Serving a web application over HTTPS

Much of this is adapted from DigitalOcean's How To Set Up Let's Encrypt with Nginx Server Blocks on Ubuntu 16.04.

  1. Create a DigitalOcean droplet using a "one-click apps" image for Docker on Ubuntu.
  2. Buy a domain name (I'll use example.com in these instructions).
  3. In Dreamhost's domain settings, set "DNS only" and click "Remove" to remove web hosting. In the DNS settings for the domain, add an A record for each of example.com and www.example.com, with your droplet's IP address as the value.
  4. SSH into the droplet:
    ssh root@$DROPLET_IP_ADDRESS
  5. Replace the content of /etc/nginx/sites-available/default with the following:
    server {
      server_name example.com www.example.com;
    }
  6. Restart nginx:
    systemctl reload nginx
  7. Allow incoming HTTP + HTTPS requests through the firewall:
    ufw allow 'Nginx Full'
  8. Install Certbot and the nginx plugin:
    add-apt-repository ppa:certbot/certbot
    apt-get update
    apt-get install python-certbot-nginx
  9. Use Certbot to install certificates and set up the nginx config for your domain:
    sudo certbot --nginx -d example.com -d www.example.com
  10. Enter the following into the first server block of /etc/nginx/sites-available/default, where 8081 is the web application's port that will be exposed via HTTPS:
    location / {
      proxy_pass http://127.0.0.1:8081;
    }
  11. Restart nginx:
    systemctl reload nginx
  12. Start the web application and it should now be accessible at https://example.com/