Part 6: Integrating SSL(https) with Django website

As a final step of our deployment, we are going to make our website more secure by adding an ssh certificate to it. For that, we are going to use certbot.

If you have not in remote take the remote of your ec2 instance and then execute below commands to make your environment ready for certbot.

sudo apt-get update

sudo apt-get install software-properties-common

sudo add-apt-repository universe

sudo add-apt-repository ppa:certbot/certbot

sudo apt-get update

Now execute the below command to install certbot.

sudo apt-get install certbot python-certbot-nginx

This command will ask you for permission to accept by entering y.

Now integrate SSH with the Nginx by the bellow command

sudo certbot — nginx

NOTE: This command will ask you for some confirmation.

1. Email: enter your email so that you will get updates about your certificate

2. Agree to terms of services: enter ‘a’ for accepting

3. Share your email: You can ignore it by entering ‘n’.

4. Choose your domains. If you want all the domains then hit enter

5. Choose the redirect option: Enter 2 for enabling redirect.

Finally restart the server

sudo service nginx restart

sudo supervisorctl reload

Enable HTTPS traffic to the Ec2 server:

You are all set with the server. Now let’s enable our server to accept HTTPS traffic. If you have logged out from the AWS management console then login and go to the EC2 Dashboard by clicking EC2 from the services list.

From the sidebar click on the security groups, it will open the list of security groups available. Select the security group that is connected with the EC2 instance.

NOTE: If you don’t know the security group of your EC2 Dashboard, then click on instances, there find your instance from the list and on the right, you will find a column named security groups.

After selecting you will find the menu at the bottom. Click on the inbound. Here you will see all the permission for the inbound traffic.

We want to add HTTPS to the inbound traffic so scroll to top and click on the Edit button. It will show you a pop-up showing the total list.

Now click on Add Rule, it will create a new property. Select the type as HTTPS and leave all other defaults.

Finally, click Save and refresh your URL, you will find your site is secured.

Automating the renew process using CRON:

There is a problem that the security we are using is its expire soon. So we have to enable auto-renew so that it will renew automatically in our instance.

For that we are going to use Cron, so install that using the below command

sudo apt-get install cron

After installation check the status by the following command:

Systemctl status cron

Now configure the CRON by the following command

Crontab -e

It will ask you to choose an editor, choose Nano and paste below lines on the bottom of that file.

#m h dom mon dow command
30 4 1 * * certbot renew --quite

Finally, save the file by clicking ctrl+o and exit from the editor by clicking ctrl+x.

Congratulations! We have successfully setup the serve, now exit from the terminal and relax.