Part 3. Secure NginX
Guide showing how to secure nginx using certbot, creating a secure web socket for use with Polkadot-JS UI

Install NginX

Open the console of your server in Digital Ocean and install NginX using this command
1
sudo apt-get install nginx
Copied!
Wait for the installation to finish.

Secure NginX server with an SSL certificate using certbot

Ensure snapd is up to date
1
sudo snap install core; sudo snap refresh core
Copied!
Ensure historical versions of certbot are removed
If you have any Certbot packages installed using an OS package manager like apt, dnf, or yum, you should remove them before installing the Certbot snap to ensure that when you run the command certbot the snap is used rather than the installation from your OS package manager.
1
sudo apt-get remove certbot sudo dnf remove certbot sudo yum remove certbot
Copied!

Install certbot

1
sudo snap install --classic certbot
Copied!

Prepare the Certbot command

Execute the following instruction on the command line on the machine to ensure that the certbot command can be run.
1
sudo ln -s /snap/bin/certbot /usr/bin/certbot
Copied!

Create the certificate

1
sudo certbot --nginx
Copied!
Enter the domains you would like to generate a certificate for.
in my case, I use: relay-demo.portastation.co.uk

Modify the NginX server block within file DEFAULT at location /etc/nginx/sites-available

1
nano /etc/nginx/sites-available/default
Copied!
Remove the contents of the file by holding SHIFT key and pressing DOWN ARROW. Once you have reached the bottom of the file press CRTL+K to remove the content.
You now have a blank file.
Please copy the below server block
1
server {
2
root /var/www/html;
3
index index.html index.htm index.nginx-debian.html;
4
server_name relay-demo.portastation.co.uk; # managed by Certbot
5
6
location / {
7
try_files $uri $uri/ =404;
8
proxy_buffering off;
9
proxy_pass http://localhost:9944;
10
proxy_set_header X-Real-IP $remote_addr;
11
proxy_set_header Host $host;
12
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
13
proxy_http_version 1.1;
14
proxy_set_header Upgrade $http_upgrade;
15
proxy_set_header Connection "upgrade";
16
}
17
18
listen [::]:443 ssl ipv6only=on; # managed by Certbot
19
listen 443 ssl; # managed by Certbot
20
ssl_certificate /etc/letsencrypt/live/relay-demo.portastation.co.uk/fullchain.pem; # managed by Certbot
21
ssl_certificate_key /etc/letsencrypt/live/relay-demo.portastation.co.uk/privkey.pem; # managed by Certbot
22
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
23
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
24
}
25
server {
26
if ($host = relay-demo.portastation.co.uk) {
27
return 301 https://$host$request_uri;
28
} # managed by Certbot
29
30
listen 80 ;
31
listen [::]:80 ;
32
server_name relay-demo.portastation.co.uk;
33
return 404; # managed by Certbot
34
}
Copied!

Save the file

Press CRTL+X
Press Y
Press return

Restart nginx for changes to take effect

1
sudo systemctl restart nginx
Copied!

Access your node through Polkadot-JS UI

Open a web browser and navigate to: https://polkadot.js.org/apps/#/explorer
Press the drop-down menu
Enter your domain as the custom endpoint, e.g. www.mydomain.com
1
wss://www.mydomain.com:443
Copied!
[I] in my case, I use wss://relay-demo.portastation.co.uk:443
Click the SAVE icon.
You will then see the Porta Blockchain from the perspective of your node.
Continue to Part 4.
Copy link
Contents