There is no results
    See all results

    Secure Yii2 Project with Let’s Encrypt on Ubuntu 14.04

    Blog / Secure Yii2 Project with Let’s Encrypt on Ubuntu 14.04

    In this article, I want to provide you with a simple way to secure your site with Let’s Encrypt.

    Let’s Encrypt is a new Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers.

    Let’s assume that your site is made using Yii2 php framework, as HTTP server uses Nginx, and Ajenti for administrator servers, and GIT.

    I will describe it on the example of Yii2 advanced project.

    Let’s think that you have 2 sites:

    http://backend.example.com

    and

    http://fronted.example.com

    This is a typical structure of Yii2 advanced project:

    Picture1

    Step 1

    • Go to the folder /backend/web/  and create a folder .well-known;
    • in this folder create .gitignore file with the following content:

    Picture2

    Do the same thing in the/frontend/web/ folder

    Step 2

    Open file /environments/index.php and add .well-known folder to the setWritable  section. It should work like this:

    Picture3

    Step 3

    Commit and push your changes to the server.

    —- All next steps should be done on your VPS ——

    Run command in the root project folder

    php ./init –env=YourEnv –overwrite=All

    Step 4

    Clone Let’s Encrypt
    sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt

    Step 5

    Go to your Ajenti dashboard

    https://your_ip:8000/

    Open tab Websites and click Manage

    Picture4

    Open Advanced tab and add the following:

    location ~ /.well-known {

                    allow all;

    }

    Here’s what you’ll get, as a result:

    Picture5

     

    Step 6

    In VPS console go to folder cd /opt/letsencrypt and rub command

    ./letsencrypt-auto certonly -a webroot –webroot-path=/path/to/project/backend/web -d backend.example.com

     

    ./letsencrypt-auto certonly -a webroot –webroot-path=/path/to/project/ fronted /web -d fronted.example.com

    Following the prompt, enter an email address that will be used for notices and lost key recovery:

    Picture6

    Then you must accept Let’s Encrypt Subscribe Agreement. Select ‘Agree’:

    Picture7

    Step 7

    Generate Strong Diffie-Hellman Group

    sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

    Step 8

    Go back to Ajenti panel

    And add SSL files to your site configurations

    Picture8Picture9

    In the field ” SSL certificate path ” add path to the file

    /etc/letsencrypt/live/backend.example.com /fullchain.pem

    and in the field “SSL key path” add path to the file

    /etc/letsencrypt/live/ backend.example.com /privkey.pem

    Same for frontend.example.com site.

    Step 9

    Add CRON job, it is needed for Auto Renewal

    Picture9 Picture11

    CRON job

    30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log

    35 2 * * 1 /etc/init.d/nginx reload

     

    Now you can visit your sites

    https://backend.example.com

    and

    https://fronted.example.com

     

    Enjoy 🙂

    Tags: Ajenti Let's Encrypt Nginx PHP ssl Yii2

    Author

    Terry Svityk

    Posted at

    May 17, 2016

    Share Post

    Insights from our Consulting Department

    insight
    January 22, 2019
    Show more
    How To Convert Traffic into Sales with Lead Conversion Strategy
    insight
    October 15, 2016
    Show more
    How to Create the Smartest Chatbot Ever With IBM Watson Services

    Leave a Reply

    Your email address will not be published. Required fields are marked *