Notes about setting up HTTPS on websites using LetEncrypt and certbot

As a note to self, I added SSL/TLS certificates to a couple of websites using LetEncrypt. Here are a couple of notes about the process:

Notes on how to configure HTTPS/SSL with Nginx (on a Linode Ubuntu server)

Table of Contents1 - Summary2 - New Linode Server3 - Update Everything4 - Ubuntu Firewall5 - Add a New User6 - Disabling Root Login (sshd_config)7 - Limit Login Attempts (sshd_config)8 - Install Nginx and MySQL9 - Adjust Firewall10 - Nginx Configuration11 - Installing Java on Ubuntu12 - NOT what I used: Let’s Encrypt on Ubuntu 16.0413 - (1) Create a cert (openssl)14 - (2) Create a strong Diffie-Hellman group15 - (3) Configure Nginx to Use SSL16 - Adjust the Nginx Configuration to Use SSL17 - (Alternative Configuration) Allow Both HTTP and HTTPS Traffic18 - Adjust the Firewall19 - Enable the Changes in Nginx20 - Test in Browser21 - Nginx "default_server"22 - Can change to a permanent redirect (301)23 - More Security: Preventing Information Disclosure24 - More Security: Fail2Ban25 - Restricting Access by IP Address26 - See also

Without any introduction or discussion, here are the notes I made while learning how to get HTTPS working with Nginx. These are just for me, but if something helps you, cool.

Nginx configuration: How to drop the query string on a rewrite

As a quick note, if you need to drop the query string when configuring an Nginx rewrite request, this syntax works:

rewrite ^/foo/bar.*$  /bar?  permanent;

The key is to use the ? character at the end of the URL/URI you are redirecting users to. That drops the query string, so the user will be redirected to the exact /bar URI.

For more information, see the Nginx rewrite module page.

Handling trailing slash characters with Nginx 301 redirects

As a quick Nginx configuration example, if you need to configure a 301 Redirect with Nginx, and you also need to account for trailing slash characters in the original URL, I can confirm that this solution works for me:

rewrite /foo/bar/baz/?$  /foo/bar/baz.html permanent;

This Nginx configuration line will forward both of these URIs to the new URI:

How to configure Nginx to serve multiple static websites on one server

UPDATE: These days you should put your server configurations in files in the /etc/nginx/sites-enabled directory.

As a short note, if you need to configure Nginx to serve multiple static websites out of one nginx.conf file, I have been using this approach, and it seems to work well:

Notes on configuring Sencha Touch, Nginx, and Play on Mac OS X

These are a few notes on how I set up my Mac OS X development environment for my Radio Pi Mobile application (RPM). The app uses Sencha Touch for the front end, the Scala Play Framework for the backend server, and Nginx to glue them together.

The Play server

The server component of RPM is written using the Scala Play Framework. It runs on port 9000, and I configure it in Nginx like this:

Configuring an Nginx default website

I’m configuring Nginx as my primary web server, with other Apache servers behind it, and I wanted to configure Nginx to serve up a blank page whenever someone tried to hit my server’s IP address, instead of one of the websites that’s hosted on the server. That is, I wanted to serve up a blank page rather than the default Nginx page.

In short, I added this setup information to my nginx.conf configuration file:

An Nginx proxy pass example

As a quick note to self, as I configure my “Mini-Me” application, which has a client written with Sencha Touch 2, and a Play Framework server, I used this Nginx proxy pass configuration: