Git Product home page Git Product logo

Comments (8)

enjalot avatar enjalot commented on June 11, 2024 2

looks like its in good working order to me.
nice job getting a test server running!

from blockbuilder.

micahstubbs avatar micahstubbs commented on June 11, 2024

will have a go at this one

from blockbuilder.

micahstubbs avatar micahstubbs commented on June 11, 2024

strategy:

  • test by spinning up a second blockbuilder-frontend server
  • point a subdomain I control at that new server
  • get a cert for that subdomain + new server combination
  • setup nginx as the web server
  • use nginx settings to redirect http to https

once all is well on the blockbuilder-frontend-2 test server

  • setup nginx + http to https redirect on the blockbuilder-frontend production server

from blockbuilder.

micahstubbs avatar micahstubbs commented on June 11, 2024

alright, got my test server working, serving blockbuilder with nginx 🎉

you can check it out at http://blockbuilder.micah.fyi

(and watch the browser upgrade the connection from http to https)

from blockbuilder.

micahstubbs avatar micahstubbs commented on June 11, 2024

will try out this test server for a bit before switching over the main server.

@enjalot want to take a look at http://blockbuilder.micah.fyi, see switching to nginx breaks anything?

from blockbuilder.

micahstubbs avatar micahstubbs commented on June 11, 2024

to remove IPTABLES rules:

sudo iptables -t nat -D PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8889
sudo iptables -t nat -D PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 8443

following this answer:
https://stackoverflow.com/questions/10197405/how-can-i-remove-specific-rules-from-iptables

(we want to remove the IP Tables rules since we will use nginx going forward, since nginx makes it easy to redirect http to https)

from blockbuilder.

micahstubbs avatar micahstubbs commented on June 11, 2024

ok, redirecting http to https

sudo certbot --nginx
#
# ...
#
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: blockbuilder.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for blockbuilder.org
Waiting for verification...
Cleaning up challenges
Could not open file: /etc/nginx/sites-enabled/default
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/blockbuilder.org
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/blockbuilder.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Your existing certificate has been successfully renewed, and the new certificate
has been installed.
The new certificate covers the following domains: https://blockbuilder.org
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=blockbuilder.org
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/blockbuilder.org/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/blockbuilder.org/privkey.pem
   Your cert will expire on 2019-03-03. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
➜  nginx

from blockbuilder.

micahstubbs avatar micahstubbs commented on June 11, 2024

ok, it works 🎉

from blockbuilder.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.