SSL and Redirect
I haven't posted about the set up of my ISP hosting company (me)
and server requirements that I have, or even the configuration (apache2 and nodejs) & situation yet. But I wanted to do a quick post about some recent progress I've made on the back end.
I have always ran my own server. Mainly for just providing my music and videos throughout the house (think local network) and televisions or mobile devices. I've always preferred it as I have the control and get to tinker when I want to. I'll go into more later.
So originally I was able to get nodejs (Ghost blog) running along side of my Apache2 server via the built in functions of ProxyPass to beginningold.com --> localhost:port. This was great. But then I thought, I want to set up an SSL for both sites. This is where the easy...tricky part happened.
The easy part of getting a signed certificate (not self signed) was to simply go to Lets Encrypt and follow the steps. Yes, that simple. On Ubuntu Linux, just
apt install letsencrypt and then run the
letsencrypt command (can also run
certbot). Select which site you want to create the SSL, and you're done. Mind you, this is only the SSL certificate and does not set up any redirect. The certificate is only good for 90 days, so you have to renew it towards the end. If you've added your email, you'll get a reminder email that your certificate needs to be renewed. This is done by a simple
letsencrypt --renew command. Thats it.
That was the easy part. The tricky part is getting that done to my NodeJS site thats running on localhost:port and is behind a proxypass from apache2. Initially, Lets Encrypt would always error out saying it could not get to the .well-known subdirectory of the site. This makes sense, that subdirectory is not part of Node. After a lot of searching and reading (a lot of people have this issue) I found a fix. Seems all thats needed is a .conf file located in the /etc/apache2/conf-enabled directory that creates an alias for the .well-known subdirectory. This pointed Lets Encrypt right to the spot needed and it was done. Yay. I've got a legally signed certificate on both of my websites. Go me.
Getting the redirect to work is 50/50. On my first html site, I just used my DNS to direct all traffic to "Always use https". This works great. But when trying to set up this same rule for Beginning Old, it wasn't available. So I've tried to set it up via the VirtualHost:80 but that just created a redirect loop. Seems I also have something in my .htaccess that redirects as well. This causes issues for browsers. So for now both sites have HTTPS, but only one is automatically redirected at the moment. The blog here is still manual direction.
I'm working on figuring it out.