Working in a team with no DevOps expertise forces you to manage to get things done regarding infrastructure. We had to install and configure a RabbitMQ instance behind a Nginx with HTTPS. This is a straighforward post on how to install and configure the reverse proxy with Let’s Encrypt.
Nginx
In this tutorial Nginx works as a Reverse Proxy by forwarding external requests from the Internet to the internal service. Let’s get started.
1. Create an A record in your DNS provider:
| Type | Name | Content | TTL |
|---|---|---|---|
| A | yourwebsite | 123.456.78.91 | Auto |
2. Install Nginx and enable it:
sudo apt-get install nginx-full
sudo systemctl enable nginxManage your nginx instance with the commands below:
sudo systemctl restart nginx
sudo systemctl reload nginx
sudo systemctl status nginx3. Create a configuration file in the directory /etc/nginx/sites-available/. A nice pattern is to name the file according to the DNS of your service:
/etc/nginx/sites-available/yourwebsite.com4. Replace the content below according to your necessities:
server {
server_name <YOUR-DNS>;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
client_body_buffer_size 128k;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 16 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_connect_timeout 30s;
proxy_pass http://<YOUR-LOCAL>:<PORT>;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}5. Create a symbolic link to the sites-enabled folder:
sudo ln -s /etc/nginx/sites-available/<your-filename> /etc/nginx/sites-enabled/<your-filename>6. Load the configuration and check the status:
sudo systemctl reload nginx
sudo systemctl status nginxThe output below illustrates that our Nginx is working properly (sensitive data was ommited).
nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2019-08-13 18:18:09 UTC; 3 months 7 days ago
Docs: man:nginx(8)
Main PID: 6027 (nginx)
Tasks: 5 (limit: 4915)
CGroup: /system.slice/nginx.service
├─5198 nginx: worker process
├─5199 nginx: worker process
├─5200 nginx: worker process
├─5201 nginx: worker process
└─6027 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
Aug 13 18:18:09 systemd[1]: Starting A high performance web server and a reverse proxy server...
Aug 13 18:18:09 systemd[1]: Started A high performance web server and a reverse proxy server.
Aug 13 18:53:04 systemd[1]: Reloading A high performance web server and a reverse proxy server.
Aug 13 18:53:04 systemd[1]: Reloaded A high performance web server and a reverse proxy server.
Aug 13 18:58:21 systemd[1]: Reloading A high performance web server and a reverse proxy server.
Aug 13 18:58:21 systemd[1]: Reloaded A high performance web server and a reverse proxy server.Certbot
To enable HTTPS on your website, you need to get a certificate from a Certificate Authority (CA). We can use Let’s Encrypt and the Certbot client to setup the environment.
1. Install Certbot with nginx plugin:
sudo apt-get install python-certbot-nginx2. Execute certbot passing your domain as parameter:
sudo certbot --nginx -d <YOUR-DOMAIN>3. Ensure autorenew is configured in the Linux cronjob:
cat /etc/cron.d/certbotVoilà!
Links
You might find useful the links below: