-
Install:
sudo apt install awscli
-
Configure AWS
aws configure
-
Login with AWS
$(aws ecr get-login --no-include-email --region <region>)
-
Prerequisites
sudo apt-get purge docker lxc-docker docker-engine docker.io sudo apt-get install curl apt-transport-https ca-certificates software-properties-common
-
Setup Docker Repository
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
-
Install Docker on Ubuntu
sudo apt-get update sudo apt-get install docker-ce sudo systemctl status docker
-
Added permission of Docker to user
sudo usermod -aG docker ${USER} -
Configure AWS Credentials
sudo vim /etc/systemd/system/docker.service.d/aws-credentials.conf
[Service] Environment="AWS_ACCESS_KEY_ID=<ACCESS_KEY_ID>" Environment="AWS_SECRET_ACCESS_KEY=<SECRET_ACCESS_KEY>" -
Execute:
sudo systemctl daemon-reload sudo service docker restart systemctl show --property=Environment docker # to see whether the env variables existed.
-
Execute:
sudo apt update sudo apt install nginx -y sudo vim /etc/nginx/sites-available/example.com
-
Content example.com:
server { listen 80; listen [::]:80; root /var/www/example.com/html; index index.html index.htm index.nginx-debian.html; server_name example.com www.example.com; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_cookie_path / "/; HTTPOnly; Secure"; proxy_pass http://localhost:${PORT}; proxy_connect_timeout 50000s; proxy_read_timeout 50000s; # try_files $uri $uri/ =404; } }
-
Execute:
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/ sudo vim /etc/nginx/nginx.conf
-
Edit in nginx.conf and delete # in:
server_tokens off; server_names_hash_bucket_size 64;
-
Execute
sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install python-certbot-nginx sudo vim /etc/nginx/sites-available/example.com
-
Find the existing server_name line and replace the underscore, _, with your domain name:
. . . server_name example.com www.example.com; . . . -
Then, verify the syntax of your configuration edits.
sudo nginx -t
-
If it's Ok:
sudo systemctl reload nginx
-
Obtaining an SSL Certificate
sudo certbot --nginx -d example.com -d www.example.com
- Select option 2 Redirect
-
Verifying Certbot Auto-Renewal
sudo certbot renew --dry-run
-
Execute:
sudo vim /etc/nginx/sites-available/example.com
-
In the file, locate the listen variables associated with port 443:
... listen [::]:443 ssl ipv6only=on; listen 443 ssl; ...
-
Modify each listen directive to include http2:
... listen [::]:443 ssl http2 ipv6only=on; listen 443 ssl http2; ...
-
Removing Old and Insecure Cipher Suites
- Locate the line that includes the options-ssl-nginx.conf file and comment it out:
# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - Below that line, add this line to define the allowed ciphers:
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
- Locate the line that includes the options-ssl-nginx.conf file and comment it out:
-
Test nginx config:
sudo nginx -t
-
If it's OK:
sudo systemctl reload nginx