This is good. AWS have a free cert generator now, but I prefer to understand how the config works : better portability. Going to check the rest of your videos now. Keep up the awesome work.
Thanks for the extremely helpful video! The only issue I ran into with HTTPS requests timing out was because I forgot to update my firewall rules to explicitly allow HTTPS, so don't forget to check those if you run into a similar error.
Thank you for sharing! Did you have firewall "on" on DigitalOcean CentOS droplet? As far as I know those are configured without firewall by default. If so, did you have firewalld or iptables?
Juriy Bura Yep, I had configured a Digital Ocean firewall for my machine. Thankfully I remembered I had configured it once I hit the first timeout, but figured I'd post just in case someone else ran into the same thing and forgot they configured a firewall. Thanks again for the really helpful video!
um... let me make sure I have it right.... Do we need to stop the NGINX service to release port 80 before running certbot? The certbor prompted me "Problem binding to port 80: Could not bind to IPv4 or IPv6." at the session of challenges, and it went smoothly after I stop the service. but I still wonder if that step necessary?
Fantastic tutorial series :) Exactly what I needed to get my node application secure, although my config was setup a little differently, i still managed to figure it out :) Thanks bud! EDIT: Finally finished setting up everything, it was a major pain(I had different setup and had issues with certbot because I go through cloudflare so I needed --webroot and --webroot-path), but without your help I wouldn't have know half of what I now know, thank you very much!
If I need to set up 2 servers of the same capacity (behind the load balancer), will the same process must be repeated on both the servers so that my website or API Url that I want to convert to https (from http) with Nginx and let's Encrypt? Do I need to stop 1 server to make the other https while setting it up?
After implementing this i get a 403. Looking at the log it says "directory index of "/home/user/app/public/" is forbidden". How do i fix this? Followed all previous videos and is still working.
II have the same: followed all steps including th-cam.com/video/HhydNtaLEK0/w-d-xo.html about selinux , all seems to be according to the tutorial but I get 403 , "/home//easyio/public/index.html" is forbidden (13: Permission denied)
In my case, I can't generate /live/username/fullchain.pem file. That's because the 80 port is currently listening, so what I have to do is temporarily close the nginx by command 'systemctl stop nginx' Then run 'certbot certonly --standalone -d domain_name' and 'systemctl start nginx' and you can followed the remaining video as Juriy showed.
Nice tutorial sir, I have some questions, If we would like to take it to load balancing website HTTPS , we should put stand alone or not ? And if we generate for your flow ... could I do load balancing with HTTPS SSL or Not ?
why would you want two different reverse proxies on the same machine? I'd stick with either Apache or Nginx to start off with. Then you can reverse-proxy different services under different paths. For example: /api will reverse-proxy port 3030 and /data will reverse-proxy port 4040...
@@JuriyBura because 1: my backend api is written in laravel, which is recommended with apache. And 2. I want to use phpmyadmin over ssh which is served by apache as well. My frontend is just a React SPA so nginx seemed simpler and maybe faster?
@@CodeAbstract The best would be to stick to one HTTP server, either Nginx or Apache. They are performing very similar functions in a slightly different manner. I'm pretty sure Laravel will be quite happy with Nginx, and phpmyadmin can also be served via Nginx. Bottom line: don't use both - everything that we did in this tutorial can be done in Apache too.
@@JuriyBura Thanks for your advice. I will then probably go to one signle http server eventually, like you proposed. But just to answer my question, as I don't really understand how it works. If I use the nginx command on certbot, does that mean that only Nginx can be secured? or is it just for certificate validation on port 80, after which I can reuse the certificate for the backend api service as well? I you could answer this, that would help me very much for a temporary solution. Thanks in advance, it helps a lot!
@@CodeAbstract the command will simply generate certificate that can be later used by any application to secure the communications. It can be used by Nginx, Apache, MySQL, fluentd or any other app that has an ability to use certificates. Hope this helps.
Hi thanks for the content its awesome. I have some specific question: I would like to know how can i run NGNIX with docker and to set the DNS resolver to resolves multiple local node js app running behind NGINX..any suggestion would be appreciable..cheers
@@JuriyBura Yes ur right i am running 3 local node servers with 2 local node with the specific domain names as you mentioned with foo.com and bar.com..and one server with localhost and port say 5000. Now, with NGINX which runs in front of all these local server i would like to resolve their domain name with set static IP configured within NGINX server config file. Now, within Docker 3 specific container would run plus NGINX server itself as one of the container..I hope you get some insight behind all the stuff which i explained. Finally what i am trying to ask can NGINX server also used as DNS resolver or i was thinking to build a local DNS resolver with Node JS DNS module and to use lookup method, where you can create a lookup table inside host file. Sorry for lot of description but any suggestion would help..Thanks and cheers
for people like me who were just using sites-available/ sites-enabled settings and didnt have a conf.d file like me, you will have to delete your sites-enabled file, copy and past the whole thing from Mozilla into your empty site.com.conf file, including the redirect for port 80, then on port 443 ssl server you need to add a location to what ever you're hosting, for me, reverse_proxy a node server, just like sites enabled/ sites available had
Good tutorial! But this configuration wont work for Android users. Example: if user from android will got to webview whicj uses https from such nginx configuration, the android wont load the webview. Nothing will happen. It's because intermediate cert or SNI conf. Dont know exactly the reasone but the problem is.
