Part 3. Secure nginx

Search…

A step-by-step tutorial showing how to secure nginx using certbot, creating a secure web socket for use with Polkadot-JS UI

​
Secure nginx server with the certificate using Certbot 
Ensure snapd is up to date 
1
sudo snap install core; sudo snap refresh core
Copied!
​
Ensure historical versions of Certbot are removed 
If you have any Certbot packages installed using an OS package manager like apt, dnf, or yum, you should remove them before installing the Certbot snap to ensure that when you run the command certbot the snap is used rather than the installation from your OS package manager. 
1
sudo apt-get remove certbot 
2
sudo dnf remove certbot 
3
sudo yum remove certbot 
Copied!
​
Install certbot 
1
sudo snap install --classic certbot
Copied!
Could not load image
​
Prepare the Certbot command  
Execute the following instruction on the command line on the machine to ensure that the certbot command can be run.  
1
sudo ln -s /snap/bin/certbot /usr/bin/certbot
Copied!
​
Create the certificate 
1
sudo certbot --nginx
Copied!
Enter the domains you would like to generate a certificate for. 
​www.mydomain.com 
in my case, I use www.portadev.co.uk​
​
Additionally, setup a certificate for mydomain.com 
1
sudo certbot --nginx --domains mydomain.com
Copied!
in my case, I will setup a certificate for portadev.co.uk 
​
Create the server block 
Navigate to the base directory 
1
cd ..
Copied!
​
Modify the server block within file DEFAULT at location /etc/nginx/sites-available 
1
nano /etc/nginx/sites-available/default
Copied!
​
Remove the contents of the file by holding SHIFT key and pressing DOWN ARROW. Once you have reached the bottom of the file press CRTL+K to remove the content. 
You now have a blank file. 
Please copy the below server block 
1
server {
2
        
3
        root /var/www/html;
4
​
5
        index index.html index.htm index.nginx-debian.html;
6
        
7
        server_name portadev.co.uk; # managed by Certbot
8
​
9
        location / {
10
​
11
                try_files $uri $uri/ =404;
12
​
13
                proxy_buffering off;
14
​
15
                proxy_pass http://localhost:9944;
16
​
17
                proxy_set_header X-Real-IP $remote_addr;
18
​
19
                proxy_set_header Host $host;
20
​
21
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
22
​
23
                proxy_http_version 1.1;
24
​
25
                proxy_set_header Upgrade $http_upgrade;
26
​
27
                proxy_set_header Connection "upgrade";
28
        }
29
​
30
        #listen [::]:443 ssl ipv6only=on; # managed by Certbot
31
​
32
        listen 443 ssl; # managed by Certbot
33
​
34
        ssl_certificate /etc/letsencrypt/live/www.portadev.co.uk/fullchain.pem; # managed by Certbot
35
​
36
        ssl_certificate_key /etc/letsencrypt/live/www.portadev.co.uk/privkey.pem; # managed by Certbot
37
​
38
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
39
​
40
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
41
}
Copied!
​
​
Save the file
Press: CRTL+X 
Press Y 
Press return 
​
Restart nginx for changes to take effect 
1
sudo systemctl restart nginx
Copied!
​
Start the validator node 
Navigate to the folder containing the Porta node cargo.toml file.
1
cd root/porta-node/
Copied!
​
Run the node 
1
./target/release/porta --chain chain-spec-padlock.json -d data/[Validator name] --name [Validator name] --ws-external --rpc-external --rpc-cors all --rpc-methods=unsafe
Copied!
Wait for the node to synchronise 
​
Access your node through Polkadot-JS UI 
Open a web browser and navigate to: https://polkadot.js.org/apps/#/explorer  
Press the drop-down menu 
​
Enter your domain as the custom endpoint, e.g. www.mydomain.com 
1
wss://www.mydomain.com:443
Copied!
in my case, I use wss://www.portadev.co.uk:443 
Click the SAVE icon.  
​
You will then see the Porta Blockchain from the perspective of your node. 
​
Run the node in a deamon process 
When you exit the console of the server, the session running the blockchain node will stop running. 
​
This produces the following message on the web-browser.exit and will close and the  
​
To stop this from happening you need to run the validator as a daemon process using ‘screen’ 
Run the screen command in the console 
1
screen
Copied!
​
Navigate to the folder containing the porta nodea cargo.toml 
​
Start the node 
1
./target/release/porta --chain chain-spec-padlock.json -d data/[Validator name] --name [Validator name] --validator --ws-external --rpc-external --rpc-cors all --rpc-methods=unsafe
Copied!
​
While the node is running press CRTL+A followed by CRTL+D 
​
This will detach the terminal from the process, but the process is still running. 
​
You can confirm the node is still running by doing the following: 
opening a web browser 
going to Polkadot-JS UI (https://polkadot.js.org/apps/#/explorer) 
linking to your validator node 
​
You will see the node is still accessible through Polkadot-JS and is, therefore, still running. 
​
You are now ready to move to Part 4 of this tutorial series.

Part 2. Get a domain

Part 4. Setup validator

Last modified 8mo ago

Copy link

Contents

​

Secure nginx server with the certificate using Certbot

Install certbot

Prepare the Certbot command

Create the certificate

Additionally, setup a certificate for mydomain.com

Create the server block

Modify the server block within file DEFAULT at location /etc/nginx/sites-available

Save the file

​

Restart nginx for changes to take effect

Start the validator node

Run the node

Access your node through Polkadot-JS UI

Run the node in a deamon process