-

Hosting A secure website with letsencrypt(free TLScertificate)


Learning Outcomes:

- Hosting a website

- creating certificates 

- understanding domain name resolution

- CNAME, A, AAAA DNS records

- Cloud computing

Now lets start hosting our website.

Understanding::


Step1:

 Buying a domain

 We have many websites to buy a domain(godaddy, domain.com, etc),

 I used domain.com.


Step2:

 

Lets go for hosting

Here I used cloud computer, (sine, I have found it easy and convenient) or you can use your own infrastructure for hosting.

Here I  used digitalocean droplet as my server.

How to set up a server on digital ocean?


Here are the  steps:


1. Go to digitalocean.com

2. Sign up

3. Create your project

4. After creating project, click on create a droplet.(here droplet is nothing but a virtualmachine)

5. Select the distribution and choose a plan, here I chose minimum plan. 

6. But, go to Marketplace  to choose a distribution with a required software. select  wordpress on ubuntu(best for web hosting)  



7. You can configure additional settings but, I am going with basic settings required for hosting.

8. Now selecting type of authentication. Here it is better to choose ssh key for safer  authentication since only you can get the ssh access.



9. After selecting the ssh key, upload your public key into the dropbox, and click continue. (you can get your public key in mac or linux distributions—terminal> cd /home/USERNAME>cd  .ssh> click the file containing  .pub(eg. Id_rsa.pub) )

10. If you choose password authentication, configure a password and click create droplet

11. Done! You have created your first cloud computer.

12. This is  going to be our web server.

13. Once created you can click at your droplet get its public ip to gain console.

14. Note here itself you can turn off/on your cloud computer.




Step3:


a. Now go back to domain.com and configure your nameserver. 



b. For digitalocean it is ns1digitalocean.com, ns2digitalocean.com.

c. Come back to digitalocean.com and o your droplet page click – create>Domain/DNS>Add a domain



d. Here you add your domain name.



Step4:
1. Now click on your domain added below
2. Create a new record


3. Now redirect www.yourdomainname to your servers public ipv4(it should be  a A record)
(AAAA is used when you have a ipv6 addr)
4. If you want to redirect www.yourrdomainname to yourdomainname  then instead of  A record click on CNAME and redirect.



Step5:
1. Now its time to check whether it works or not
2. Open terminal and type-  nslookup yourdomainname 
3. If this will show the ip address of your server then it works!(note it will take time for DNS to get updated, hence you wont see this immediately)
4. If not then try  step4  on domain.com(where you purchased your domain)
  


Step6:   (note step 6 should be done only when nslookup shows your server ip addr)
Getting certificate
1. In this blog we are getting  a free certificate by lets encrypt
2. Now log on to your server, Terminal/cmd>type – ssh root@ipaddrofserver
3. This will log you without any password if you provided your public key in step2
4. Now go with the basic configurations
5. When the server asks for letsencrypt certificate type yes
6. Then it asks for which website , then you select both www.yourdomainname and  yourdomainname 
7. Then type yes for redirection from http---https(if prompts)
8. Done! We have got our TLS certificate
(if this step fails you can implement manualy  by refering to certbot.eff.org )

STEP7:
FINAL CHECK
Open a web browser and type in your domain name
It will direct to our webpage hosted on your server , even you can check the certificate.

Checking certificate

1) On web browser




2) In your server
                                 Type the command --- cd /var/letsencrypt/live/yourdomainname
here you will find your certificate and servers private key.




Comments

Post a Comment

Popular posts from this blog

-
Image
  My OSCP Journey: OSCP Certified At First Attempt (90 Points) It all began in August 2022 when I achieved a significant milestone in my cybersecurity journey by passing the Red Hat Certified System Administrator (RHCSA) exam. This achievement not only provided me with a strong foundation in Linux but also fueled my passion for diving deeper into the world of cybersecurity. Around the same time, I found myself holding a voucher for the CompTIA Cybersecurity Analyst (CySA+) exam, which I knew was another crucial step in my career progression. I was determined to continue building my expertise in cybersecurity. However, my true adventure towards the Offensive Security Certified Professional (OSCP) certification didn't officially kick off until November 23, 2023. That's when I made the decision to invest in the OSCP Learn One subscription package, which granted me one year of access to the OSCP labs and two exam attempts. It was an exciting but challenging journey that awaited me....
Read more
-
Image
  PXE Network Boot #Preboot Execution Environment, used to load operating system over a network connection. #PXE network boot is achieved through several network protocols, which includes: TFTP, DHCP,IP,HTTP/NFS, etc. #Now lets begin building our environment(here I used ubuntu(Focal) as my pxe-server). #STEP 1 :) #First lets install the required packages: sudo apt-get install isc-dhcp-server tftpd-hpa syslinux pxelinux apache2 -y #Download the ISO file as well.(here I tried to install ubuntu-server(20.04) over network.) #here syslinux is for the bios files, pxelinux for the pxelinux.0 file. #STEP 2 :) #Configure tftp base folder: mkdir /tftpboot rsync -av /usr/lib/syslinux/modules/bios/{menu.c32,libutil.c32,ldlinux.c32,libcom32.c32}  /tftpboot mkdir /tftpboot/pxelinux.cfg touch /tftpboot/pxelinux.cfg/default mkdir /tftpboot/ubuntu mount -o loop,ro /PATH_TO_ISO /tftpboot/ubuntu #add this in /etc/fstab - so that the mount persists  reboot. /PATH_TO_ISO /tftpboot/ubuntu ...
Read more
-
Image
  CHAT ROOM WITH END-TO-END-ENCRYPTION  USING SOCKET PROGRAMMING PYTHON LEARNING: Socket programming Understanding TCP  Diffe hellman key exchange Encryption Tkinter Threading  What is  one way function?   There is no inverse  to this type of functions             Eg -     5 mod 2 =1 11 mod 2 = 1 25 mod 2 = 1 Any odd no. mod 2 = 1                Therefore, there are infinite possibilities  of odd numbers.                Hence, even if we  know remainder and divisor we cannot say what is dividend. (here we are not                   involving quotient, hence it is not possible to find the dividend .) Note: this is modulus property (g**A mod p)**B mod p =. (g**B mod p)**B mod p = (g **(A*B) mod) p mod p The same thing is done in diffe hellman key e...
Read more