Hello, can you please help me out for these following errors multiple tries but the same errors. Thank You. Challenge failed for domain hms.mydomain.net http-01 challenge for hms.mydomain.net Cleaning up challenges Some challenges have failed. IMPORTANT NOTES: - The following errors were reported by the server: Domain: hms.mydomain.net Type: dns Detail: DNS problem: NXDOMAIN looking up A for hms.mydomain.net- check that a DNS record exists for this domain
just realised epel-release is an rpm only available package. while yum will install on ubuntu (why I'm not sure), attempting to install epel-release would not work for me on Ubuntu 16. (which was pretty much expected despite yum installing). looking for alternative method found this. blog.cloudboost.io/setting-up-an-https-sever-with-node-amazon-ec2-nginx-and-lets-encrypt-46f869159469 Very similar, uses letsencrypt to generate certs.
Hello!! Very good Juriy Bura, greetings from Argentina ... I have a problem .. I want to connect to a websocket from a url with ssl ... www.domain.com/socket .... configure the nginx as in your video, but at the moment of placing that url in the index.html file, I receive what the socket sends. But if I put the ip and port ... if it works ... what can be happening ??. I wait your answer.. :)
Hi how are you? Almost everthing is fine here. I have problems to add a second node server on my site. I think the problem is the nginx.conf. I created the second server running on port 4040. I deployed the server to my VPS. the server is running as expected started by pm2. If I acces my site to the server I get the homepage of the server. So far so good. Now I changed the config of nginx: here is the config for the first server: location /socket.io/ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection “upgrade”; proxy_pass "localhost:3030/socket.io/“; } location / { proxy_http_version 1.1; proxy_pass "localhost:3030/“; client_max_body_size 200M; } I added this config for the second server: location /journal/socket.io/ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection “upgrade”; proxy_pass "localhost:4040/socket.io/“; } location /journal/ { proxy_http_version 1.1; proxy_pass "localhost:4040/“; client_max_body_size 200M; } Do you have any clue what I am doing wrong? Is this config the way to configurate 2 nodejs servers
Hi! Thanks for the video. I am trying to install SSL certificate for Node application. I got my certificate from COMODO and it's free one. The problem here is, I installed the certificate (Here is the configuration: pastebin.com/b4jaiADA ), and restarted nginx server. It works fine first. But after some time, the server dies showing the status inactive showing following error: Active: failed (Result: exit-code) since Mon 2018-04-23) It works fine on http though. Thanks in advance.
@@kenkelvin4023 it is if done right. MITM attacks are only possible if client agrees to Proxy’s certificates which clients should not do. But social engineering has nothing to do with technical aspects of security.
This is good. AWS have a free cert generator now, but I prefer to understand how the config works : better portability.
Going to check the rest of your videos now.
Keep up the awesome work.
Thanks for the extremely helpful video! The only issue I ran into with HTTPS requests timing out was because I forgot to update my firewall rules to explicitly allow HTTPS, so don't forget to check those if you run into a similar error.
Thank you for sharing! Did you have firewall "on" on DigitalOcean CentOS droplet? As far as I know those are configured without firewall by default. If so, did you have firewalld or iptables?
Juriy Bura Yep, I had configured a Digital Ocean firewall for my machine. Thankfully I remembered I had configured it once I hit the first timeout, but figured I'd post just in case someone else ran into the same thing and forgot they configured a firewall. Thanks again for the really helpful video!
Thanks for setting these videos up, they are fantastic. This actually helps me lots
This is too good . Awesome series . Thanks for the tutorials
Incredible, helped a lot. Hard to find good tutorials integrating SocketIO with NGINX.
You have saved me immensely. No hitch whatsoever. Thank You so much
woow nice tutorial. very detailed explanation. sad to see so many few views.
um... let me make sure I have it right.... Do we need to stop the NGINX service to release port 80 before running certbot?
The certbor prompted me "Problem binding to port 80: Could not bind to IPv4 or IPv6." at the session of challenges, and it went smoothly after I stop the service.
but I still wonder if that step necessary?
This video and you are huge. Respect from Turkey.
Thanks for setting these videos up, they are fantastic!
Explained very well. I set up my SSL server within minutes! Thanks
As usual, saving the day. Brilliant
I am using rsocket spring boot with ws protocol - it does not work with https when I follow your example. I got error mix https with ws.
how to enable auto renew so you dont have to do it manually after 90 days?
thank you ! I don`t know what would I do without this video
You're AWESOME!
And to everyone: don't forget to stop your server if it is already running when enabling certbot.
Yes, this helped me a lot to understand more about nginx. - nginx newbie here. thank you so much. please upload more :)
Fantastic tutorial series :) Exactly what I needed to get my node application secure, although my config was setup a little differently, i still managed to figure it out :) Thanks bud!
EDIT: Finally finished setting up everything, it was a major pain(I had different setup and had issues with certbot because I go through cloudflare so I needed --webroot and --webroot-path), but without your help I wouldn't have know half of what I now know, thank you very much!
can you share , how to setup it for nde
@@marianoanastasi6701 xxh
Bxxxpuq
@@marianoanastasi6701
E
If I need to set up 2 servers of the same capacity (behind the load balancer), will the same process must be repeated on both the servers so that my website or API Url that I want to convert to https (from http) with Nginx and let's Encrypt? Do I need to stop 1 server to make the other https while setting it up?
Awesome tutrial man, great job! :D
These videos are brilliant. Thanks for making them.
So grateful for this! 🙏🏻
You are a really good teacher. Thanks for doing these videos.
Got many errors and finally got stuck at:
Error getting repository data for rhel-7-server-optional-rpms, repository not found
Very nice video, clear and detailed!
Thanks a lot!
@11:22 "It's a little bit cryptic"
:D nicely done
After implementing this i get a 403. Looking at the log it says "directory index of "/home/user/app/public/" is forbidden". How do i fix this? Followed all previous videos and is still working.
II have the same: followed all steps including th-cam.com/video/HhydNtaLEK0/w-d-xo.html about selinux , all seems to be according to the tutorial but I get 403 , "/home//easyio/public/index.html" is forbidden (13: Permission denied)
Probably I missed the video about serving static files , with some security issues on home dir's , it is working now
In my case, I can't generate /live/username/fullchain.pem file.
That's because the 80 port is currently listening, so what I have to do is temporarily close the nginx by command 'systemctl stop nginx'
Then run 'certbot certonly --standalone -d domain_name' and 'systemctl start nginx' and you can followed the remaining video as Juriy showed.
Thank a lot!
Nice tutorial sir,
I have some questions,
If we would like to take it to load balancing website HTTPS , we should put stand alone or not ? And if we generate for your flow ... could I do load balancing with HTTPS SSL or Not ?
Hello, did you stop Apache server (port 80) ?
Excellent, this is how it is done!
Great work.
Really good explinations !!! thanks!
how it will work with dynamic pages , like SSR angular app
what if you use apache on differernt port for you api backend, and nginx on port 80 for your frontend?
why would you want two different reverse proxies on the same machine? I'd stick with either Apache or Nginx to start off with. Then you can reverse-proxy different services under different paths. For example: /api will reverse-proxy port 3030 and /data will reverse-proxy port 4040...
@@JuriyBura because 1: my backend api is written in laravel, which is recommended with apache.
And 2. I want to use phpmyadmin over ssh which is served by apache as well.
My frontend is just a React SPA so nginx seemed simpler and maybe faster?
@@CodeAbstract The best would be to stick to one HTTP server, either Nginx or Apache. They are performing very similar functions in a slightly different manner. I'm pretty sure Laravel will be quite happy with Nginx, and phpmyadmin can also be served via Nginx.
Bottom line: don't use both - everything that we did in this tutorial can be done in Apache too.
@@JuriyBura Thanks for your advice. I will then probably go to one signle http server eventually, like you proposed.
But just to answer my question, as I don't really understand how it works. If I use the nginx command on certbot, does that mean that only Nginx can be secured? or is it just for certificate validation on port 80, after which I can reuse the certificate for the backend api service as well? I you could answer this, that would help me very much for a temporary solution.
Thanks in advance, it helps a lot!
@@CodeAbstract the command will simply generate certificate that can be later used by any application to secure the communications. It can be used by Nginx, Apache, MySQL, fluentd or any other app that has an ability to use certificates. Hope this helps.
Hi thanks for the content its awesome. I have some specific question: I would like to know how can i run NGNIX with docker and to set the DNS resolver to resolves multiple local node js app running behind NGINX..any suggestion would be appreciable..cheers
You mean, you want to have each node app to respond to its own domain? E.g node on port 3000 for foo.com and another process on port 4000 for bar.com?
