- Register domain and add your email now
- Introduction to Basic Concepts
- Create a login keypair
- Get a server (Digital Ocean)
- Point the domain at your server (an A Record)
- Log in and install stuff
- Buy the certificate with SSLMate
- Tell nginx to serve that domain and your certificate
- You did it
- Some advanced configuration
- In conclusion
Recommended: iwantmyname.
Preference: a .com
.
Can't use: a .org
, .io
, or .voyage
. Possibly others.
ssh-keygen
- Digital Ocean
- Upload your keypair.
- Make a new droplet with your hostname.
- Find the IP address.
- Go to your DNS provider and point your A record to it.
Log in with the private key you made, to the IP address you made:
ssh -i /path/to/key [email protected]
Install nginx:
add-apt-repository ppa:nginx/stable
apt-get update
apt-get -y install nginx
wget -P /etc/apt/sources.list.d https://sslmate.com/apt/ubuntu1404/sslmate.list
wget -P /etc/apt/trusted.gpg.d https://sslmate.com/apt/ubuntu1404/sslmate.gpg
apt-get update
apt-get -y install sslmate
sslmate buy [yourdomain.com]
Download the example config:
cd /etc/nginx/sites-enabled
wget https://gist.githubusercontent.com/konklone/eed13074734b46f901a4/raw/0013afd16864c1600130255b4ba4debdfd7e8a8c/mysite.conf
Edit it to add your domain and key path:
nano mysite.conf
Make a little landing page.
cd /usr/share/nginx/html
rm index.html
nano index.html
Check it's okay:
nginx -t
Restart nginx:
service nginx restart
-
Advanced nginx SSL config options.
-
Making the key and CSR yourself:
openssl genrsa -aes256 -out my-private-encrypted.key 2048
openssl rsa -in my-private-encrypted.key -out my-private-decrypted.key
openssl req -new -sha256 -key my-private-decrypted.key -out mydomain.com.csr
- Getting the cert through a traditional CA, e.g. Namecheap domain certificates..
- CloudFlare
- Amazon S3
- GitHub Pages
I just used this guidance for success! Here are a couple points of clarity that might help others who find this guide:
Under Make a server and point your domain:
You'll want to upload your public key only (the one that saves as '.pub'). With Digital Ocean you can add your public SSH Keys under Settings>Security https://cloud.digitalocean.com/settings/security
Your domain provider (iwantmyname, GoDaddy, etc) is likely your DNS manager, but Digital Ocean also provides DNS management. You can either add your dropet IP as an A record at iwantmyname, or you can update your iwantmyname nameservers to Digital Ocean:
If you update the nameservers be warned that the iwantmyname 1-click apps won't work, and you'll need to port over all of your DNS settings to the Digital Ocean DNS manager.
If you were previously pointing your domain to GitHub's servers for GitHub Pages (iwantmyname has a great app for this), remove those A records altogether, you have your own server now.