Part 3. Secure NginX

Search…
Guide showing how to secure nginx using certbot, creating a secure web socket for use with Polkadot-JS UI
​
Install NginX
Open the console of your server in Digital Ocean and install NginX using this command
sudo apt-get install nginx
Wait for the installation to finish.
​
Secure NginX server with an SSL certificate using certbot 
Ensure snapd is up to date 
sudo snap install core; sudo snap refresh core
​
Ensure historical versions of certbot are removed 
If you have any Certbot packages installed using an OS package manager like apt, dnf, or yum, you should remove them before installing the Certbot snap to ensure that when you run the command certbot the snap is used rather than the installation from your OS package manager. 
sudo apt-get remove certbot sudo dnf remove certbot sudo yum remove certbot 
​
Install certbot 
sudo snap install --classic certbot 
​
Prepare the Certbot command  
Execute the following instruction on the command line on the machine to ensure that the certbot command can be run.  
sudo ln -s /snap/bin/certbot /usr/bin/certbot 
​
Create the certificate 
sudo certbot --nginx 
​
Enter the domains you would like to generate a certificate for. 
​www.mydomain.com 
in my case, I use: relay-demo.portastation.co.uk 
​
Modify the NginX server block within file DEFAULT at location /etc/nginx/sites-available 
nano /etc/nginx/sites-available/default 
​
Remove the contents of the file by holding SHIFT key and pressing DOWN ARROW. Once you have reached the bottom of the file press CRTL+K to remove the content. 
You now have a blank file. 
Please copy the below server block
server {
	root /var/www/html;
	index index.html index.htm index.nginx-debian.html;
	server_name relay-demo.portastation.co.uk; # managed by Certbot
​
	location / {
		try_files $uri $uri/ =404;
		proxy_buffering off;
		proxy_pass http://localhost:9944;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header Host $host;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection "upgrade";
	}
​
	listen [::]:443 ssl ipv6only=on; # managed by Certbot
	listen 443 ssl; # managed by Certbot
	ssl_certificate /etc/letsencrypt/live/relay-demo.portastation.co.uk/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/relay-demo.portastation.co.uk/privkey.pem; # managed by Certbot
	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
	if ($host = relay-demo.portastation.co.uk) {
		return 301 https://$host$request_uri;
	} # managed by Certbot
​
	listen 80 ;
	listen [::]:80 ;
	server_name relay-demo.portastation.co.uk;
	return 404; # managed by Certbot
}
​
​
Save the file 
Press CRTL+X 
Press Y 
Press return 
​
Restart nginx for changes to take effect 
sudo systemctl restart nginx 
​
Access your node through Polkadot-JS UI 
Open a web browser and navigate to: https://polkadot.js.org/apps/#/explorer  
Press the drop-down menu 
​
Enter your domain as the custom endpoint, e.g. www.mydomain.com 
wss://www.mydomain.com:443
[I] in my case, I use wss://relay-demo.portastation.co.uk:443 
Click the SAVE icon.  
​
You will then see the Porta Blockchain from the perspective of your node. 
Continue to Part 4.
Part 2. Get a domain
Part 4. Setup validator
Last modified 10mo ago
Copy link
On this page