0

To begin with - I'm really new to this stuff. I want to get ssl certificates for the webapp I'm working on. I look forward to any advices. Using Ubuntu 20.04

So here's the structure:

  • I'm using Nginx for providing my frontend on port 80 listening to my specified server_name (domain name of the server).

  • The node.js backend is running with pm2 on the IP address of the server on port 60702.

What I've tried:

I tried to get certificates from letsencrypt and got them ready for my frontend like it was described here digitalocean:

server{
        # SSL configuration
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;

        add_header 'Access-Control-Allow-Origin' '*';
        add_header 'Access-Control-Allow-Credentials' 'true';
        add_header 'Access-Control-Allow-Headers' 'Authorization,Accept,Origin,DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Content-Range,Range';
        add_header 'Access-Control-Allow-Methods' 'GET,POST,OPTIONS,PUT,DELETE,PATCH';

        # Path to certificates and configuration
        include snippets/self-signed.conf;
        include snippets/ssl-params.conf;
        ...

In vue config I set https to true:

module.exports = {
  baseUrl: './',
  devServer: {
    port: 8080,
    https: true,
    disableHostCheck: true
  }
};

The problem was in my backend. I tried it like:

https.createServer({
     key: fs.readFileSync('certs/selfsigned.key', 'utf8'),
     cert: fs.readFileSync('certs/selfsigned.crt', 'utf8'),
    //key: fs.readFileSync('certs/key.pem', 'utf8'),
    //cert: fs.readFileSync('certs/cert.pem', 'utf8'),
    rejectUnauthorized: false
  }, app)
  .listen(nconf.get('port'), function() {
    console.log(`App listening on port ${nconf.get('port')}! Go to https://MY_IP:${nconf.get('port')}/`)
  });

But I read here: letsencrypt on IP addresses that letsencrypt doesn't provide certificates on IP addresses.

So how can I get certificates for my application then? How would I do it properly?

Do I need to link certificates to front- and backend?

why me
  • 301
  • 1
  • 2
  • 15

1 Answers1

1

From my limited as well experience so far with nginx, you need to add the following lines in the nginx default:

    ssl on;
    server_name your.domain.com;
    ssl_certificate /domain1/ssl-bundle.crt;
    ssl_certificate_key /domain1/server.key;

Also, in the default, you would need to add the location details for your nodejs server:

location / {
    proxy_pass http://yourip:port/route;
}

Lastly, I am not using certificates within my nodejs,it is an HTTP one, instead I let nginx handle those. The bundle.crt, contains both the rootca and public certificate as it is a self signed one in the above example.

Miguel Hughes
  • 117
  • 12
p4n1
  • 107
  • 1
  • 7
  • All right, that helps alot to begin with, thanks! Could you explain the proxy pass thing? I don't have to edit kmy internal api structure when using it? – why me Feb 18 '21 at 08:58
  • that would be your domain or your IP:60702. Also, note that since nginx for https will listen by default at 443 and not 80. – p4n1 Feb 18 '21 at 09:04
  • Yea, I also used port 443 in my example. What is the `/route` at proxy pass? – why me Feb 18 '21 at 09:16
  • I meant if you wanted to point to a specific folder after the port, if not, ignore it – p4n1 Feb 18 '21 at 13:27
  • All right, so I don't have to specify my backend apis there? That's good. – why me Feb 18 '21 at 19:34