SSL Lets Encrypt for EnterMedia with Nginx

To use a Let's Encrypt free SSL certificate within your EnterMedia instance we recommend that you install the Certbot tool with the Nginx package.

sudo yum install certbot certbot-nginx python-certbot-nginx

Once Certbot is installed you can request a certificate with the command:

sudo certbot --nginx -d client.entermediadb.net

Certbot should implement all the required configuration settings into your NGINX conf file.

If you need to by pass a firewall, you can request Certbot to get the certtificate-only with custom challenge path and then manually configure Nginx.

Non-Docker installations:

sudo certbot certonly --cert-name client.entermediadb.net --webroot -w /opt/entermediadb/webapp -d "client.entermediadb.net"

Docker installations:

sudo certbot certonly --cert-name client.entermediadb.net --webroot -w /media/emsites/MYSITE/webapp -d "client.entermediadb.net"

 

Base Nginx config file

#Listen 443 port 
server { 
  listen 443 ssl; 
  server_name client.entermediadb.net; 
  ssl_certificate /etc/letsencrypt/live/client.entermediadb.net/fullchain.pem; 
  ssl_certificate_key /etc/letsencrypt/live/client.entermediadb.net/privkey.pem; 

 location / { 
  proxy_max_temp_file_size 2048m; 
  proxy_read_timeout 1200s; 
  proxy_send_timeout 1200s; 
  proxy_connect_timeout 1200s; 
  client_max_body_size 100G; 
  proxy_set_header Upgrade $http_upgrade; 
  proxy_set_header Connection "upgrade"; 
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
  proxy_set_header Host $http_host; 
  proxy_pass http://server_location; 
 } 
} 

#Redirects 80 Port to 443 
server { 
  listen 80; 
  server_name uncg.learningmediadb.com; 
  return 301 https://$host$request_uri; 
} 

upstream server_location { 
  least_conn; 
  server localhost:8080; 
  #or use Docker Local IP #server 172.18.0.10:8080; 
} 

Restart the NGINX service in order to establish the new configuration:

 $ sudo service nginx restart 

Additionally, you can setup a cron job to renew the certificate. We recommend running the renew script every month. Setting up a cron job for the root user can be accomplished like this:

 30 2 * * 1 certbot renew >> /var/log/le-renew.log