In my last tutorial I wrote about how to install nodeBB on ubuntu 14.04 and use nginx as reverse proxy to serve nodeBB. In this tutorial we will install letsencrypt SSL certificate to make sure our nodeBB forum is served over secure https connection.
In this series:
- How to Install NodeBB on Ubuntu 14.04 (Previous)
- How to install Letsencrypt with NobeBB and Nginx (This tutorial)
- How to Set up Letsencrypt Auto Renewal (Later)
Steps you need to follow:
- Install nodeBB forum
- Install nginx server
- Install letsencrypt client
- Obtain letsencrypt SSL certificate
- Configure nginx to to use the SSL certificate
For first and second steps see this tutorial –>How to Install NodeBB on Ubuntu 14.04.
Install Letsencrypt client:
Currently best way to install letsencrypt on ubuntu is to clone letsencrypt repository from github. So we will first install git and bc on our system.
sudo apt-get update
sudo apt-get -y install git bc
Now clone letsencrypt repository
sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
You can find copy of letsencrypt repository in the /opt/letsencrypt folder.
You have successfully installed letsencrypt client on your system.
Obtain letsencrypt SSL certificate:
We will be using Webroot plugin to obtain SSL certificate.
Webroot plugin works by placing a special file in the /.well-known directory within your document root, which letsencrypt will open for validation. You need to allow access to this /.well-known directory.
sudo nano /etc/nginx/sites-available/default
inside the nodebb server block we created in last tutorial add this location block:
location ~ /.well-known {
allow all;
}
press ctrl+O then enter to save
press ctrl+x to exit
Reload nginx to load the new configuration.
sudo service nginx reload
Now that we have done the initial setup it’s time to obtain the actual certificate.
Go to letsencrypt client directory by entering this command:
cd /opt/letsencrypt
Run this command to obtain certificate for your domain (replace red text with your domain):
./letsencrypt-auto certonly -a webroot --webroot-path=/usr/share/nginx/html -d example.com -d www.example.com
You will be prompted for some information. Exact prompts depends on whether you have used letsencrypt earlier on your system or not.
It will ask for your email address which will be used for notices and lost key recovery.
You will need to agree to Letsencrypt terms of service.
if everything goes successfully you will see something like this:
Note the path of your certificate. this is needed in next step.
Configure nginx to to use the SSL certificate:
Now we need to edit the nginx configuration so nginx uses the freshly generated SSL certificate to serve our nodeBB forum over https connection.
sudo nano /etc/nginx/sites-available/default
Delete the server block we created in last tutorial and replace it with the code block below.
Replace with your domain where marked red.
server {
listen 80;
server_name example.com www.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name example.com www.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:4567/;
proxy_redirect off;
# Socket.IO Support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ~ /.well-known {
allow all;
}
}
It should look like this:
Now reload nginx to put changes into effect.
sudo service nginx reload
Check your forum by visiting it using https
https://www.example.com
Thats it. Hope it help
Next in series: