Closed masonlr closed 5 years ago
Follow: https://certbot.eff.org/lets-encrypt/ubuntutrusty-nginx.html
i.e. for a trusty
azure VM this corresponds to:
$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx
Kill all processes that are listening on port 80 and 443, find them using:
sudo netstat -antlp
Generate /etc/letsencrypt content
sudo certbot certonly --standalone -d simulate.uksouth.cloudapp.azure.com
Open port 443 via the Azure portal:
Add a volume in the docker-compose.production.json
file:
nginx:
build: ./nginx
restart: always
ports:
- "80:80"
- "443:443"
- "5000:5000"
- "5010:5010"
- "5050:5050"
networks:
- share
depends_on:
- frontend
- auth
- middleware
- manager
volumes:
- /etc/letsencrypt/:/etc/letsencrypt/
Listen for SSL on the main nginx server:
# nginx/project.conf
server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/simulate.uksouth.cloudapp.azure.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/simulate.uksouth.cloudapp.azure.com/privkey.pem;
server_name frontend;
location / {
proxy_pass http://frontend:80;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Need to configure nginx such that https is used throughout.
Description
Acceptance criteria
Out of scope
Implementation notes