Securing VitoDeploy
INFO
This guide is only for VitoDeploy instances installed on a Virtual Private Server.
Install SSL on Vito instance
If you've installed VitoDeploy on a VPS, By default your Vito instance will be accessible via your server's IP address which is not secure.
To secure it you need to attach a domain to it and get an SSL certificate for it.
Attach a domain
Create an A record on your domain's DNS manager and point it to your Vito server's IP address.
WARNING
If you are using Cloudflare make sure you have the cloud proxy off at this stage!
Open /etc/nginx/sites-available/vito
with an editor on your terminal like nano
:
sudo nano /etc/nginx/sites-available/vito
Edit it like the following and add your domain to it:
server {
...
server_name _ YOUR_DOMAIN_GOES_HERE;
...
}
Now run the following command to restart the webserver:
sudo service nginx restart
Make sure your webserver is not broken:
sudo service nginx status
It should have something like this:
● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2024-04-10 11:11:32 UTC; 3 days ago
Docs: man:nginx(8)
Main PID: 172473 (nginx)
...
Now open your domain to make sure it is ok and can be opened.
Get SSL
Now you need to run the following command to generate the SSL
sudo certbot --force-renewal --nginx --noninteractive --agree-tos --cert-name YOUR_DOMAIN -m YOUR_EMAIL -d YOUR_DOMAIN --verbose
Make sure to replace the placeholders:
YOUR_DOMAIN: Your domain address like example.com
YOUR_EMAIL: Your email address to be provided to letsencrypt
INFO
If you are using Cloudflare, Now you can enable the cloud proxy if you want. Keep in mind that you might need to enable Full SSL encryption option on Cloudflare