Turning HTTP to HTTPS

Example- Converting python3 simple HTTP server to HTTPS

Note: Any HTTP server can be used

Prerequisites-

a. Domain

b. Computer with public IP

1. Configuring domain DNS-

We need to add a “A” record pointing to the IP of the server where HTTP server is running.

2. Getting SSL certificate

certbot certonly --standalone -d pdfmerge.work -m <your email> --agree-tos

2. Configuring nginx-

The default nginx config file is located at

/etc/nginx/nginx.conf

this config includes different configs(as you can see in below screenshot)-

So it is better not to touch this default config file. Let’s add our custom config separately in /etc/nginx/sites-enabled/* -

#server {
#    listen 80;
#    server_name pdfmerge.work;
#
#    # Redirect all HTTP requests to HTTPS
#    return 301 https://$host$request_uri;
#}

server {
    listen 443 ssl;
    server_name pdfmerge.work;
    server_tokens off;
    ssl_certificate /etc/letsencrypt/live/pdfmerge.work/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/pdfmerge.work/privkey.pem;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384";
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

    location / {
        proxy_pass http://172.17.0.1:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Here’s how you can add this configuration:

a. Create a new configuration file: Use a text editor to create a new file in the /etc/nginx/sites-available/ directory. You can name the file after your domain to make it easily identifiable. For example:

sudo nano /etc/nginx/sites-available/pdfmerge.work

b. Add your configuration: In the text editor, paste your configuration. Once you’ve done that, save and close the file.

c. Enable the site: To enable the site, you need to create a symbolic link from your configuration file to the /etc/nginx/sites-enabled/ directory. You can do this with the ln -s command:

sudo ln -s /etc/nginx/sites-available/pdfmerge.work /etc/nginx/sites-enabled/

d. Check the configuration: Before you reload Nginx, you should check your configuration file for syntax errors. You can do this with the nginx -t command:

sudo nginx -t

If the command outputs “syntax is ok”, you can proceed to the next step.

Reload Nginx: Finally, you can apply the changes by reloading Nginx. This can be done with the systemctl command:

sudo systemctl reload nginx

Disbale default HTTP server of nginx

Thanks for reading!!

To be continued….

Using docker container of nginx-

docker run -it -p 443:443 -p 80:80 --network bridge -v /etc/letsencrypt/:/etc/letsencrypt/ -v /root/nginx.conf:/etc/nginx/conf.d/pdfmerge.work.conf nginx