Updated ssl server setup (markdown)

casey langen 2019-03-14 23:28:58 -07:00
parent 1828744b2c
commit 33460bb9d0

@ -18,16 +18,16 @@ next, let's install `certbot`. we will use this to obtain ssl certificates from
* `sudo apt-get update`
* `sudo apt-get install certbot -t jessie-backports`
**note1**: ensure the host running the musikcube server can accept connections from port 443.
**note1**: ensure the host running the musikcube server can accept connections from port 443 and port 80.
* `sudo certbot certonly --standalone`
**note2**: your machine no longer needs to accept connections from port 443 once the certificates are downloaded.
**note2**: your machine no longer needs to accept connections from port 443 or 80 once the certificates are downloaded.
* `sudo chgrp www-data /etc/letsencrypt/live`
* `sudo chmod 750 /etc/letsencrypt/live`
**note3**: letsencrypt will email you when your cert is about to expire. when that happens, forward port 443 to your host again, and run `sudo letsencrypt renew`. don't forget to shut down the forwarded port after it finishes!
**note3**: letsencrypt will email you when your cert is about to expire. when that happens, forward port 443 and 80 to your host again, and run `sudo letsencrypt renew`. don't forget to shut down the forwarded port after renewal finishes!
# configure nginx