How to install Letsencrypt with NobeBB and Nginx

In my last tutorial I wrote about how to install nodeBB on ubuntu 14.04 and use nginx as reverse proxy to serve nodeBB. In this tutorial we will install letsencrypt SSL certificate to make sure our nodeBB forum is served over secure https connection.

In this series:

Steps you need to follow:

  1. Install nodeBB forum
  2. Install nginx server
  3. Install letsencrypt client
  4. Obtain letsencrypt SSL certificate
  5. Configure nginx to to use the SSL certificate

For first and second steps see this tutorial –>How to Install NodeBB on Ubuntu 14.04.

Install Letsencrypt client:

Currently best way to install letsencrypt on ubuntu is to clone letsencrypt repository from github. So we will first install git and bc on our system.

sudo apt-get update
sudo apt-get -y install git bc

Now clone letsencrypt repository

sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

You can find copy of letsencrypt repository in the /opt/letsencrypt folder.

You have successfully installed letsencrypt client on your system.

Obtain letsencrypt SSL certificate:

We will be using Webroot plugin to obtain SSL certificate.

Webroot plugin works by placing a special file in the /.well-known directory within your document root, which letsencrypt will open for validation. You need to allow access to this /.well-known directory.

sudo nano /etc/nginx/sites-available/default

inside the nodebb server block we created in last tutorial add this location block:

 location ~ /.well-known {
          allow all;
 }

rv_—_root_nodebbtest___opt_letsencrypt_—_ssh_—_90×29

press ctrl+O then enter to save

press ctrl+x to exit

Reload nginx to load the new configuration.

sudo service nginx reload

Now that we have done the initial setup it’s time to obtain the actual certificate.

Go to letsencrypt  client directory by entering this command:

cd /opt/letsencrypt

Run this command to obtain certificate for your domain  (replace red text with your domain):

./letsencrypt-auto certonly -a webroot --webroot-path=/usr/share/nginx/html -d example.com -d www.example.com

You will be prompted for some information. Exact prompts depends on whether you have used letsencrypt earlier on your system or not.

It will ask for your email address which will be used for notices and lost key recovery.

rv_—_root_nodebbtest___opt_letsencrypt_—_ssh_—_95×25

You will need to agree to Letsencrypt terms of service.

rv_—_root_nodebbtest___opt_letsencrypt_—_ssh_—_95×25 2

if everything goes successfully you will see something like this:

rv_—_root_nodebbtest___opt_letsencrypt_—_ssh_—_93×11

Note the path of your certificate. this is needed in next step.

Configure nginx to to use the SSL certificate:

Now we need to edit the nginx configuration so nginx uses the freshly generated SSL certificate to serve our nodeBB forum over https connection.

sudo nano /etc/nginx/sites-available/default

Delete the server block we created in last tutorial and replace it with the code block below.

Replace with your domain where marked red.

server {
listen 80;
 server_name example.com www.example.com;
 return 301 https://$host$request_uri;
}
server {
 listen 443 ssl;
 server_name example.com www.example.com;
 ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
 location / {
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header Host $http_host;
 proxy_set_header X-NginX-Proxy true;
 proxy_pass http://127.0.0.1:4567/;
 proxy_redirect off;
 # Socket.IO Support
 proxy_http_version 1.1;
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header Connection "upgrade";
 }
 location ~ /.well-known {
 allow all;
 }
}

It should look like this:

rv_—_root_nodebbtest___opt_letsencrypt_—_ssh_—_96×31 2

Now reload nginx to put changes into effect.

sudo service nginx reload

Check your forum by visiting it using https

https://www.example.com

 

Home___NodeBB

Thats it. Hope it help

Next in series: