We will setup HTTPS on Nginx using Certbot on an Azure Ubuntu VM
Steps
1) Create VM
2) Config Ports
3) Install Nginx
4) HTTPS using Certbot
Creating Azure Ubuntu VM
- Let's get started by creating Azure VM.
- I'm using ubuntu 18.04 LTS -Ge1 as OS Image and Size :Standard_B1ls - 1vcps. With SSH connection on PORT 22.
- After that I'm going with default settings.
-- SAVE YOUR PRIVATE KEY, KEEP IT SECURE AND DON'T SHARE IT.
Azure Server DNS Config
- Now we change Dynamic to Static Assigment
- We set the Assignment as Static then we choose a DNS name label.
- Here we choose nova-test therefore the VM will be accessible at nova-test.eastus2.cloudapp.azure.com.
- After it is saved let's connect our azure using SSH in terminal.
SSH connection to server
Now let's connect our terminal to server using SSH.
Note: You can always find intructions in VM's Connect Tab
In my PC, I have saved my Private Key(Generated during VM creation) in a root folder called "Key".
- Connection String
ssh -i key.pem user_name@server_name
Note: You can also use public IP to connect instead of server_name
- But before we access the key we need to change the permission of the private key otherwise you might face an issue saying, "Unprotected Private Key File!"
- In order to do that, we need to goto key's dir and fire these commands
sudo chmod 600 test-vm_key.pem
And Volla! We are connected to our server.
Nginx Setup
Now let's get started with our nginx server !
Install nginx server first:
$ sudo apt-get update
$ sudo apt-get install nginx
And Done ???
-- Well technically, yes. Server is ready.
-- But wait you can't access it from browser right now because we haven't added port rule.
-- To access the server we need to add PORT 80 Access Rule to our VM.
-- In order to add rule for port 80, goto Networking Tab and click
Add Inbound Port Rule
Note: You can always check your inbound port rules and add custom rules in VM's Networking Tab.
Now our server can be accessed by browser by visiting nova-test.eastus2.cloudapp.azure.com
As you can see our server is ready but it not secure. We can solve that by adding SSL certificate to our server.
-- And ....yes about the bookmarkbar, I forgot to hide it.
SSL Certificate using Certbot
In order to do that we need to add one last PORT 443 rule. As we know HTTPS runs on port 443 and without 443 access browser can't use https connection.
Now we are ready for SSL certificate.
Installing Certbot
Fire following commands to get started:
-- Installing and updating snap
$ sudo snap install core; sudo snap refresh core
-- Installing Certbot
$ sudo snap install --classic certbot
Note: For More Info visit: https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx.html
Nginx Server Config
Before we initialize our certification process we need to configure our nginx default file.
-- Fire following commands to goto nginx default file
cd /etc/nginx/sites-available
-- Now edit default file. I'm using nano as text edtor.
sudo nano default
- Add domain after
server_name your_domain;
-- Save the file by pressing Ctrl+O, Enter(To Save). Ctrl+X (To Exit)
Certbot --nginx
Run this command to get a certificate and have Certbot edit your Nginx configuration automatically to serve it, turning on HTTPS access in a single step.
$ sudo certbot --nginx
-- Fill the details.
-- Once all the steps completed, you will see message similiar to this:
Congratulations ! We have successfully added certificate to our server.
VOLLA ! We did it. There is just one step remaining which is to restart nginx server.
We can restart it by following command:
$ sudo service nginx reload
Conclusion
We did it, we setup HTTPS on our server for free using Certbot. We did it by creating a VM on Azure and used a custom DNS, added port inbound rules for PORT 80 & 443, installed Nginx and configure default Nginx file. At the end we installed a SSL certification and configured Nginx with Certbot.
Top comments (8)
Hey, I am trying to get through this turorial but I am having some issues. I seem unable to contact the nginx server inside my azure vm. I authorised port 80 on my vm but nothing... Any tips ?
While authorising the port 80, have you used protocol as 'any' ? I'm not very sure about the protocols but 'any' is the one which helped me to connect it with my VM. Moreover, can you also check the ufw configuration ?
Hey thanks for the quick reply !
I did use the any in protocol, here is my conf.
dev-to-uploads.s3.amazonaws.com/up...
Also what do you call ufw ? If that is the firewall conf I don't have any I believe
dev-to-uploads.s3.amazonaws.com/up...
I hope it helps.
Hi, actually I was talking about the ufw firewall that you have to config in linux VM.
And protocol looks great but did you try to connect your vm using public IP ?
Hey ! Yes I have tried connecting with ssh using the public ip that doesn't work, only the dns with the port works. Also I just checked and my ufw is inactive.
Hello, I believe that you have to active ufw firewall. That might solve the problem
Hey, unfortunatly enabeling the firewall didn't work for me, I still can't connect, any other things you have in mind ?
I'm sorry to hear that but I don't have any thing in my mind right now but I find anything new, I will let you know.