This is a short blog on the overcoming friction when I was trying to make my application live through DNS. Back then, my knowledge of web servers was limited to terms like “XAMPP” and “port forwarding” from my adventures with Metasploit.
Then, during my time at a travel based company, I encountered the raw power of servers. The intricate backend systems were a revelation, showcasing the potential of web servers like Nginx for both microservice architectures and, well, complexity (especially when lacking a solid foundation).
Anyway with determination to know more about nginx and I went through Official Nginx Documentation. What fascinated me was its ability to handle a massive requests across multiple servers, efficiently routing them based on user location, api headers or routes. This concept of load balancing is a game-changer for high-traffic applications.
Why HTTPs ?
When you visit a website using HTTP, the data travels in plain text, making it vulnerable to eavesdropping or tampering by malicious actors.
HTTPS fixes this by encrypting the data using a technology called Secure Sockets Layer (SSL) or its successor, Transport Layer Security (TLS). Encryption makes data unreadable to anyone intercepting it. This ensures the privacy and integrity of information exchanged between your web browser and the server.
How Certbot Makes HTTPS Easy
While using HTTPS is crucial, obtaining and managing the necessary security certificates can be a headache. This is where Certbot steps in. Certbot is a free, open-source software tool that simplifies the process of obtaining and installing SSL certificates for your server. It helps in automates certificate issuance from a trusted authority, integrates with web servers, and handles renewals.
Setting Up Nginx on GCP
Now this was the time I should install and try nginx. I already had a GCP VM instance. Start with running some command-line command —
Sudo apt install nginx
cd /etc/nginx/sites-enable/
sudo nano yourdomain.comSince I already had a domain in hand so I went through file-based configuration approach (creating a file based on you domain name ) establishing the flow: DNS -> VM -> Nginx configuration file.
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
location / {
proxy_pass http://localhost:8080; # Adjust if your app runs on a different port
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}Next came the crucial step: securing communication with an SSL certificate. But first, make sure to configure the DNS to forward the incoming request to the VM IP. It depends on the service providing DNS (In my case it was google domain service).
Once the DNS → VM is configured, Please check if the DNS is opening default nginx page in browser to ensure the connection.
Securing with Let’s Encrypt and Certbot
Here’s how to install Certbot and obtain a certificate using the Nginx plugin:
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginxThis command sequence installs Certbot, leverages the Nginx plugin for streamlined configuration, requests certificates, and restarts Nginx to apply the changes. Certbot will prompt you for your domain name and handle existing certificates (offering renewal or creation options).
Once Certbot generates the certificate, reload Nginx to activate it:
sudo systemctl reload nginxIt is time where we have establish the SSL protocol and now you can configure the nginx file accordingly to point to your application if user directly hits the DNS. Modify the file and routing according to your need.
server {
server_name <Domain_name>;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /api/ {
proxy_pass http://localhost:3000;
}
location /api/auth/ {
proxy_pass http://localhost:3000;
}
location /api/v2 {
proxy_pass http://localhost:9005;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/<Domain_name>/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/<Domain_name>/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = <Domain_name>) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name <Domain_name>;
return 404; # managed by Certbot
}Your application is now live, securely serving requests through Nginx with HTTPS enabled. This is just a taste of what Nginx and Let’s Encrypt can achieve. As you dig deeper, you’ll discover features like load balancing, caching, and advanced security configurations to optimize your server’s performance and user experience. For now this is the enough to make you application up through DNS. More on that here.
