Reputation: 4246
Setting up an SSL certificate for multiple webservices routed through nginx and a GitHub pages static page
Alright so I've run into a situation which is well out of my expertise or domian. So here's my problem.
I have 3 Webservices which are deployed (as docker containers) on 3 public IP addresses. They are called hackalist, core-api and cms. Now, I wanted to redirect three of these http://wolfbeacon.com/api/core , http://wolfbeacon.com/api/hackalist and http://wolfbeacon.com/cms (basically 3 different endpoints).
So for this purpose, I assume I would have to setup an nginx server to delegate these client requests to the container IPs. That makes sense and I have done that locally.
Now, I have our main website, http://wolfbeacon.com hosted through GitHub Pages.
Problem: Setup on SSL certificate for them all. One certificate for them all and future webservices. How do I go about doing this?
Upvotes: 1
Views: 154
Answers (1)
Reputation: 2419
nginx is reverse-proxy server, which is, in fact, exactly what you need.
However, GitHub Pages don't allow you to configure their reverse-proxy, neither it supports SSL for custom domains:
HTTPS is not supported for GitHub Pages using custom domains.
The quote from https://help.github.com/articles/securing-your-github-pages-site-with-https/
So, in order to achieve your goal, you have to have your own server to be set up in front of GitHub Pages and all your WebServices. I would name it balancer.
Then you install nginx on this balancer and set it up to serve responses for your main domain (wolfbeacon-dot-com in your example) and (optionally) to serve SSL. You will have to delegate your domain's Name Servers to this balancer as well.
You may then point to the real GitHub Pages URL for your website (like example.github.io) inside your balancers proxy_pass directive.
Assuming example.github.io as the main deployment of static content for your website and example.org as the front page for all your content and services, you then start with slightly similar configuration to the following:
server {
server_name example.org;
listen 80 default_server;
listen [::]:80 default_server;
location / {
proxy_pass https://example.github.io;
}
location /api/core {
proxy_pass http://{PUT_HERE_IP_ADDRESS_OF_YOUR_core-api_SERVICE}/
}
location /api/hackalist {
proxy_pass http://{PUT_HERE_IP_ADDRESS_OF_YOUR_hackalist_SERVICE}/
}
location /api/cms {
proxy_pass http://{PUT_HERE_IP_ADDRESS_OF_YOUR_cms_SERVICE}/
}
}
Once you are sure your nginx is serving your .com, just go ahead and enhance this config with listen 443 directive and some additional directives required in order to serve over SSL.
Consult with https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04 for onward directions about how to configure nginx to serve over SSL from scratch.
Upvotes: 2
Related Questions
- dynamic ssl certificate with nginx
- How to store and use SSL/TLS certificates for authentication in GitHub actions?
- nginx SSL configuration Using cer files
- One nginx config for multiple HTTPS (certbot) domains
- Gitlab - webroot directory
- How to restrict access to GitHub Pages with client side SSL certificate?
- NGINX: Each domain shares multiple ssl_certificate's
- How to implement Https on web facing nginx and several microservices behind it
- Setup nginx as Github Pages frontend, with https enabled
- Nginx configure SSL load balancer