SSL Lets Encrypt for EnterMedia with Nginx

To use a Let's Encrypt free SSL certificate within your EnterMedia instance we recommend that you install the Certbot tool with the Nginx package.

 sudo yum install certbot certbot-nginx python-certbot-nginx

Once Certbot is installed you can request a certificate with the command:

 sudo certbot --nginx -d client.entermediadb.net

Certbot should implement all the required configuration settings into your NGINX conf file.

If you need to by pass a firewall, you can request Certbot to get the certtificate-only with custom challenge path and then manually configure Nginx.

Non-Docker installations:

 sudo certbot certonly --cert-name client.entermediadb.net --webroot -w /opt/entermediadb/webapp -d "client.entermediadb.net"

Docker installations:

 sudo certbot certonly --cert-name client.entermediadb.net --webroot -w /media/emsites/MYSITE/webapp -d "client.entermediadb.net"

 

Base Nginx config file

 #Listen 443 port server { listen 443 ssl; server_name client.entermediadb.net; ssl_certificate /etc/letsencrypt/live/client.entermediadb.net/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/client.entermediadb.net/privkey.pem; location / { proxy_max_temp_file_size 2048m; proxy_read_timeout 1200s; proxy_send_timeout 1200s; proxy_connect_timeout 1200s; client_max_body_size 100G; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_pass http://server_location; } } #Redirects 80 Port to 443 server { listen 80; server_name uncg.learningmediadb.com; return 301 https://$host$request_uri; } upstream server_location { least_conn; server localhost:8080; #or use Docker Local IP #server 172.18.0.10:8080; }

Restart the NGINX service in order to establish the new configuration:

 $ sudo service nginx restart

Additionally, you can setup a cron job to renew the certificate. We recommend running the renew script every month. Setting up a cron job for the root user can be accomplished like this:

 30 2 * * 1 certbot renew >> /var/log/le-renew.log