal Blog with SSL/TLS (A Beginner's Guide)

Let's face it: Nobody wants their personal blog to be vulnerable. A few weeks ago, I was setting up a new blog on Kubernetes, and I realized how crucial it was to secure it with SSL/TLS. This tutorial will walk you through the process, even if you're new to Kubernetes. We'll use the Nginx Ingress Controller and Cert-Manager to make it easy.

Objective: Secure a simple application (like a personal blog) running on Kubernetes using SSL/TLS certificates automatically obtained from Let's Encrypt.

Prerequisites:

  • A Kubernetes cluster (Minikube is a great option for beginners!).
  • kubectl configured to access your cluster.
  • A basic understanding of Kubernetes concepts (we'll explain the important ones as we go!).

Steps:

1. Install Nginx Ingress Controller:

The Nginx Ingress Controller acts as a reverse proxy, directing traffic to your application. Think of it as a smart bouncer for your blog.

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/cloud/deploy.yaml
Enter fullscreen mode Exit fullscreen mode

This command applies a YAML configuration file. This file creates all the necessary Kubernetes components (namespaces, service accounts, etc.) to run the Nginx controller.

What's happening here? We're using a pre-built YAML file to automate the deployment. It handles the complexities of setting up the controller, so you don't have to!

2. Verify Installation:

Let's check if the controller is running.

kubectl get pods -n ingress-nginx
Enter fullscreen mode Exit fullscreen mode

You should see pods with a "STATUS" of "Running". If you see any errors, check the pod logs for clues: kubectl logs <pod-name> -n ingress-nginx.

3. Install Cert-Manager:

Cert-Manager automates the process of getting and renewing SSL certificates from Let's Encrypt. It's like a magic certificate machine!

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.yaml
Enter fullscreen mode Exit fullscreen mode

This installs Cert-Manager. [Insert Screenshot of the command and successful output.] Make sure you're using a compatible version.

4. Create a Certificate Issuer (Let's Encrypt Configuration):

We need to tell Cert-Manager to use Let's Encrypt. Create a file named issuer.yaml with this content, replacing <your-email@example.com> with your email address:

apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: <your-email@example.com>
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
    - http01:
        ingress:
          class: nginx
Enter fullscreen mode Exit fullscreen mode

This configures Cert-Manager to use Let's Encrypt for certificate issuance.

5. Apply the Issuer:

kubectl apply -f issuer.yaml
Enter fullscreen mode Exit fullscreen mode

This makes the Let's Encrypt configuration active.

6. Configure Ingress with TLS:

Now, let's secure your blog! Create ingress.yaml:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: my-blog-ingress
  annotations:
    cert-manager.io/issuer: "letsencrypt-prod"
spec:
  tls:
  - hosts:
    - myblog.example.com  # Replace with your domain
    secretName: my-blog-tls
  rules:
  - host: myblog.example.com # Replace with your domain
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-blog-service # Replace with your service name
            port:
              number: 80
Enter fullscreen mode Exit fullscreen mode

Remember to replace placeholders with your domain and service name.

7. Apply the Ingress:

kubectl apply -f ingress.yaml
Enter fullscreen mode Exit fullscreen mode

This creates the Ingress resource. Cert-Manager will automatically start getting your certificate.

8. Test the Secure Ingress:

Once the certificate is issued (check the status of the secret my-blog-tls), access your blog via HTTPS: https://myblog.example.com.

Likely Challenges Encountered:

  • DNS Propagation: It might take time for your DNS changes to take effect. Be patient!
  • Rate Limits: Let's Encrypt has rate limits. If you encounter issues, try again later.
  • HTTP-01 Challenge: This challenge requires your Ingress controller to be publicly accessible. Check your firewall settings.

Speedy emails, satisfied customers

Postmark Image

Are delayed transactional emails costing you user satisfaction? Postmark delivers your emails almost instantly, keeping your customers happy and connected.

Sign up

Top comments (0)

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

👋 Kindness is contagious

Explore a sea of insights with this enlightening post, highly esteemed within the nurturing DEV Community. Coders of all stripes are invited to participate and contribute to our shared knowledge.

Expressing gratitude with a simple "thank you" can make a big impact. Leave your thanks in the comments!

On DEV, exchanging ideas smooths our way and strengthens our community bonds. Found this useful? A quick note of thanks to the author can mean a lot.

Okay