search

alan-turing-institute / simulate

A web framework for research simulations.
http://simulate.readthedocs.io
MIT License
4 stars 1 forks source link

Secure HTTPS connection for Azure VM #100

Closed masonlr closed 5 years ago

masonlr commented 6 years ago

Description

Acceptance criteria

Out of scope

Implementation notes

masonlr commented 5 years ago

Follow: https://certbot.eff.org/lets-encrypt/ubuntutrusty-nginx.html

i.e. for a trusty azure VM this corresponds to:

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx

Kill all processes that are listening on port 80 and 443, find them using:

sudo netstat -antlp

Generate /etc/letsencrypt content

sudo certbot certonly --standalone -d simulate.uksouth.cloudapp.azure.com
masonlr commented 5 years ago

Open port 443 via the Azure portal:

image

masonlr commented 5 years ago

Add a volume in the docker-compose.production.json file:

  nginx:
    build: ./nginx
    restart: always
    ports:
      - "80:80"
      - "443:443"
      - "5000:5000"
      - "5010:5010"
      - "5050:5050"
    networks:
      - share
    depends_on:
      - frontend
      - auth
      - middleware
      - manager
    volumes:
      - /etc/letsencrypt/:/etc/letsencrypt/
masonlr commented 5 years ago

Listen for SSL on the main nginx server:

# nginx/project.conf
server {
    listen 80;
    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/simulate.uksouth.cloudapp.azure.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/simulate.uksouth.cloudapp.azure.com/privkey.pem;
    server_name frontend;
    location / {
        proxy_pass http://frontend:80;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}
masonlr commented 5 years ago

Need to configure nginx such that https is used throughout.