How to Deploy a Simple Secured HTTPS Website on Ubuntu with Let's Encrypt and DuckDNS
Prerequisites
- A computer running Ubuntu.
- Access to your home router to open ports.
- A DuckDNS domain name.
Step 1: Create a DuckDNS Domain Name
- Visit DuckDNS and create an account.
- Create a new subdomain and assign it to your router's external IP address.
Step 2: Configure Your Home Router
- Open the router settings page (usually available at
192.168.1.1
or192.168.0.1
). - Forward the following ports to your Ubuntu machine’s internal IP address:
- Port 80 (HTTP)
- Port 443 (HTTPS) In my case it's a orange wifi box
If you've got a orange box follow this link :
How to configure nat rules for applications server
Step 3: Check Your External IP Address
Visit mon-ip.info to verify your external IP address.
Step 4: Configure Firewall
Open your terminal and run the following commands to configure the firewall:
sudo ufw enable
sudo ufw status verbose
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw reload
sudo ufw status
Step 5: Install Nginx
Install Nginx if it's not already installed:
sudo apt update
sudo apt install nginx
Step 6: Create Nginx Configuration for Your Domain
Create an Nginx configuration file for your DuckDNS domain:
sudo nano /etc/nginx/sites-available/mydomainename.duckdns.org
Add the following configuration:
server {
listen 80;
server_name mydomainename.duckdns.org www.mydomainename.duckdns.org;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name mydomainename.duckdns.org www.mydomainename.duckdns.org;
ssl_certificate /etc/letsencrypt/live/mydomainename.duckdns.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mydomainename.duckdns.org/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" always;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
location / {
try_files $uri $uri/ =404;
}
}
Step 7: Enable Your Nginx Configuration
Create a symbolic link to enable the site:
sudo ln -s /etc/nginx/sites-available/mydomainename.duckdns.org /etc/nginx/sites-enabled/
Test the Nginx configuration and restart Nginx:
sudo nginx -t
sudo systemctl restart nginx
sudo nginx -t
sudo systemctl restart nginx
Step 8: Obtain SSL Certificate with Let's Encrypt
Install Certbot and the Nginx plugin:
sudo apt update
sudo apt install certbot python3-certbot-nginx
Generate the SSL certificate:
sudo certbot --nginx -d mydomainename.duckdns.org -d www.mydomainename.duckdns.org
Step 9: Verify and Reload Nginx
!!! Verify that the generated Let's Encrypt certificate has the same name as in your Nginx config.
Follow the prompts to complete the certificate
Reload Nginx to apply the new configuration:
sudo systemctl reload nginx
Your secured HTTPS website should now be live and accessible via your DuckDNS domain name.
Top comments (1)
Interesting article, I think you might have a spelling error in the title though, you may have meant 'server'. Nice read nonetheless.