SSD Nodes: 1-Click Applications’ Primer Document

If you’re reading this article, there’s a big chance you’ve chosen one of our 1 Click Applications (aka 1CA), with an awesome application ready to be used as soon as your server is up and running.

Our tech engineers at SSD Nodes worked hard to save you time and effort, preparing the most demanded applications, and making sure you get the most up to date version of your preferred app, after having been fully tested and deployed to fit your needs.

And to make them even more secure, all our 1CAs are installed with an active HTTPS self-signed certificate that will secure your website and protect your customers’ online transactions, making sure their sensitive information, such as their credit card number and personal information are being securely transmitted.

In This Article

In this article, you'll manage your 1-Click application, configuring an SSL/TLS certificate from a certificate authority (CA) and using it instead of the pre-installed self-signed certificate.

You will also add a domain name to your server to be used as an address instead of the default server IP.

Use the following links to jump to the main topics:

• Understanding our 1CAs built-in Self-Signed Certificates
• Transforming your Self-Signed to a CA certificate
• Adding a Domain Name to Your Server

Note: If you haven't purchased a server yet, what are you waiting for?  Visit our site now and get a hefty discount. Choose the server’s specifications that fit your needs, along with any of the 1 Click- Applications we offer (WordPress, Zabbix, phpMyAdmin, Webmin, Nextcloud, LAMP, LEMP, Grafana to name a few), complete your checkout, and in a couple of minutes, our building algorithms will hand you a beautiful application ready to be used!

Understanding Built-in Self-signed Certificates

Our built-in self-signed certificates create safer experiences for your customers, build more trust and improve conversions, protecting both customers and internal data. 

Check more details here:

• What are SSL Server Certificates
• Secure Your Site Using HTTPS

Trying Out Your Certificate

• Load your site in a browser by prefixing https:// to your website address. You will get a warning message, which is normal for a self-signed certificate.
• Click “ Advanced” or “More information” depending on the browser, and choose to proceed. Below is an example from Google Chrome.

 

The browser is just warning you that it can’t verify the identity of the server, since the certificate is not signed by any of its known certificate authorities.

 

After you do so, your browser will load your application’s welcome page, but with a noticeable symbol in front of your URL (aka website address).

In the above pop-up, click on “Certificate is not valid” for more details on the self-signed certificate.

Transforming Your Self-signed Certificate to a Valid CA Certificate

CA certificates can either be procured from Let's Encrypt or from other CA authorities.

Please check our special article discussing differences between Let's Encrypt & other CA-issued certificates, along with the essential information on how to procure both of these types.

To procure a Let's Encrypt certificate, follow the Creating The Let's Encrypt Certificate steps in this article.

After you procure your certificate (Let’s Encrypt or other), please refer to the following instructions, which describe installing the CA certificate on your web server.

Installing a CA Certificate for the APACHE Web Server

• Edit Apache’s default configuration file

nano /etc/apache2/sites-enabled/000-default.conf

• Replace the key and the certificate paths to the new values (highlighted in yellow  in the below code).

<VirtualHost *:80>
        Define servername www.example.com
        ServerName ${SERVERNAME}
        RewriteEngine on
        RewriteRule ^/.*$ https://\${SERVERNAME}%{SCRIPT_FILENAME}?%{QUERY_STRING} [R=301]
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
        SSLEngine On
        SSLCertificateFile /etc/letsencrypt/live/www.example.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
        ServerName ${SERVERNAME}
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

• Restart Apache

sudo systemctl restart apache2

• Reload your browser and you will notice a secured padlock with a valid certificate message as follows. Below is an example from Google Chrome.

For more details, check out Secure Your Site Using HTTPS.

Installing a CA Certificate for the NGINX Web Server

• Edit Nginx’s default configuration file

nano /etc/nginx/sites-enabled/default

• Replace the key and the certificate paths to the new values (highlighted in yellow  in the below code). 

server {
   listen 80;
   listen [::]:80;
   server_name www.example.com;
   access_log off;
   location / {
         rewrite ^ https://$host$request_uri? permanent;
   }
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name www.example.com;
    root /var/www/html;
    index index.php index.html index.htm index.nginx-debian.html;
    autoindex off;
    ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location ~ \.php$ {
         include snippets/fastcgi-php.conf;
         fastcgi_pass unix:/var/run/php/php-fpm.sock;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         include fastcgi_params;
    }
}

• Restart Nginx

sudo systemctl restart nginx

• Reload your browser and you will notice a secured padlock with a valid certificate message as follows:

Common Parts For Both APACHE & NGINX

In the above pop-up, click on “Certificate is secure” for more details on the CA certificate.

Your website is now a CA certified and you can securely welcome any online transactions, paid subscriptions like eCommerce websites, memberships or charity and online fundraising. For more details, check out Secure Your Site Using HTTPS.

