Setup Let's Encrypt to enable SSL
Now you will be able to use Valhalla, but it is better to enable SSL in order to secure the connection. We are going to setup let’s encrypt to enable SSL by using your own domain.
Here, we use valhalla.water-gis.com domain for Valhalla API.
Create A record on your DNS Server
The below image is an example on Google Domain.
Setup of Nginx and certbot
$ sudo apt install certbot python3-certbot-nginx
$ sudo mkdir -p /var/www/valhalla.water-gis.com/html
$ sudo chown -R $USER:$USER /var/www/valhalla.water-gis.com/html
$ sudo chmod -R 755 /var/www/valhalla.water-gis.com
$ vi /var/www/valhalla.water-gis.com/html/index.html
index.html should be as below.
<html>
<head>
<title>Welcome to valhalla.water-gis.com!</title>
</head>
<body>
<h1>Success! The valhalla.water-gis.com server block is working!</h1>
</body>
</html>
Test your default index.html
$ curl http://valhalla.water-gis.com
Reverse proxy to valhalla API
$ sudo vi /etc/nginx/sites-available/valhalla.water-gis.com
valhalla.water-gis.com should be as below.
server {
listen 80;
listen [::]:80;
root /var/www/valhalla.water-gis.com/html;
index index.html index.htm index.nginx-debian.html;
server_name valhalla.water-gis.com;
location / {
proxy_pass http://localhost:8002;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_redirect off;
}
}
# create shortcut
$ sudo ln -s /etc/nginx/sites-available/valhalla.water-gis.com /etc/nginx/sites-enabled/
# edit nginx.conf if necessary
$ sudo vi /etc/nginx/nginx.conf
# restart nginx
$ sudo nginx -t
$ sudo systemctl restart nginx
By this step, it will work without SSL. In the next step, we are going to configure let’s encrypt.
Enable SSL
$ sudo certbot --nginx -d valhalla.water-gis.com
- logs
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://valhalla.water-gis.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=valhalla.water-gis.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/valhalla.water-gis.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/valhalla.water-gis.com/privkey.pem
Your cert will expire on 2021-07-04. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
If you access the above URL(https://www.ssllabs.com/ssltest/analyze.html?d=valhalla.water-gis.com) from let’s encrypt, you will see the following result.
now, restart nginx to enable SSL.
sudo nginx -t
sudo systemctl restart nginx
Open https://valhalla.water-gis.com in your browser. You will see the response from valhalla API. Now, your valhalla works with SSL!