DEV Community

D. Dhanushka
D. Dhanushka

Posted on

How to create an HTTPS web server using Certbot & Azure cloud

Introduction

Before going to the tutorial, lets take a brief look at HTTP and HTTPS. HTTPS stands for HyperText Transfer Protocol Secure which is also referred to as HTTP over TLS or HTTP over SSL. Most websites today use HTTPS not HTTP. So, What is the difference?

Alt Text

The difference can be explained using the above figure.
HTTP transfers data between the browser and the web server in the hypertext format, in other words, hackers can see what you are receiving and sending between the browser and the server.

To solve these issues, HTTPS was introduced. HTTPS encrypts all the data before transferring. Hackers can not read or modify the data during the transfer between the web server and the browser. Even if they managed to intercept the communication, no one can read the encrypted data.

Alt Text

HTTPS uses the TLS protocol (Transport Layer Security) to encrypt communications. TLS is also known as SSL (Secure Socket Layer).The type of security method uses by the SSL is asymmetric public-key encryption that uses two different keys to encrypt and decrypt the data communication between the two parties.

  1. The private key  -  stored on a web server (controlled by the owner) and this is private. This key is used to decrypt information encrypted by the public key.

  2. The public key  -  Available to everyone who wants to communicate with the server. Data that is encrypted by the public key can only be decrypted by the private key. 

I think now you have some basic knowledge about the differences between the HTTP and HTTPS. Let's move on to the practical part. Before that, you should be aware that there are many other ways to create an HTTPS server without using certbot application and Azure cloud platform

The whole process can be broken down into 4 steps.

  1. Create a Microsoft Account
  2. Build a new virtual machine on Azure cloud platform.
  3. Connect to the VM via SSH and configure it.
  4. Test the connection with ssllabs.

1. Create a Microsoft Account

  • First thing we need to do is signing into the Microsft Azure account. Even though they don't charge you, you have to enter credit card details when creating the account. 

Alt Text
Create your Azure free account

If you are a university student, you may get the Microsft Azure student offer. All you have to do is providing your university email. No need to enter credit card details.

Alt Text
Get Azure for Students - Free Account Credit | Microsoft Azure

  • After creating the account sign in to it and go to the Azure Portal. This dashboard allows you to manage each cloud service which Microsft provides. Alt Text

2. Build a new virtual machine

  • Visit VM section by clicking on the Virtual Machines icon on the portal. Then Select Add > Virtual machine on the menu.
    Alt Text

  • On the Basic tab, you need to set a name for your VM, select the region you need. Select which OS you are willing to run on the VM. I am using Ubuntu Server 16 LTS. Then select machine size and SSH as the authentication type.

  • The most important part is the port rules section. Select SSH(22), HTTPS(443) and HTTP(80) as inbound ports.
    Alt Text

  • Leave all the setting as they are on other tabs such as Disks, Networking, Advanced, etc unless you don't know much about them. For this tutorial, these Basic setting are enough.

  • Click on 'Review+Create'. You can review the VM settings you have set. If something is the wrong click on the Previous button and do the changes you need. Finally, click the Create button.
    Alt Text

  • Download SSH private key. Azure doesn't store the private key. After the SSH key resource is created, you will not be able to download the private key again. 
    Alt Text
    Alt Text

  • It may take about a minute to create the VM. After it deployed, go to the created VM by clicking 'Go to resource' button. On this page, you can manage the VM you created.
    Alt Text
    Alt Text

  • By default the VM doesn't have a DNS name. To create a new DNS we have to stop the VM for a little. Click Stop button to stop the VM. Azure will ask whether to reserve the Public IP address or not. Check the box and click OK.
    Alt Text

  • Now click configure link next do DNS name. Select the Static DNS assignment option. Type a DNS name label. A green check icon will appear if the given name is valid. Then save the configuration. Go back to VM dashboard and Start the VM.
    Alt Text
    Alt Text

3. Connect to the VM via SSH and configure it.

Now you have a working VM. If we visit the IP or the DNS now the browser will show an error saying the site can't be reached.