Adding a Domain Name to Your Server

In this section, we will explain how to add a server name to your server, in the two most popular web servers: Apache and Nginx.

After procuring the domain name from SSD Nodes or others (Example: example.com), you need to add a hostname mapping to your server’s IP (Example: www.example.com → 192.0.0.1) 

Apache Domain Name

• Edit Apache’s default configuration file
  

nano /etc/apache2/sites-enabled/000-default.conf

For the moment, you will see that the “servername” attribute is the IP address automatically assigned to you. As an example:

<VirtualHost *:80>
        Define servername 192.0.0.1
        ServerName ${SERVERNAME}
        RewriteEngine on
        RewriteRule ^/.*$ https://\${SERVERNAME}%{SCRIPT_FILENAME}?%{QUERY_STRING} [R=301]
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
        SSLEngine On
        SSLCertificateFile /etc/ssl/certs/apache-selfsigned.pem
        SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
        ServerName ${SERVERNAME}
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

• Replace the existing IP with your domain name, which rights you would have purchased earlier, from a registrar entity (like GoDaddy, Namecheap, Network Solutions, etc.) by replacing the yellow highlighted part below.

<VirtualHost *:80>
        Define servername www.example.com
        ServerName ${SERVERNAME}
        RewriteEngine on
        RewriteRule ^/.*$ https://\${SERVERNAME}%{SCRIPT_FILENAME}?%{QUERY_STRING} [R=301]
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
        SSLEngine On
        SSLCertificateFile /etc/ssl/certs/apache-selfsigned.pem
        SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
        ServerName ${SERVERNAME}
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

• Enable SSL and RewriteEngine modules on Apache

sudo a2enmod ssl rewrite

• Test for configuration errors

sudo apache2ctl configtest

The below output means you can safely reload Apache, otherwise, you will get a very specific description pointing out the error you have to fix.

Syntax OK

• Restart Apache

sudo systemctl restart apache2

Testing Your Apache Domain Name

Open your preferred browser, and type your website’s domain name along with the https prefix.

Example: https://www.example.com, then tap “Enter”, and you should notice that your site will load its default home page, while preserving your domain name in the URL. Example: https://www.example.com/landingpages/index.html

 

Nginx Domain Name

• Edit Nginx’s default configuration file

nano /etc/nginx/sites-enabled/default

For the moment, you will see that the “server_name” attribute is the IP address automatically assigned to you. As an example:

server {    
    listen 80;
    listen [::]:80;
    server_name 192.0.0.1;
    access_log off;
    location / {
        rewrite ^ https://$host$request_uri? permanent;
    }
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name 192.0.0.1;
    root /var/www/html;
    index index.php index.html index.htm index.nginx-debian.html;
    autoindex off;
    ssl_certificate /etc/ssl/certs/apache-selfsigned.pem;
    ssl_certificate_key /etc/ssl/private/apache-selfsigned.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location ~ \.php$ {
         include snippets/fastcgi-php.conf;
         fastcgi_pass unix:/var/run/php/php-fpm.sock;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         include fastcgi_params;
    }
}

• Replace the existing IP with your domain name, which rights you would have purchased earlier, from a registrar entity (like GoDaddy, Namecheap, Network Solutions, etc.) by replacing the yellow highlighted part below.

server {
    listen 80;
    listen [::]:80;
    server_name www.example.com;
    access_log off;
    location / {
        rewrite ^ https://$host$request_uri? permanent;
    }
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name www.example.com;
    autoindex off;
    ssl_certificate /etc/ssl/certs/apache-selfsigned.pem;
    ssl_certificate_key /etc/ssl/private/apache-selfsigned.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location ~ \.php$ {
         include snippets/fastcgi-php.conf;
         fastcgi_pass unix:/var/run/php/php-fpm.sock;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         include fastcgi_params;
    }
}

• Restart Nginx

sudo systemctl restart nginx

Setting up a Domain Name for NextCloud with Nginx

For NextCloud, you also need to add your domain name to your NextCloud’s trusted domain list, in addition to configuring it in your Nginx configuration file.

First open the NextCloud configuration file:

nano /var/www/nextcloud/config/config.php

Then modify the trusted_domains array to include your new domain name:

  'trusted_domains' => 
  array (
    0 => 'your_ip_address',
    1 => 'yourdomain.com',
  ),

Make sure you’ve added your domain name to your Nginx configuration, then restart it:

sudo systemctl restart nginx

Testing Your Nginx Domain Name

Open your preferred browser, and type your website’s domain name along with the https prefix.
Example: https://www.example.com, then tap “Enter”, and you should notice that your site will load its default home page, while preserving your domain name in the URL.

Conclusion

That's it, you now have your 1-click application configured with an SSL/TLS certificate from a certificate authority, and a domain name for both Apache and Nginx.