33## Requirements
44
551 . You'll need a subdomain and the a wildcard subdomain configured that resolves to server.
6+
672 . Install ** nginx** (assuming you're on Debian/Ubuntu):
78
89 ``` console
12133. Stop NGINX:
1314
1415 ```console
15- sudo service stop nginx
16- ```
16+ sudo service stop nginx
17+ ```
1718
1819## Adding Coder deployment subdomain
1920
2021> This example assumes Coder is running locally on ` 127.0.0.1:3000` for the subdomain ` YOUR_SUBDOMAIN` ` coder.example.com`
2122
22- - Create NGINX configuration for this app: `sudo touch /etc/nginx/sites-available/YOUR_SUBDOMAIN`
23+ 1. Create NGINX configuration for this app:
24+
25+ ```console
26+ sudo touch /etc/nginx/sites-available/YOUR_SUBDOMAIN
27+ ```
28+
29+ 2. Activate this file :
2330
24- - Activate this file : `sudo ln -s /etc/nginx/sites-available/YOUR_SUBDOMAIN /etc/nginx/sites-enabled/YOUR_SUBDOMAIN`
31+ ```console
32+ sudo ln -s /etc/nginx/sites-available/YOUR_SUBDOMAIN /etc/nginx/sites-enabled/YOUR_SUBDOMAIN
33+ ```
2534
2635## Install and configure LetsEncrypt Certbot
2736
28- Install LetsEncrypt Certbot: Refer to the [CertBot documentation](https://certbot.eff.org/instructions?ws=other&os=pip&tab=wildcard)
37+ 1. Install LetsEncrypt Certbot: Refer to the [CertBot documentation](https://certbot.eff.org/instructions?ws=other&os=pip&tab=wildcard)
2938
3039## Create DNS provider credentials
3140
32- - Create an API token for the DNS provider you're using: e.g [CloudFlare](https://dash.cloudflare.com/profile/api-tokens) with the following permissions:
41+ 1. Create an API token for the DNS provider you're using: e.g [CloudFlare](https://dash.cloudflare.com/profile/api-tokens) with the following permissions:
42+ - Zone - DNS - Edit
3343
34- - Zone - DNS - Edit
44+ 2. Create a file in `.secrets/certbot/cloudflare.ini` with the following content :
3545
36- - Create a file in `.secrets/certbot/cloudflare.ini` with the following content :
37- - `dns_cloudflare_api_token = YOUR_API_TOKEN`
46+ - `dns_cloudflare_api_token = YOUR_API_TOKEN`
3847
3948## Create the certificate
4049
41- - Create the wildcard certificate:
50+ 1. Create the wildcard certificate:
4251
43- ```console
44- sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -d coder.example.com *.coder.example.com
45- ```
52+ ```console
53+ sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -d coder.example.com *.coder.example.com
54+ ```
4655
4756## Configure nginx
4857
49- Edit the file with : ` sudo nano /etc/nginx/sites-available/YOUR_SUBDOMAIN ` and add the following content :
50-
51- ``` nginx
52- server {
53- server_name YOUR_SUBDOMAIN;
54-
55- # HTTP configuration
56- listen 80;
57- listen [::]:80;
58-
59- # HTTP to HTTPS
60- if ($scheme != "https") {
61- return 301 https://$host$request_uri;
62- } # managed by Certbot
63-
64- # HTTPS configuration
65- listen [::]:443 ssl ipv6only=on; # managed by Certbot
66- listen 443 ssl; # managed by Certbot
67- ssl_certificate /etc/letsencrypt/live/YOUR_SUBDOMAIN/fullchain.pem;
68- ssl_certificate_key /etc/letsencrypt/live/YOUR_SUBDOMAIN/privkey.pem;
69- include /etc/letsencrypt/options-ssl-nginx.conf;
70- ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
71-
72- location / {
73- proxy_pass http://127.0.0.1:3000;
74- proxy_http_version 1.1;
75- proxy_set_header Upgrade $http_upgrade;
76- proxy_set_header Connection $connection_upgrade;
77- proxy_set_header Host $server_name;
78- proxy_set_header X-Real-IP $remote_addr;
79- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
80- proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
81- add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
58+ 1. Edit the file with :
59+
60+ ```console
61+ sudo nano /etc/nginx/sites-available/YOUR_SUBDOMAIN
62+ ```
63+
64+ 2. Add the following content :
65+
66+ ```nginx
67+ server {
68+ server_name YOUR_SUBDOMAIN;
69+
70+ # HTTP configuration
71+ listen 80;
72+ listen [::]:80;
73+
74+ # HTTP to HTTPS
75+ if ($scheme != "https") {
76+ return 301 https://$host$request_uri;
77+ }
78+
79+ # HTTPS configuration
80+ listen [::]:443 ssl ipv6only=on;
81+ listen 443 ssl;
82+ ssl_certificate /etc/letsencrypt/live/YOUR_SUBDOMAIN/fullchain.pem;
83+ ssl_certificate_key /etc/letsencrypt/live/YOUR_SUBDOMAIN/privkey.pem;
84+ include /etc/letsencrypt/options-ssl-nginx.conf;
85+ ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
86+
87+ location / {
88+ proxy_pass http://127.0.0.1:3000;
89+ proxy_http_version 1.1;
90+ proxy_set_header Upgrade $http_upgrade;
91+ proxy_set_header Connection $connection_upgrade;
92+ proxy_set_header Host $server_name;
93+ proxy_set_header X-Real-IP $remote_addr;
94+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
95+ proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
96+ add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
97+ }
8298 }
83- }
84- ```
99+ ```
85100
86101> Don' t forget to change :
87102>
@@ -90,17 +105,27 @@ server {
90105
91106## Refresh certificates automatically
92107
93- - Create a new file in ` /etc/cron.weekly ` : ` sudo touch /etc/cron.weekly/certbot `
94- - Make it executable : ` sudo chmod +x /etc/cron.weekly/certbot `
95- - And add this code :
108+ 1. Create a new file in `/etc/cron.weekly` :
109+
110+ ```console
111+ sudo touch /etc/cron.weekly/certbot
112+ ```
113+
114+ 2. Make it executable :
115+
116+ ```console
117+ sudo chmod +x /etc/cron.weekly/certbot
118+ ```
119+
120+ 3. And add this code :
96121
97- ``` sh
98- #! /bin/sh
99- sudo certbot renew -q
100- ```
122+ ```sh
123+ #!/bin/sh
124+ sudo certbot renew -q
125+ ```
101126
102127## Restart NGINX
103128
104129- `sudo service nginx restart`
105130
106- And that's it, you should now be able to access Coder via ` https://YOUR_SUBDOMAIN ` !
131+ And that's it, you should now be able to access Coder at `https://YOUR_SUBDOMAIN`!
0 commit comments