Skip to content

Instantly share code, notes, and snippets.

@konklone
Last active January 26, 2017 05:17
Show Gist options
  • Save konklone/98f48a90bfd9cfd076dc to your computer and use it in GitHub Desktop.
Save konklone/98f48a90bfd9cfd076dc to your computer and use it in GitHub Desktop.
HTTPS Workshop notes

Workshop Outline

  1. Register domain and add your email now
  2. Introduction to Basic Concepts
  3. Create a login keypair
  4. Get a server (Digital Ocean)
  5. Point the domain at your server (an A Record)
  6. Log in and install stuff
  7. Buy the certificate with SSLMate
  8. Tell nginx to serve that domain and your certificate
  9. You did it
  10. Some advanced configuration
  11. In conclusion

Get a domain name

Recommended: iwantmyname.

Preference: a .com.

Can't use: a .org, .io, or .voyage. Possibly others.

Creating a keypair

ssh-keygen

Make a server and point your domain

  • Digital Ocean
  • Upload your keypair.
  • Make a new droplet with your hostname.
  • Find the IP address.
  • Go to your DNS provider and point your A record to it.

Configuring your server

Log in with the private key you made, to the IP address you made:

ssh -i /path/to/key [email protected]

Install nginx:

add-apt-repository ppa:nginx/stable
apt-get update
apt-get -y install nginx

Installing SSLMate

wget -P /etc/apt/sources.list.d https://sslmate.com/apt/ubuntu1404/sslmate.list
wget -P /etc/apt/trusted.gpg.d https://sslmate.com/apt/ubuntu1404/sslmate.gpg
apt-get update
apt-get -y install sslmate

Buying the certificate

sslmate buy [yourdomain.com]

Turn the site on

Download the example config:

cd /etc/nginx/sites-enabled
wget https://gist.githubusercontent.com/konklone/eed13074734b46f901a4/raw/0013afd16864c1600130255b4ba4debdfd7e8a8c/mysite.conf

Edit it to add your domain and key path:

nano mysite.conf

Make a little landing page.

cd /usr/share/nginx/html
rm index.html
nano index.html

Check it's okay:

nginx -t

Restart nginx:

service nginx restart

If there's time:

  • Advanced nginx SSL config options.

  • Making the key and CSR yourself:

openssl genrsa -aes256 -out my-private-encrypted.key 2048
openssl rsa -in my-private-encrypted.key -out my-private-decrypted.key
openssl req -new -sha256 -key my-private-decrypted.key -out mydomain.com.csr

Other HTTPS setups

  • CloudFlare
  • Amazon S3
  • GitHub Pages

Resources

@rebeccawilliams
Copy link

rebeccawilliams commented Jan 23, 2016

I just used this guidance for success! Here are a couple points of clarity that might help others who find this guide:

Under Make a server and point your domain:

Upload your keypair.

You'll want to upload your public key only (the one that saves as '.pub'). With Digital Ocean you can add your public SSH Keys under Settings>Security https://cloud.digitalocean.com/settings/security

Go to your DNS provider and point your A record to it.

Your domain provider (iwantmyname, GoDaddy, etc) is likely your DNS manager, but Digital Ocean also provides DNS management. You can either add your dropet IP as an A record at iwantmyname, or you can update your iwantmyname nameservers to Digital Ocean:

screen shot 2016-01-23 at 5 26 13 pm

If you update the nameservers be warned that the iwantmyname 1-click apps won't work, and you'll need to port over all of your DNS settings to the Digital Ocean DNS manager.

If you were previously pointing your domain to GitHub's servers for GitHub Pages (iwantmyname has a great app for this), remove those A records altogether, you have your own server now.

@JJediny
Copy link

JJediny commented Jan 24, 2016

Also see letsencrypt if you want to take it a step further and generate your own ssl keys...
https://github.com/dlapiduz/letsencrypt-s3front

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment