Preamble
Most websites now support SSL (Secure Socket Layer). It encrypts data transmitted between web server and browser and increases website security. In addition, the use of SSL certificates (SSL certificates) is necessary because Google currently prioritizes website rankings based on the https (HTTP + SSL) protocol, websites that only use the http protocol will be considered “unsafe” (unsafe).
There are many types of SSL certificates that provide different levels of security. For example, we can buy an SSL certificate at Namecheap with different prices depending on the type. However in this article we will only talk about the most basic type and how to get it for free ?
Prepare
- You can register AWS server according to the instructions Here
- Because in this article I installed ssl for learning purposes or making webhooks more mischievous if we should consider the difference of free and paid SSL Here
Server
- When there is a brand new server on AWS EC2, the first thing we should do is create an account for deploying the code, in the series of instructions below, I use Ubuntu 18.04 OS and Nginx.
1 2 3 4 5 6 | sudo adduser deploy # Tạo tài khoản deploy su deploy # Truy cập vào tài khoản này mkdir ~/.ssh && vim ~/.ssh/authorized_keys # Tạo ra file xác thực để nhét Public Key sau này ta muốn SSH vào tài khoản này exit # Logout ra tài khoản root sudo usermod -a -G sudo deploy # Cho phép quyền sudo đối với deploy user |
Install Nginx
1 2 3 | sudo apt-get update sudo apt-get install nginx |
Check if nginx is working or not
1 2 | sudo service nginx status |
If running activity is ok then
Install the Certbot Library
1 2 3 4 5 | sudo apt-get install software-properties-common sudo apt-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install certbot python-certbot-nginx |
- Here we have 2 options, one is to run the certbot will configure us from A – Z to run f5 with https always
1 2 | sudo certbot --nginx |
- 2 is going to create us ssl-related files and then we configure ourselves.
1 2 | sudo certbot certonly --nginx |
- In this article, I demo the first one
- After running the command in the first way 1 it will ask me to fill in the email, filling as usual
- Next is agreeing policies and terms (Auto Agree): d
- Ask if you want to share emails to receive news alerts or campaigns (this depends on you)
- Enter the domain name that you want to configure SSL
- Finally, it asks if I want to redirect from HTTP to HTTPS when the user accesses HTTP
- After successful, there will be a little notice where the key files are (Certbot automatically created for me) and the duration of SSL and how to renew.
Finally open the Port
- Regarding the new server of AWS EC2, by default when creating an instance, it only opens for me port 22 for SSH, I will open ports 80 and 443 for http and https.
- First, I go to the dashboard of my instance, https://ap-southeast-1.console.aws.amazon.com/ec2/v2/home because when I created it, I chose ap-southeast to help it lag =))))
- On the left of the screen select instance
- Then, under the description of the
Security groups
section, click onlaunch-wizard-*
- Under Select Inbound> Edit> add rules as shown below
- Done return to Public IP or domain name to check