LetsEncrypt HTTPS w/ NodeBB Forum

plebivac

Hello,

I've successfully setup 2 forums using nodebb for the first time. I'm still trying to get better at command line stuff.

I would like my 2 current http:// forums to be https:// - Using something like LetsEncrypt.

Any tips?

0xA4B16

I would recommend https://www.sslforfree.com which is LetsEncrypt based and offers DNS verification, then follow standard nginx ssl guidelines to install the certificates.

Once done check your site here:
https://www.ssllabs.com/ssltest/index.html

My score is 100% after some tuning of nginx

PitaJ

Here's a tutorial for a wildcard cert:

https://blog.nodebb.org/generating-your-first-wildcard-ssl-certificate-via-lets-encrypt/

Here's one for a single thing:

https://community.nodebb.org/topic/8375/how-to-let-s-encrypt-and-nodebb

plebivac

Thanks a bunch for the help! I got it working nice.

The only thing is I am not encrypting any WWW. domain and LetsEncrypt seems to automatically redirect regular traffic to https:// for me. Although if you tried to visit the domain by typing in WWW.domain.com in the address bar it would break.

I followed a guide for fixing the redirect and it seems to work fine, although I'm not sure if I'm using too many server blocks in my file? I tried a few different methods listed on the forums but they did not work "showing too many 301 redirects" - the only way to do it was create a 3rd server block and change port 80 to 443:

# linked file

server {

    server_name altariderhq.com;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;

        proxy_pass http://127.0.0.1:4567;
        proxy_redirect off;

        # Socket.IO Support
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/altariderhq.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/altariderhq.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = altariderhq.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;

    server_name altariderhq.com;
    return 404; # managed by Certbot


}

server {
    server_name www.altariderhq.com;
    return 301 $scheme://altariderhq.com$request_uri;
}

plebivac

This post is deleted!

plebivac

This post is deleted!

yariplus

It's common to have many server blocks. I have a ridiculous amount in mine.