How to Setup PiratePay on a Subdomain and encrypt with certbot SSL
- Table of Contents:
- Introduction - Adding PiratePay to a Subdomain and encrypting with SSL certbot.
- Step #1: Configure your DNS to point a subdomain to your PiratePay's IP address.
- Step #2: Setup Snapd and Certbot to automatically configure Nginx
Introduction - Adding PiratePay to a Subdomain and encrypting with SSL certbot.
In this guide we will be discussing how to secure your PiratePay application with SSL (HTTPS) by encrypting all data passed between PiratePay and your Store.
More specifically how to setup PiratePay as a Subdomain of your Primary website/store, and then using Certbot to automatically generate and install a Let's Encrypt Certificate specific to your subdomain. - Example of Address: piratepay.yourwebsite.com
Step #1: Configure your DNS to point a subdomain to your PiratePay's IP address.
To start we'll need to add an A-Record to your DNS (Domain Name System.), you can do this by going to your Domain Management on the site you purchased your domain name from.
Typical example of who you may have your Domain DNS records Setup through: Godaddy, Namecheap, Porkbun, Cloudflare, Reseller Club, Etc.
In my example I have my domains nameservers pointed to Cloudflare, so I will use Cloudflare to adjust my DNS Records.
To do this, I'll go to my domain on Cloudflare, click DNS, Click: +Add Record
Now adjust the type to A-Record, set the name to your subdomain, then set content to the Public IP address of your PiratePay server.
Type: A
Name: piratepay.mywebsite.com
Content: 11.111.1.111
TTL: Auto
In a lot of cases I see "Name" called "Host", or "Content" called "Answer" or "Value".
You may have to google "How to setup A Record on Godaddy" and then change "Godaddy" to who controls your Domain Names to find instructions more specific to your Domain Provider.
Once you do that, after it migrates you should be able to go to your website and then change the address to piratepay.yourwebsite.com
(Make sure you remove the https:// at the beginning since SSL isn't setup yet on the sub domain.)
Step #2: Setup Snapd and Certbot to automatically configure Nginx
First we'll need to install the snapd package manager, which will assist us with the auto configure version of certbot.
After that we'll use a second command to make sure that your OS didn't come with a different version of certbot already installed that might interfere with the auto setup.
sudo snap install core; sudo snap refresh core
sudo apt-get remove certbot
Now we'll create a symbolic link for snapd to make sure we can properly run the certbot commands.
sudo ln -s /snap/bin/certbot /usr/bin/certbot
One last adjustment before we run certbot is to go into your nginx config file, and change the server_name from the ip, and to the new subdomain address added above in step #1.
sudo nano /etc/nginx/sites-enabled/default
Locate server_name in the config file and change it to your piratepay subdomain address.
Example:
server_name piratepay.yourwebsite.com;
Now to save and exit press: Ctrl + X Save, Yes.
Once that is setup we'll run this certbot command which will install and help us automatically configure the SSL Certificate in Nginx.
sudo certbot --nginx
Now we'll test the automatic renewal feature of certbot to make sure it will automatically renew all future SSL Certificates.
sudo certbot renew --dry-run
If everything worked properly you should be able to go to your PiratePay Application on your Subdomain piratepay.yourwebsite.com and it should automatically redirect to the https:// version, and should display a lock next to it indicating communication with the site is secured through SSL.
One last thing we may want to do is update our APP_URL inside our .env config file, so everything that uses this variable correctly points to your new subdomain.
cd /var/www/PiratePay
nano .env
APP_URL=https://piratepay.mywebsite.com
Congratulations, you have successfully installed SSL on your PiratePay application, and your app is ready to receive encrypted communications from your website/store.