Azure https endpoints and ports

Question

Hey all,

Just wondering if anybody can help. I have set up a VM in azure (specifically it's the quorum-dev-quickstart in the marketplace). it's serving up a number of things on various ports e.g. a json rpc http service on 8545.

Now my problem is how do I convert these endpoints to https?

I have followed through other examples to install nginx and openssl, while that works out perfectly at https://xx.xxx.xx.xx, it doesn't work for https://xx.xxx.xx.xx:8545

Can some one tell me how I could make that https endpoint?

Much appreciated

Answer 1

To secure your service running on port 8545 with HTTPS, you can use Nginx as a reverse proxy with SSL termination. This means Nginx will handle the SSL encryption/decryption and forward the requests to your service running on port 8545. Here are the steps to set this up:

Install Nginx (if not already installed):

sudo apt update
sudo apt install nginx

Obtain an SSL certificate. You can either use a self-signed certificate for testing purposes or get a certificate from a Certificate Authority (CA) like Let's Encrypt for production environments.

For a self-signed certificate, run the following commands:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt

1. If you want to use Let's Encrypt, you can follow this tutorial to set up Let's Encrypt with Nginx on Ubuntu.
2. Configure Nginx: a. Create a new Nginx configuration file for your service, for example:

sudo nano /etc/nginx/sites-available/my-service

b. Add the following configuration to the file, replacing xx.xxx.xx.xx with your server's IP address or domain name, and YOUR_SERVICE_PORT with the port number on which your service is running (e.g., 8545):

server {
    listen 80;
    server_name xx.xxx.xx.xx;
    return 301 https://$host$request_uri;
}

server {
    listen 8545 ssl;
    server_name xx.xxx.xx.xx;

    ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;  # If using Let's Encrypt, use the appropriate path
    ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;  # If using Let's Encrypt, use the appropriate path

    location / {
        proxy_pass http://localhost:YOUR_SERVICE_PORT;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

Answer 2

can you try the follwing

server {
    listen 80;
    server_name 20.5.124.138;
    return 301 https://$host$request_uri;
}

server {
    listen 8546 ssl http2;
    server_name 20.5.124.138;

    ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;  # If using Let's Encrypt, use the appropriate path
    ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;  # If using Let's Encrypt, use the appropriate path

    location / {
        proxy_pass http://localhost:8545;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

Answer 3

As I understand you want to listen https protocol from port 8545, not 443

and I have updated my config please try this I made some mistakes before

server {
    listen 80;
    server_name 20.5.124.138;
    return 301 https://$host$request_uri;
}

server {
    listen 8545 ssl http2;
    server_name 20.5.124.138;

    ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;  # If using Let's Encrypt, use the appropriate path
    ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;  # If using Let's Encrypt, use the appropriate path

    location / {
        proxy_pass http://localhost;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}