Shellngn with Nginx and Let's Encrypt for HTTPS

Shellngn with Nginx and Let's Encrypt for HTTPS

This is a guide to show you how to run Shellngn with Nginx and generate HTTPS certificates with Let's Encrypt in 4 easy steps.

Step 1: Create a docker-compose.yaml file with the following content

Make sure to replace example.com with your domain and set your email address

docker-compose.yaml (click to download)
services:
  shellngn:
    container_name: shellngn
    image: shellngn/pro
    volumes:
      - './shellngn-data/:/home/node/server/data'
  nginx-verify:
    container_name: nginx-verify
    restart: unless-stopped
    image: nginx
    ports:
      - '80:80'
    volumes:
      - './nginx-verify.conf:/etc/nginx/nginx.conf'
      - './certbot/www:/var/www/certbot'
  nginx:
    container_name: nginx
    restart: unless-stopped
    image: nginx
    ports:
      - '443:443'
    volumes:
      - './nginx.conf:/etc/nginx/nginx.conf'
      - './certbot/conf:/etc/letsencrypt'
  certbot:
    image: certbot/certbot
    container_name: certbot
    volumes:
      - './certbot/conf:/etc/letsencrypt'
      - './certbot/www:/var/www/certbot'
    command: >-
      certonly --webroot -w /var/www/certbot --force-renewal --email admin@example.com -d example.com --agree-tos

Step 2: Create a nginx.conf file with the following content

Replace example.com with your domain

nginx.conf (click to download)
events
{
  # worker_connections  1024;
}

http
{
  server_tokens off;
  charset utf-8;

  server
  {
    listen 443 ssl http2;
    # use the certificates
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    server_name example.com;
    root /var/www/html;
    index index.php index.html index.htm;

    location /
    {
      proxy_pass http://shellngn:8080/;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection 'upgrade';
      proxy_set_header Host $host;
      proxy_cache_bypass $http_upgrade;
    }
  }
}

Step 3: Create a nginx-verify.conf file

This nginx configuration will allow the certbot to verify ownership of your domain.

nginx-verify.conf (click to download)
events
{
  # worker_connections  1024;
}

http
{
  server_tokens off;
  charset utf-8;

  # always redirect to https except for acme challenge
  server
  {
    listen 80 default_server;

    server_name _;

    location ~ /.well-known/acme-challenge/
    {
      root /var/www/certbot;
    }

    location /
    {
      return 301 https://$host$request_uri;
    }
  }
}

Step 4: Run docker-compose

At this stage you should have 3 files in the same folder.


All you have to do now is run the following command
docker-compose up
you should now be able to access Shellngn with your domain (https://example.com).

Optional step: Setup a cron job

A certificate has a lifetime of 90 days, and it is recommended to update them after a timespan of 60 days. Therefore, you need to rerun the certbot container every 60 days to renew the certificates. You can do this by using crontab.

A crontab can be created on linux systems by running:
crontab -e
And adding a line with the following structure:
0 5 1 */2 *  /usr/local/bin/docker-compose up -f /var/docker/docker-compose.yml certbot
The command means: Run docker-compose up -d at 5 am on the first day every 2nd month.


    • Related Articles

    • Shellngn with Nginx Proxy Manager for HTTPS

      This is a guide to show you how to run Shellngn with Nginx Proxy Manager and generate HTTPS certificates with Let's Encrypt certificates. What is the Nginx Proxy Manager? The Nginx proxy manager (NPM) is a reverse proxy management system running on ...

    • Shellngn On Docker

      Docker (www.docker.com) is an open platform making it easier to create, deploy, and run applications by using containers. This article describes the steps required to run Shellngn on Docker. With Docker, you can easily deploy Shellngn with just a ...

    • Setup SSO with Okta

      Login to your Shellngn Pro as administrator. Click on the menu icon and select Single Sign On (SSO) Make sure the Shellngn URL has your container address. In our example, it’s http://shellngn.corp.com:4000 Click on the sp-certificate.cer hyperlink to ...

    • Two Factor Authentication

      Two-factor authentication (2FA) is an additional layer of security for your Shellngn account. With 2FA enabled, you will be prompted to enter a 6-digit code when you log in to your account. This 6-digit code will be generated by an app installed on ...

    • Firewall IP Whitelisting

      Shellngn Cloud enables you to connect to your server using your browser by acting as a proxy between you and your server. It will be necessary to whitelist the Shellngn IP address if your server restricts IP addresses. The following IP addresses ...