This document guides you through TLS setup for ShinyProxy 1-click app
Open up https port
Finally, enable these rules by running
sudo ufw enable.
Set up domain
This section is based on this post.
For Let's Encript certificate, you need a fully registered domain name.
example.com domain where you have to substitute you domain name.
Both of the following DNS records need to be set up for your server:
example.compointing to your server's public IP address,
www.example.compointing to your server's public IP address.
Add repository for up to date Certbot version:
You'll need to press ENTER to accept.
Install Certbot's Nginx package with apt:
Certbot is now ready to use.
find the line
server_name _; and change it to
server_name example.com www.example.com;.
Next, test to make sure that there are no syntax errors in any of your Nginx files by
sudo nginx -t.
If there aren't any problems, restart Nginx to enable your changes by
sudo systemctl restart nginx.
There is no need to firewall off port 80, instead pick forwarding when asked by Certbot (option 2). See https://letsencrypt.org/docs/allow-port-80/ for explanation.
Obtaining an SSL Certificate
What if using a subdomain?
subdomain.example.com is same as
Be careful with capitalization: browsers might not be case sensitive but
Nginx and Certbot wants things nice and clean and matching DNS settings.
If this is your first time running Certbot, you will be prompted to enter an email address and agree to the terms of service. After doing so, certbot will communicate with the Let's Encrypt server, then run a challenge to verify that you control the domain you are requesting a certificate for.
Run this command for a dry run:
sudo certbot renew --dry-run.