{"_id":"5a1db098b15d1b001ebc5f08","category":{"_id":"5a1db098b15d1b001ebc5ef4","version":"5a1db098b15d1b001ebc5ef2","project":"54e7fca9e6e77d1900ed11f0","__v":0,"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2015-04-25T01:54:38.235Z","from_sync":false,"order":1,"slug":"tutorials","title":"Tutorials"},"parentDoc":null,"user":"54e7ff93c1c5e90d0048bd92","project":"54e7fca9e6e77d1900ed11f0","version":{"_id":"5a1db098b15d1b001ebc5ef2","project":"54e7fca9e6e77d1900ed11f0","__v":1,"createdAt":"2017-11-28T18:53:12.270Z","releaseDate":"2017-11-28T18:53:12.270Z","categories":["5a1db098b15d1b001ebc5ef3","5a1db098b15d1b001ebc5ef4","5a1db098b15d1b001ebc5ef5","5a1db098b15d1b001ebc5ef6"],"is_deprecated":false,"is_hidden":false,"is_beta":true,"is_stable":true,"codename":"","version_clean":"1.2.0","version":"1.2"},"githubsync":"","__v":0,"updates":["592f11cb7b0297003b20351c","59d04a8f0cd4dd0010294fd7","59f29997a2a4fa0010daefc3"],"next":{"pages":[],"description":""},"createdAt":"2016-04-07T21:08:08.615Z","link_external":false,"link_url":"","sync_unique":"","hidden":false,"api":{"settings":"","results":{"codes":[]},"auth":"required","params":[],"url":""},"isReference":false,"order":8,"body":"LetsEncrypt provides free SSL certificates and are great way to enhance the security of your PufferPanel installation\n\nFor the purposes of this guide, replace \"panel.example.com\" with your PufferPanel installation's domain name.\n[block:callout]\n{\n  \"type\": \"warning\",\n  \"title\": \"WARNING\",\n  \"body\": \"Enabling SSL on the panel will require that you update your pufferd configs to point to the updated URL. Refer to the directions below to do this.\"\n}\n[/block]\n\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Modify nginx config file\"\n}\n[/block]\nFind your pufferpanel.conf configuration file located in either /etc/nginx/sites-available or /etc/nginx/conf.d\n\n\nAdd the following location block to your nginx config file\n```\n        location /.well-known/acme-challenge/ {\n            try_files $uri =404;\n        }\n```\n\nHere is some context for where you should place it\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"        location / {\\n            try_files /public/router.php =404;\\n            fastcgi_split_path_info ^(.+?\\\\.php)(/.*)$;\\n            fastcgi_pass unix:/var/run/php5-fpm.sock;\\n            fastcgi_index router.php;\\n            fastcgi_param SCRIPT_FILENAME \\\\$document_root\\\\$fastcgi_script_name;\\n            include /etc/nginx/fastcgi_params;\\n        }\\n        \\n        location /.well-known/acme-challenge/ {\\n            try_files $uri =404;\\n        }\\n        \\n        location /assets {\\n            try_files /app/\\\\$uri =404;\\n        }\\n    }\",\n      \"language\": \"text\"\n    }\n  ]\n}\n[/block]\nMake sure to reload nginx\n```sudo service nginx reload```\n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"Grab the LetsEncrypt client\"\n}\n[/block]\n```cd /srv```\n```git clone https://github.com/letsencrypt/letsencrypt && cd letsencrypt```\n\nNow generate the certificates\n```./letsencrypt-auto certonly --webroot -w /srv/pufferpanel/ -d panel.example.com```\n[block:api-header]\n{\n  \"title\": \"Updating pufferd configs\"\n}\n[/block]\nOnce your panel is using HTTPS, you will need to update your pufferd configs to use the new URL.\n\nUpdate the following file, changing http to https where appropriate:\n``/etc/pufferd/config.json``\n\nRestart the pufferd service\n```sudo service pufferd restart```\n[block:api-header]\n{\n  \"title\": \"Enabling HTTPS on pufferd\"\n}\n[/block]\nCopy the full chain certificate and the private key files from LetsEncrypt into pufferd.\n```cp /etc/letsencrypt/live/panel.example.com/fullchain.pem /etc/pufferd/https.pem```\n```cp /etc/letsencrypt/live/panel.example.com/privkey.pem /etc/pufferd/https.key```\n\nChange the owner and group of the files\n```chown pufferd:pufferd /etc/pufferd/https.pem```\n```chown pufferd:pufferd /etc/pufferd/https.key```\n\nRestart the pufferd service\n```sudo service pufferd restart```\n\nNext, update the node through the panel to have the \"Internal IP\" set to be the above URL.\n\n```Internal IP: panel.example.com```","excerpt":"","slug":"using-letsencrypt-with-pufferpanel","type":"basic","title":"Using LetsEncrypt with PufferPanel"}

Using LetsEncrypt with PufferPanel


LetsEncrypt provides free SSL certificates and are great way to enhance the security of your PufferPanel installation For the purposes of this guide, replace "panel.example.com" with your PufferPanel installation's domain name. [block:callout] { "type": "warning", "title": "WARNING", "body": "Enabling SSL on the panel will require that you update your pufferd configs to point to the updated URL. Refer to the directions below to do this." } [/block] [block:api-header] { "type": "basic", "title": "Modify nginx config file" } [/block] Find your pufferpanel.conf configuration file located in either /etc/nginx/sites-available or /etc/nginx/conf.d Add the following location block to your nginx config file ``` location /.well-known/acme-challenge/ { try_files $uri =404; } ``` Here is some context for where you should place it [block:code] { "codes": [ { "code": " location / {\n try_files /public/router.php =404;\n fastcgi_split_path_info ^(.+?\\.php)(/.*)$;\n fastcgi_pass unix:/var/run/php5-fpm.sock;\n fastcgi_index router.php;\n fastcgi_param SCRIPT_FILENAME \\$document_root\\$fastcgi_script_name;\n include /etc/nginx/fastcgi_params;\n }\n \n location /.well-known/acme-challenge/ {\n try_files $uri =404;\n }\n \n location /assets {\n try_files /app/\\$uri =404;\n }\n }", "language": "text" } ] } [/block] Make sure to reload nginx ```sudo service nginx reload``` [block:api-header] { "type": "basic", "title": "Grab the LetsEncrypt client" } [/block] ```cd /srv``` ```git clone https://github.com/letsencrypt/letsencrypt && cd letsencrypt``` Now generate the certificates ```./letsencrypt-auto certonly --webroot -w /srv/pufferpanel/ -d panel.example.com``` [block:api-header] { "title": "Updating pufferd configs" } [/block] Once your panel is using HTTPS, you will need to update your pufferd configs to use the new URL. Update the following file, changing http to https where appropriate: ``/etc/pufferd/config.json`` Restart the pufferd service ```sudo service pufferd restart``` [block:api-header] { "title": "Enabling HTTPS on pufferd" } [/block] Copy the full chain certificate and the private key files from LetsEncrypt into pufferd. ```cp /etc/letsencrypt/live/panel.example.com/fullchain.pem /etc/pufferd/https.pem``` ```cp /etc/letsencrypt/live/panel.example.com/privkey.pem /etc/pufferd/https.key``` Change the owner and group of the files ```chown pufferd:pufferd /etc/pufferd/https.pem``` ```chown pufferd:pufferd /etc/pufferd/https.key``` Restart the pufferd service ```sudo service pufferd restart``` Next, update the node through the panel to have the "Internal IP" set to be the above URL. ```Internal IP: panel.example.com```