Skip to main content

Installing SSL (LetsEncrypt or other)

Install certbot

sudo apt install certbot python3-certbot-nginx

Make file /etc/nginx/sites-enabled/grusher look like this

Replace YOUR_URL in config on your real URL (like grusher.in.ua)

server {
    root /var/www/html;
    server_name YOUR_URL;
    charset utf-8;
    # We will be use main settings in /var/www/html/.nginx
    include /var/www/html/.nginx;

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/YOUR_URL/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/YOUR_URL/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    if ($scheme != "https") {
                return 302 https://$host$request_uri;
    } # managed by Certbot
}
server {
    server_name YOUR_URL;
    charset utf-8;
    listen 8443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/YOUR_URL/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/YOUR_URL/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    location / {
        proxy_pass http://127.0.0.1:8080/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header Host $host;
    }
}

Change on config/grusher_modules.php port in web_socket_port_for_web on 8443

sudo nginx -t
sudo systemctl reload nginx

Setting Firewall (if enabled)

sudo ufw status
Output
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
Nginx HTTP                 ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Nginx HTTP (v6)            ALLOW       Anywhere (v6)
sudo ufw allow 'Nginx Full'
sudo ufw delete allow 'Nginx HTTP'
sudo ufw status
Output
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
Nginx Full                 ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
Nginx Full (v6)            ALLOW       Anywhere (v6)

Installing cert

sudo certbot --nginx -d example.com -d www.example.com

Manual update cert

sudo certbot renew --dry-run