To secure your service running on port 8545 with HTTPS, you can use Nginx as a reverse proxy with SSL termination. This means Nginx will handle the SSL encryption/decryption and forward the requests to your service running on port 8545. Here are the steps to set this up:
Install Nginx (if not already installed):
sudo apt update
sudo apt install nginx
Obtain an SSL certificate. You can either use a self-signed certificate for testing purposes or get a certificate from a Certificate Authority (CA) like Let's Encrypt for production environments.
For a self-signed certificate, run the following commands:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
- If you want to use Let's Encrypt, you can follow this tutorial to set up Let's Encrypt with Nginx on Ubuntu.
- Configure Nginx: a. Create a new Nginx configuration file for your service, for example:
sudo nano /etc/nginx/sites-available/my-service
b. Add the following configuration to the file, replacing xx.xxx.xx.xx
with your server's IP address or domain name, and YOUR_SERVICE_PORT
with the port number on which your service is running (e.g., 8545):
server {
listen 80;
server_name xx.xxx.xx.xx;
return 301 https://$host$request_uri;
}
server {
listen 8545 ssl;
server_name xx.xxx.xx.xx;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; # If using Let's Encrypt, use the appropriate path
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; # If using Let's Encrypt, use the appropriate path
location / {
proxy_pass http://localhost:YOUR_SERVICE_PORT;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}