Setting up a NGINX reverse HTTPS proxy for wikmd with a Let's Encrypt SSL certificate

Install nginx and certbot for Let’s Encrypt SSL certificate, stop wikmd and generate a certficate:

sudo apt install -y nginx certbot
docker stop wikmd
sudo certbot certonly -d bredsaal.dk --standalone --agree-tos -m <stupid email at bredsaal.dk>

Put the following into /etc/nginx/sites-enabled/bredsaal.dk

# Redirect all requests on HTTP to HTTPS
server {
  listen 80 default_server;
  listen [::]:80 default_server;
  server_name _;
  return 301 https://$host$request_uri;
}

server {
    server_name bredsaal.dk;

    # SSL configuration
    #
    listen 443 ssl;
    listen [::]:443 ssl;
    
    ssl_certificate /etc/letsencrypt/live/bredsaal.dk/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/bredsaal.dk/privkey.pem;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers HIGH:!aNULL:!MD5;

    location / {
      # We assume docker exposes wikmd on port 5000
      proxy_pass http://127.0.0.1:5000;
      proxy_buffering on;
    }

}

and empty the default config

echo | sudo tee /etc/nginx/sites-enabled/default

Enable NGINX and start the wikmd docker and nginx

sudo systemctl enable nginx
docker start wikmd

Last modified: Mon Sep 25 23:09:32 2023