Setup Nginx with HTTPS on Azure VM using Certbot

We will setup HTTPS on Nginx using Certbot on an Azure Ubuntu VM

Steps

1) Create VM
2) Config Ports
3) Install Nginx
4) HTTPS using Certbot

---

Creating Azure Ubuntu VM

---

• Let's get started by creating Azure VM.

• I'm using ubuntu 18.04 LTS -Ge1 as OS Image and Size :Standard_B1ls - 1vcps. With SSH connection on PORT 22.
• After that I'm going with default settings.

-- SAVE YOUR PRIVATE KEY, KEEP IT SECURE AND DON'T SHARE IT.

---

Azure Server DNS Config

---

• Now we change Dynamic to Static Assigment
• We set the Assignment as Static then we choose a DNS name label.

• Here we choose nova-test therefore the VM will be accessible at nova-test.eastus2.cloudapp.azure.com.
• After it is saved let's connect our azure using SSH in terminal.

---

SSH connection to server

---

Now let's connect our terminal to server using SSH.

Note: You can always find intructions in VM's Connect Tab

In my PC, I have saved my Private Key(Generated during VM creation) in a root folder called "Key".

• Connection String ssh -i key.pem user_name@server_name > Note: You can also use public IP to connect instead of server_name

• But before we access the key we need to change the permission of the private key otherwise you might face an issue saying, "Unprotected Private Key File!"
• In order to do that, we need to goto key's dir and fire these commands

 chmod 600 test-vm_key.pem 

And Volla! We are connected to our server.

---

Nginx Setup

---

Now let's get started with our nginx server !
Install nginx server first:

$ sudo apt-get update
$ sudo apt-get install nginx

And Done ???
-- Well technically, yes. Server is ready.
-- But wait you can't access it from browser right now because we haven't added port rule.
-- To access the server we need to add PORT 80 Access Rule to our VM.
-- In order to add rule for port 80, goto Networking Tab and click ```Add

Inbound Port Rule

 ![Azure VM Inbound Port ](https://drive.google.com/uc?export=view&id=1WFNE4p_lD-59y3bH730wjhxwcLPuP3i8)

 ![Azure VM Add New Inbound Port ](https://drive.google.com/uc?export=view&id=1_haaIwqWGkausry4PBgwLQMt3FJxaLqu)

> Note: You can always check your inbound port rules and add custom rules in VM's Networking Tab.

Now our server can be accessed by browser by visiting  nova-test.eastus2.cloudapp.azure.com

 ![Azure VM Server HTTP Nginx ](https://drive.google.com/uc?export=view&id=1ydU3QSmROg45HsN8SeQi17XcghFlBjQI)

As you can see our server is ready but it not secure. We can solve that by adding SSL certificate to our server.

-- And ....yes about the bookmarkbar, I forgot to hide it.

---
#### SSL Certificate using Certbot
---
In order to do that we need to add one last PORT 443 rule. As we know HTTPS runs on port 443 and without 443 access browser can't use https connection.

 ![Azure VM Server 443 Rule ](https://drive.google.com/uc?export=view&id=1MkZR6BWfMIP8Zayh9wq-xoBAonkJ_wEW)

Now we are ready for SSL certificate.

##### Installing Certbot
----

Fire following commands to get started:
-- Installing and updating snap
```sh


$ sudo snap install core; sudo snap refresh core

-- Installing Certbot

$ sudo snap install --classic certbot

Note: For More Info visit: https://certbot.eff.org/lets-encrypt/ubuntuxenial-nginx.html

Nginx Server Config

---

Before we initialize our certification process we need to configure our nginx default file.
-- Fire following commands to goto nginx default file

 cd /etc/nginx/sites-available

-- Now edit default file. I'm using nano as text edtor.

 sudo nano default

• Add domain after server_name your_domain;

-- Save the file by pressing Ctrl+O, Enter(To Save). Ctrl+X (To Exit)

Certbot --nginx

---

Run this command to get a certificate and have Certbot edit your Nginx configuration automatically to serve it, turning on HTTPS access in a single step.

$ sudo certbot --nginx

-- Fill the details.
-- Once all the steps completed, you will see message similiar to this:

Congratulations ! We have successfully added certificate to our server.

VOLLA ! We did it. There is just one step remaining which is to restart nginx server.
We can restart it by following command:

$ sudo service nginx reload

Conclusion

We did it, we setup HTTPS on our server for free using Certbot. We did it by creating a VM on Azure and used a custom DNS, added port inbound rules for PORT 80 & 443, installed Nginx and configure default Nginx file. At the end we installed a SSL certification and configured Nginx with Certbot.

Comments

[Enzo]

Hey, I am trying to get through this turorial but I am having some issues. I seem unable to contact the nginx server inside my azure vm. I authorised port 80 on my vm but nothing... Any tips ?

[Abhee Hudani ☕]

While authorising the port 80, have you used protocol as 'any' ? I'm not very sure about the protocols but 'any' is the one which helped me to connect it with my VM. Moreover, can you also check the ufw configuration ?

[Enzo]

Hey thanks for the quick reply !
I did use the any in protocol, here is my conf.
dev-to-uploads.s3.amazonaws.com/up...

Also what do you call ufw ? If that is the firewall conf I don't have any I believe
dev-to-uploads.s3.amazonaws.com/up...

I hope it helps.

[Abhee Hudani ☕]

Hi, actually I was talking about the ufw firewall that you have to config in linux VM.
And protocol looks great but did you try to connect your vm using public IP ?

[Enzo]

Hey ! Yes I have tried connecting with ssh using the public ip that doesn't work, only the dns with the port works. Also I just checked and my ufw is inactive.

[Abhee Hudani ☕]

Hello, I believe that you have to active ufw firewall. That might solve the problem

[Enzo]

Hey, unfortunatly enabeling the firewall didn't work for me, I still can't connect, any other things you have in mind ?

[Abhee Hudani ☕]

I'm sorry to hear that but I don't have any thing in my mind right now but I find anything new, I will let you know.