Menu
Thanks in advance for any help.
This is my first time setting up HTTPS and I just got the certificate from Comodo but don't know what to do with it. The certificate came in a .zip file with these files inside:
Root CA Certificate - AddTrustExternalCARoot.crt
Intermediate CA Certificate - COMODOAddTrustServerCA.crt
Intermediate CA Certificate - COMODOExtendedValidationSecureServerCA.crt
Your COMODO EV SSL Certificate - forum_linma_com.crt
I also have it in text format. How do I set it up so my node.js app is accessible via HTTPS? The app is running on an EC2 instance with Ubuntu 13.10 and I'm using SSH to access the server.
Follow-Up Question
So I'm still getting an error. Here's the relevant info:
The contents of /etc/apache2/sites-enabled/forumHTTPSconfig (the only file in sites-enabled):
<VirtualHost *:443>
ServerName forum.figma.com
SSLEnable
SSLEngine on
SSLCertificateFile /etc/apache2/forum_figma_com.crt
SSLCertificateKeyFile /home/ubuntu/.ssh/myserver.key
SSLCACertificateFile /etc/apache2/combined-ca.crt
</VirtualHost>
<IfModule mod_proxy.c>
<Proxy *>
SSLProxyEngine on
Order deny,allow
Allow from all
</Proxy>
RewriteEngine on
ProxyPass / https://127.0.0.1:3000
ProxyPassReverse /http://127.0.0.1:3000
</IfModule>
Here's the output of my attempts to call a2enmod:
ubuntu@ip-10-190-91-217:/etc/apache2/sites-enabled$ sudo a2enmod forumHTTPSconfig
ERROR: Module forumHTTPSconfig does not exist!
ubuntu@ip-10-190-91-217:/etc/apache2/sites-enabled$ sudo a2enmod mywebsite
ERROR: Module mywebsite does not exist!
Any idea what's going wrong? Thanks in advance for any help!
858
First, remember that there's a private key file that you used to generate your certs initially. You will need it in your configuration.
One way of setting it up is by just configuring HTTPS on your node.js app. You can find more information here:
http://nodejs.org/docs/latest/api/https.html
Another way of setting it up is by setting up a reverse proxy to your node.js application using either apache or nginx.
nginx
Grab all the files:
Root CA Certificate - AddTrustExternalCARoot.crt
Intermediate CA Certificate - COMODOAddTrustServerCA.crt
Intermediate CA Certificate - COMODOExtendedValidationSecureServerCA.crt
Your COMODO EV SSL Certificate - forum_linma_com.crt
and concatenate all their content into forum_linma_com.crt
Here's a sample configuration:
server {
listen 443;
server_name yourdomain.com;
ssl on;
ssl_certificate /path/to/forum_linma_com.crt;
ssl_certificate_key /path/to/forum_linma_com.key;
location / {
proxy_pass http://localhost:3000;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host static.example.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Here's more information for nginx and reverse proxy:
http://wiki.nginx.org/HttpProxyModule
Apache
Grab the following:
Root CA Certificate - AddTrustExternalCARoot.crt
Intermediate CA Certificate - COMODOAddTrustServerCA.crt
Intermediate CA Certificate - COMODOExtendedValidationSecureServerCA.crt
and concatenate all of their content into one file: combined-ca.crt
This is an sample config:
<VirtualHost 0.0.0.0:443>
ServerName mydomain.com
SSLEnable
SSLEngine on
SSLCertificateFile /path/to/forum_linma_com.crt
SSLCertificateKeyFile /path/to/forum_linma_com.key
SSLCACertificateFile /path/to/combined-ca.crt
<IfModule mod_proxy.c>
<Proxy *>
SSLProxyEngine on
Order deny,allow
Allow from all
</Proxy>
RewriteEngine on
ProxyPass / https://127.0.0.1:3000
ProxyPassReverse /http://127.0.0.1:3000
</IfModule>
</VirtualHost>
3000 is the port where your node.js server is running.
Here's more information for Apache and reverse proxy:
http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
59
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
