June 11, 2022

Configure a API Backend Server with custom domain on Amazon Web Services (AWS) EC2 Ubuntu with NGINX and Certbot SSL

Hi all,

Build your own API backend server on AWS free-tier with SSL.

The below steps with reference links will provide detailed information of each step.

  1. AWS account - Free-tier
  2. Create EC2 Ubuntu
  3. Connect to Ubuntu from your local using SSH/Putty
  4. Install NodeJS
    1. Open terminal
    2. curl -fsSL http://deb.nodesource.com/setup_lts.x | sudo -E bash -
    3. sudo apt update
    4. sudo apt install nodejs //installs latest LTS nodejs
  5. Create a sample node server
  6. Install and configure node server process manager
    1. sudo npm install -g pm2@latest
    2. Navigate to nodejs server folder
    3. pm2 start <filename>
    4. pm2 startup systemd
    5. pm2 save
    6. pm2 list // List all the nodejs apps with status
    7. pm2 stop/restart/start app_name/id // Actions of nodejs servers
  7. Install Nginx
  8. Configure your domain DNS records to map to AWS EC2 public/elastic IP address
  9. Secure Nginx with SSL certs

Hope the above information is useful to set up the environment and play with your backend server.

Feel free to send your feedback and comments to psrdotcom@gmail.com


June 09, 2022

Generate Free SSL HTTPS Certificates with 90 days validity using letsencrypt

 Hi all,

As discussed in my earlier blog, Generate Free SSL Certificate using ZeroSSL where the limitation of one free certificate on ZeroSSL can be eliminated using Get HTTPS for free!

This process includes the following prerequisites and procedures.

Note: This process is not for beginners or production usage scenarios. Use this process if you are knowledgeable about certificate generation.

Prerequisites

  • OpenSSL command line
  • [Li]nix / Mac OS

Procedure

  • Open the URL https://gethttpsforfree.com
  • It has 5 steps
    • Account Info
    • Certificate Signing Request
    • Sign API Requests
    • Verify Ownership
    • Install Certificate
  • In each step, some commands or processes need to be followed to get the free SSL certificate.

  1. Account Info
    1. In this step, we will be providing the email and public key.
    2. Keep the generated private key security in your system.
      • Note: If you are unsure about the public key generation commands, click on the "how do I generate this?" link, which is available over the public key input textbox.
  2. Certificate Signing Request (CSR)
    1. Generate the CSR for the required domains
      • Note: You can generate the CSR for wildcard certificates and www subdomain with the same command
    2. Try to follow the same format, including the line feeds mentioned below.
    3. #change "/etc/ssl/openssl.cnf" as needed:
          #  Debian: /etc/ssl/openssl.cnf
          #  RHEL and CentOS: /etc/pki/tls/openssl.cnf
          #  Mac OSX: /System/Library/OpenSSL/openssl.cnf
      
          openssl req -new -sha256 -key domain.key -subj "/" \
            -reqexts SAN -config <(cat /etc/ssl/openssl.cnf \
            <(printf "\n[SAN]\nsubjectAltName=DNS:foo.com,DNS:www.foo.com")) 
  3.  Sign API Requests
    1. Sign all the requests with the private key
    • Note: You need to copy the command and execute it on your PC/Mac terminal, and the result needs to be pasted on the web page.
  4. Verify Ownership
    1. In this step, you need to prove your domain ownership
    2. You will be given 3 options
      1. Python server
      2. file-based
      3. DNS record (I've used this option)
        1. Update the DNS records with new TXT entries, and use the online dig tool to make sure the records are visible.
        2. After we verify the availability of the records, you need to click on the respective buttons on the web page.
    3. Repeat the same steps for each domain on CSR (www and any sub-domains).
  5. Install Certificate
    1. You will be able to receive your certificate in "chained.pem" format
    2. Copy and paste the first certificate section (e.g. the first "-----BEGIN CERTIFICATE-----" section) into a text file named "domain.crt".
    3. Copy and paste the second certificate section (e.g. the second "-----BEGIN CERTIFICATE-----" section) into a text file named "intermediate.pem".
    • Note: Expand the "how do I install this?" link for quick help.
Hope this will help you to generate free SSL for your websites.

Request you to send your valuable feedback and comments to psrdotcom@gmail.com

Featured Post

Java Introdcution

Please send your review and feedback to psrdotcom@gmail.com