Part 3. Secure NginX
Guide showing how to secure nginx using certbot, creating a secure web socket for use with Polkadot-JS UI

Install NginX

Open the console of your server in Digital Ocean and install NginX using this command
sudo apt-get install nginx
Wait for the installation to finish.

Secure NginX server with an SSL certificate using certbot

Ensure snapd is up to date
sudo snap install core; sudo snap refresh core
Ensure historical versions of certbot are removed
If you have any Certbot packages installed using an OS package manager like apt, dnf, or yum, you should remove them before installing the Certbot snap to ensure that when you run the command certbot the snap is used rather than the installation from your OS package manager.
sudo apt-get remove certbot sudo dnf remove certbot sudo yum remove certbot

Install certbot

sudo snap install --classic certbot

Prepare the Certbot command

Execute the following instruction on the command line on the machine to ensure that the certbot command can be run.
sudo ln -s /snap/bin/certbot /usr/bin/certbot

Create the certificate

sudo certbot --nginx
Enter the domains you would like to generate a certificate for.
in my case, I use: relay-demo.portastation.co.uk

Modify the NginX server block within file DEFAULT at location /etc/nginx/sites-available

nano /etc/nginx/sites-available/default
Remove the contents of the file by holding SHIFT key and pressing DOWN ARROW. Once you have reached the bottom of the file press CRTL+K to remove the content.
You now have a blank file.
Please copy the below server block
server {
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name relay-demo.portastation.co.uk; # managed by Certbot
location / {
try_files $uri $uri/ =404;
proxy_buffering off;
proxy_pass http://localhost:9944;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/relay-demo.portastation.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/relay-demo.portastation.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = relay-demo.portastation.co.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name relay-demo.portastation.co.uk;
return 404; # managed by Certbot
}

Save the file

Press CRTL+X
Press Y
Press return

Restart nginx for changes to take effect

sudo systemctl restart nginx

Access your node through Polkadot-JS UI

Open a web browser and navigate to: https://polkadot.js.org/apps/#/explorer
Press the drop-down menu
Enter your domain as the custom endpoint, e.g. www.mydomain.com
wss://www.mydomain.com:443
[I] in my case, I use wss://relay-demo.portastation.co.uk:443
Click the SAVE icon.
You will then see the Porta Blockchain from the perspective of your node.
Continue to Part 4.
Copy link
On this page