Domain Setup

Use your own domain with Feedbacky.

Record

Before going into details, you must have your server pointed to your domain.

1. Access the DNS settings of your domain provider.

2. Create an A Record.

3. Find your public IP address.

curl ipinfo.io/ip

4. Insert a subdomain, for example; feedbacky.

5. Put your public IP address in the address field.

Port Forwarding

Your webserver also needs to be accessible over the internet.

1. Forward port 80.

sudo ufw allow 80/tcp

2. Forward port 443.

sudo ufw allow 443/tcp

Virtual Hosts

Creating

Virtual Hosts enables you to run multiple website on a single webserver, this is useful if you are also hosting other services such as a store front, documentation site, etc..

1. Access your webserver's Virtual Host directory.

cd /etc/apache2/sites-available

cd /etc/nginx/sites-available

2. Create a new file with the name being your domain, the file name must end with ".conf".

sudo nano {feedbacky.yourdomain}.conf

{feedbacky.yourdomain}.conf

Your domain including the subdomain, example; feedbacky.myapp.conf.

3. Paste the following content to your newly created Virtual Host file.

{feedbacky.yourdomain}.conf

<VirtualHost *:80>
  ServerName {DOMAIN_NAME}
</VirtualHost>

# Comment out (Adding #) to the part below if you don't plan on using SSL!
<VirtualHost *:443>
  ServerName {DOMAIN_NAME}
  RewriteEngine On
  RewriteCond %{HTTPS} !=on
  RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] 
  SSLEngine on
  SSLCertificateFile /etc/letsencrypt/live/{DOMAIN_NAME}/fullchain.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/{DOMAIN_NAME}/privkey.pem
</VirtualHost>

{feedbacky.yourdomain}.conf

server {
    listen 80;
    server_name {DOMAIN_NAME};

    return 301 https://$host$request_uri;
}

# Comment out (Adding #) to the part below if you don't plan on using SSL!
server {
    listen 443 ssl http2;
    server_name {DOMAIN_NAME};

    ssl_certificate /etc/letsencrypt/live/{DOMAIN_NAME}/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/{DOMAIN_NAME}/privkey.pem;
    ssl_session_cache shared:SSL:10m;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES2>-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
    ssl_prefer_server_ciphers on;

    http2_idle_timeout 5m; # up from 3m default
    client_max_body_size 0;

     location / {
       proxy_pass {SERVER_IP}:{CLIENT_APP_PORT};
  }
}

{DOMAIN_NAME}

Your fully qualified domain domain, example; feedbacky.app.cool.

{SERVER_IP} (Nginx)

The IP address (not public) of your Virtual Private Server (VPS) or dedicated hardware.

{CLIENT_APP_PORT}(Nginx)

The client port located in your .env file, by default it is 8090.

4. Save the file with CTRL + S and exit nano with CTRL + C.

Additional steps

5. By default proxy and ssl are disabled in Apache, enable them.

sudo a2enmod proxy ssl

Breakdown

To understand what this command does, we can break it down like this,

a2 means apache2
en means enable
mod means module

We are asking Apache to enable the proxy module which is located in the/etc/apache2/available-modules directory.

5. A symbolic link (symlink) must be created for making your Virtual Host work.

sudo ln -s /etc/nginx/sites-available/{DOMAIN_NAME}.conf /etc/nginx/sites-enabled/{DOMAIN_NAME}.conf

Breakdown

Each time you will edit your Virtual Host located in /etc/nginx/sites-available it will also update the one created in /etc/nginx/sites-enabled.

Enabling

sudo a2ensite {feedbacky.yourdomain}.conf

sudo service nginx reload

Generating a Certificate

Generate your domain SSL certificate.

sudo certbot certonly --apache -d {DOMAIN_NAME}

sudo certbot certonly --nginx -d {DOMAIN_NAME}

Standalone

If neither the Apache nor the Nginx command worked, try using the standalone command.

sudo certbot certonly --standalone -d {DOMAIN_NAME}

If everything went well, you should now have your own self-signed certificate for your domain.

Let's Encrypt Alternative

Cloudflare

An alternative method that you can follow instead of manually generating a certificate and adding additional values to your Virtual Host file is by using Cloudflare.

In short by adding your website to Cloudflare, you will be able to forward your board with Cloudflare's own proxy.

You can read more here.

The normal domain setup without SSL is still required!

PreviousConclusion NextUpdating/Upgrading

Last updated 2 years ago