HTTP to HTTPS With LetsEncrypt (Django, Nginx)
26 Feb 2018Step 1 Install letsencrypt:
$ sudo apt-get update
$ sudo apt-get install letsencrypt
Step 2: Obtain a SSL certificate:
$ sudo letsencrypt certonly -a standalone
Step 3: Configure the Nginx server:
My conf. file looks like the following:
server {
client_max_body_size 4M;
listen 80 default_server;
listen [::]:80 default_server;
server_name yourwebsite.com www.yourwebsite.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen[::]:443 ssl http2 default_server;
ssl_certificate /etc/letsencrypt/live/yoursite/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yoursite/privkey.pem;
ssl_session_cache shared:SSL:50m;
ssl_stapling_on;
ssl_stapling_verify on;
ssl_session_timeout 1d;
ssl_ciphers: 'you-can-get-your-cipher-at-[mozilla ssl configuration][8]';
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=15768000;
-----------REST-OF-CONFIGURE UNDERNEATH--------
Fill ssl-ciphers
according to https://mozilla.github.io/server-side-tls/ssl-config-generator/
Step 4 (Recommended): Firewall Permissions:
$ sudo ufw allow 'Nginx Full'
$ sudo ufw
$ sudo ufw delete allow 'Nginx HTTP'
Check nginx configuration:
$ sudo nginx -t
Restart the forward proxy and the nginx proxy system:
$ sudo systemctl restart nginx
Step 5 (Optional): Renew certificate:
$ sudo systemctl stop nginx
$ sudo letsencrypt renew
$ sudo systemctl restart nginx