@@JuriyBura Yes ur right i am running 3 local node servers with 2 local node with the specific domain names as you mentioned with foo.com and bar.com..and one server with localhost and port say 5000. Now, with NGINX which runs in front of all these local server i would like to resolve their domain name with set static IP configured within NGINX server config file.
Now, within Docker 3 specific container would run plus NGINX server itself as one of the container..I hope you get some insight behind all the stuff which i explained.
Finally what i am trying to ask can NGINX server also used as DNS resolver or i was thinking to build a local DNS resolver with Node JS DNS module and to use lookup method, where you can create a lookup table inside host file. Sorry for lot of description but any suggestion would help..Thanks and cheers
the final version file is a 404. Can you please review the link?
Great tutorials!
What about certificate renewal? I expect that after 90 days, the certificate won't be valid anymore?
Haha, good question I see as you later made a video on it: th-cam.com/video/awQlSBiAqnU/w-d-xo.html
for people like me who were just using sites-available/ sites-enabled settings and didnt have a conf.d file like me, you will have to delete your sites-enabled file, copy and past the whole thing from Mozilla into your empty site.com.conf file, including the redirect for port 80, then on port 443 ssl server you need to add a location to what ever you're hosting, for me, reverse_proxy a node server, just like sites enabled/ sites available had
where did you get a privkey.pem?
Thank you very much this was nice and clear
Good tutorial! But this configuration wont work for Android users. Example: if user from android will got to webview whicj uses https from such nginx configuration, the android wont load the webview. Nothing will happen. It's because intermediate cert or SNI conf. Dont know exactly the reasone but the problem is.
Hello, can you please help me out for these following errors multiple tries but the same errors.
Thank You.
Challenge failed for domain hms.mydomain.net
http-01 challenge for hms.mydomain.net
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: hms.mydomain.net
Type: dns
Detail: DNS problem: NXDOMAIN looking up A for hms.mydomain.net-
check that a DNS record exists for this domain
Thank you for this great resource!
just realised epel-release is an rpm only available package. while yum will install on ubuntu (why I'm not sure), attempting to install epel-release would not work for me on Ubuntu 16. (which was pretty much expected despite yum installing).
looking for alternative method found this.
blog.cloudboost.io/setting-up-an-https-sever-with-node-amazon-ec2-nginx-and-lets-encrypt-46f869159469
Very similar, uses letsencrypt to generate certs.
Thanks for sharing! There are plenty of viewers who are using Ubuntu and re-applying similar steps.
i need help to run node with ssl! anyone can help me?
Hello!! Very good Juriy Bura, greetings from Argentina ... I have a problem .. I want to connect to a websocket from a url with ssl ... www.domain.com/socket .... configure the nginx as in your video, but at the moment of placing that url in the index.html file, I receive what the socket sends.
But if I put the ip and port ... if it works ... what can be happening ??. I wait your answer.. :)
Hi, so if it works with host name, why would you want to put IP address directly? Can you describe the use case?
thank you for sharing . please share all setup video , with Ubuntu 16.04 and Linode.com
Pranay Soni that's a good idea!
thank you.
Hi how are you?
Almost everthing is fine here. I have problems to add a second node server on my site. I think the problem is the nginx.conf. I created the second server running on port 4040. I deployed the server to my VPS. the server is running as expected started by pm2. If I acces my site to the server I get the homepage of the server. So far so good.
Now I changed the config of nginx:
here is the config for the first server:
location /socket.io/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
proxy_pass "localhost:3030/socket.io/“;
}
location / {
proxy_http_version 1.1;
proxy_pass "localhost:3030/“;
client_max_body_size 200M;
}
I added this config for the second server:
location /journal/socket.io/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
proxy_pass "localhost:4040/socket.io/“;
}
location /journal/ {
proxy_http_version 1.1;
proxy_pass "localhost:4040/“;
client_max_body_size 200M;
}
Do you have any clue what I am doing wrong? Is this config the way to configurate 2 nodejs servers
Hi! Thanks for the video. I am trying to install SSL certificate for Node application. I got my certificate from COMODO and it's free one. The problem here is, I installed the certificate (Here is the configuration: pastebin.com/b4jaiADA ), and restarted nginx server.
It works fine first. But after some time, the server dies showing the status inactive showing following error:
Active: failed (Result: exit-code) since Mon 2018-04-23)
It works fine on http though.
Thanks in advance.
Your certificate has expired :D
Hehe! Good one! I should then make a video about how to renew it! :)
NIKE
MITMproxy
Sorry, didn’t get it 🙂 what’s with MITMproxy here?
@@JuriyBura ssl isn’t as “ secure “
@@kenkelvin4023 it is if done right. MITM attacks are only possible if client agrees to Proxy’s certificates which clients should not do. But social engineering has nothing to do with technical aspects of security.