The first thing you need to do is connecting to the VM using SSH protocol. If you are on Linux, you can just do it on the terminal. But if you are on Windows, you have to download an SSH client software like putty. Download and install it on windows. Putty settings for SSHing into a server may vary a bit. But I am sure you can manage it. It is not a big deal.

Download SSH for Windows (putty)

From now on you will have to run commands in both the VM and your host machine. To avoid running those commands in the wrong machine I will label each of the commands.

(VM) <command 1> - Run this on your VM's terminal.
(host) <command 2> - Run on your machine.

  • Before using the private key, you have to change the access mode of the file.
    (host) sudo chmod 400 httpsVM_key.pem
    Alt Text

  • Now connect to the VM in your terminal. On Linux, use the below command. -i denotes for identity file. You should give the path to the downloaded private key file.
    (host) sudo ssh -i httpsVM_key.pem azureuser@52.188.53.51
    Alt Text

  • After remote login in, update the system repositories.
    (VM) sudo apt-get update

  • As the next step we will install apache2.
    (VM) sudo apt-get install apache2

  • Copy IP address or DNS name from VM page and paste it on browser URL. You will see your server is ready on port 80.
    Alt Text

  • Delete default apache2 index page. /var/www/html directory contains the files of the website.
    (VM) sudo rm /var/www/html/index.html

  • Now copy your website's index.html to /var/www/html directory. How do we copy a file from our host PC to our VM? We use SCP (secure copy) command. Open a new terminal and run these commands.
    (host) sudo scp -i ~/Downloads/httpsVM_key.pem index.html azureuser@52.188.53.51:/home/azureuser
    Alt Text
    Then copy the file to the HTML directory.
    (VM) sudo cp index.html /var/www/html
    Check the result by visiting the IP address again.
    Alt Text

  • Add certbot repository and install it using these commands.
    (VM) sudo add-apt-repository universe
    (VM) sudo add-apt-repository ppa:certbot/certbot
    (VM) sudo apt-get install python-certbot-apache

  • Now obtain the SSL certificate from letsEncrypt server by running this command. Make sure your DNS name is given correctly.
    (VM) sudo certbot --apache -d tenet.eastus.cloudapp.azure.com

  • It will ask few details step by step. Enter an email for security notices. Agree to the Terms and conditions. 
    When it asks, "Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access", select 2:Redirect option by entering 2.
    Alt Text

4. Test the connection with ssllabs.

Alt Text

  • Congratulations, now you have an HTTPS server!  Now let's test our SSL server.

Visit SSL labs

  • Paste the domain name of your web server. It may take few minutes to get the result. Alt Text

Your certificate and chain is stored at:
/etc/letsencrypt/live/<domain>/fullchain.pem

Key file:
/etc/letsencrypt/live/<domain>/privkey.pem

Web root:
/var/www/html

Your SSL configuration file is:
etc/apache2/sites-enabled/000-default-le.ssl.conf

  • [Important!] After you finish this tutorial stop the VM. Otherwise, you will waste your free credits for the platform.

  • There are other easy peasy ways of doing this job. But I hope you got a good idea about how to create an HTTPS server on Azure cloud. Stay safe!

"Why do we fall? So we can learn to pick ourselves back up." ~ Crhistoper Nolan

Discussion (4)

Collapse
suvink profile image
Suvin Nimnaka

Good read!

Collapse
ddhanushka profile image
D. Dhanushka Author

Thanks pro

Collapse
profescore profile image
profescore

Nice Write up! Does this process work for nginx running in a docker container in a linux VM?

Collapse
ddhanushka profile image
D. Dhanushka Author

I don't think so. As I know the process is different with Nginx and dockers.
cloudbooklet.com/how-to-install-ng...
Hope this will help you in this situation.