Installing NGINX mainline

...

Open the server to port 80 (HTTP), both in GCP firewalls and ufw on the server.

Follow the instructions here up to Step 7: https://certbot.eff.org/instructions?ws=nginx&os=ubuntubionic. In Step 7, run the first command: sudo certbot --nginx - the final step of this (installing the certificate into NGINX) will fail. Continuing with the instructions here will install the certificate manually.

...

1. Run sudo rm /etc/nginx/conf.d/default.conf to remove the default configuration.

2. Run sudo vim /etc/nginx/conf.d/phixflow.conf and paste in the following, replacing [subdomain] with the appropriate subdomain of the server:

   Code Block

   server { listen 443 ssl; listen [::]:443 ssl ipv6only=on; server_name [subdomain].phixflow.com; location / { proxy_pass http://127.0.0.1:8080; } ssl_certificate /etc/letsencrypt/live/[subdomain].phixflow.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/[subdomain].phixflow.com/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; client_max_body_size 40M; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; }

3. Restart NGINX:

   Code Block
   sudo nginx -s reload sudo service nginx stop sudo service nginx start

   You may need to reboot the server as well in order for NGINX to restart successfully.

4. Run netstat -tln to check the server is listening on port 443 rather than 80.

5. Check the PhixFlow application loads in the browser. Check the security settings in the browser console.

6. Run nginx -V to check the version.

...