Part 3. Secure nginx
A step-by-step tutorial showing how to secure nginx using certbot, creating a secure web socket for use with Polkadot-JS UI

Secure nginx server with the certificate using Certbot

Ensure snapd is up to date
1
sudo snap install core; sudo snap refresh core
Copied!
Ensure historical versions of Certbot are removed
If you have any Certbot packages installed using an OS package manager like apt, dnf, or yum, you should remove them before installing the Certbot snap to ensure that when you run the command certbot the snap is used rather than the installation from your OS package manager.
1
sudo apt-get remove certbot
2
sudo dnf remove certbot
3
sudo yum remove certbot
Copied!

Install certbot

1
sudo snap install --classic certbot
Copied!
Could not load image

Prepare the Certbot command

Execute the following instruction on the command line on the machine to ensure that the certbot command can be run.
1
sudo ln -s /snap/bin/certbot /usr/bin/certbot
Copied!

Create the certificate

1
sudo certbot --nginx
Copied!
Enter the domains you would like to generate a certificate for.
in my case, I use www.portadev.co.uk

Additionally, setup a certificate for mydomain.com

1
sudo certbot --nginx --domains mydomain.com
Copied!
in my case, I will setup a certificate for portadev.co.uk

Create the server block

Navigate to the base directory
1
cd ..
Copied!

Modify the server block within file DEFAULT at location /etc/nginx/sites-available

1
nano /etc/nginx/sites-available/default
Copied!
Remove the contents of the file by holding SHIFT key and pressing DOWN ARROW. Once you have reached the bottom of the file press CRTL+K to remove the content.
You now have a blank file.
Please copy the below server block
1
server {
2
3
root /var/www/html;
4
5
index index.html index.htm index.nginx-debian.html;
6
7
server_name portadev.co.uk; # managed by Certbot
8
9
location / {
10
11
try_files $uri $uri/ =404;
12
13
proxy_buffering off;
14
15
proxy_pass http://localhost:9944;
16
17
proxy_set_header X-Real-IP $remote_addr;
18
19
proxy_set_header Host $host;
20
21
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
22
23
proxy_http_version 1.1;
24
25
proxy_set_header Upgrade $http_upgrade;
26
27
proxy_set_header Connection "upgrade";
28
}
29
30
#listen [::]:443 ssl ipv6only=on; # managed by Certbot
31
32
listen 443 ssl; # managed by Certbot
33
34
ssl_certificate /etc/letsencrypt/live/www.portadev.co.uk/fullchain.pem; # managed by Certbot
35
36
ssl_certificate_key /etc/letsencrypt/live/www.portadev.co.uk/privkey.pem; # managed by Certbot
37
38
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
39
40
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
41
}
Copied!

Save the file

Press: CRTL+X
Press Y
Press return

Restart nginx for changes to take effect

1
sudo systemctl restart nginx
Copied!

Start the validator node

Navigate to the folder containing the Porta node cargo.toml file.
1
cd root/porta-node/
Copied!

Run the node

1
./target/release/porta --chain chain-spec-padlock.json -d data/[Validator name] --name [Validator name] --ws-external --rpc-external --rpc-cors all --rpc-methods=unsafe
Copied!
Wait for the node to synchronise

Access your node through Polkadot-JS UI

Open a web browser and navigate to: https://polkadot.js.org/apps/#/explorer
Press the drop-down menu
Enter your domain as the custom endpoint, e.g. www.mydomain.com
1
wss://www.mydomain.com:443
Copied!
in my case, I use wss://www.portadev.co.uk:443
Click the SAVE icon.
You will then see the Porta Blockchain from the perspective of your node.

Run the node in a deamon process

When you exit the console of the server, the session running the blockchain node will stop running.
This produces the following message on the web-browser.exit and will close and the
To stop this from happening you need to run the validator as a daemon process using ‘screen’
Run the screen command in the console
1
screen
Copied!
Navigate to the folder containing the porta nodea cargo.toml
Start the node
1
./target/release/porta --chain chain-spec-padlock.json -d data/[Validator name] --name [Validator name] --validator --ws-external --rpc-external --rpc-cors all --rpc-methods=unsafe
Copied!
While the node is running press CRTL+A followed by CRTL+D
This will detach the terminal from the process, but the process is still running.
You can confirm the node is still running by doing the following:
You will see the node is still accessible through Polkadot-JS and is, therefore, still running.
You are now ready to move to Part 4 of this tutorial series.
Copy link
Contents