Introduction
In the following article, I described how to set up Cantaloupe on EC2.
This time, I will configure a custom domain and enable HTTPS.
Custom Domain Configuration
This time, I will assign the domain cantaloupe.aws.ldas.jp to 54.172.71.20. When using Route 53, it can be configured as follows.
Obtaining an SSL Certificate
sudo su
apt install certbot
certbot certonly --standalone -d cantaloupe.aws.ldas.jp
root@ip-172-31-62-61:/home/ubuntu# certbot certonly --standalone -d cantaloupe.aws.ldas.jp
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel): xxx@gmail.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Account registered.
Requesting a certificate for cantaloupe.aws.ldas.jp
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/cantaloupe.aws.ldas.jp/fullchain.pem
Key is saved at: /etc/letsencrypt/live/cantaloupe.aws.ldas.jp/privkey.pem
This certificate expires on 2023-12-19.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Web Server Configuration: Installing Nginx
apt install nginx
vi /etc/nginx/sites-available/cantaloupe.aws.ldas.jp
Configuration:
server {
listen 80;
server_name cantaloupe.aws.ldas.jp;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name cantaloupe.aws.ldas.jp;
ssl_certificate /etc/letsencrypt/live/cantaloupe.aws.ldas.jp/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cantaloupe.aws.ldas.jp/privkey.pem;
location / {
proxy_pass http://localhost:8182; # これはcantaloupeのデフォルトのポートです
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Create a symbolic link and restart.
root@ip-172-31-62-61:/home/ubuntu# ln -s /etc/nginx/sites-available/cantaloupe.aws.ldas.jp /etc/nginx/sites-enabled/cantaloupe.aws.ldas.jp
root@ip-172-31-62-61:/home/ubuntu# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
root@ip-172-31-62-61:/home/ubuntu# systemctl restart nginx
As a result, Cantaloupe became accessible at the following URL.
https://cantaloupe.aws.ldas.jp/
Summary
I hope this is helpful for setting up Cantaloupe.
Note that while I used Let’s Encrypt this time, it is also possible to use AWS certificates.