Skip to content

Instantly share code, notes, and snippets.

@buzzkillb

buzzkillb/grafana-nginx-cloudflare.md

Created September 16, 2020 23:51
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save buzzkillb/aabf6b113154cf4f1601cc34e5488acf to your computer and use it in GitHub Desktop.
Save buzzkillb/aabf6b113154cf4f1601cc34e5488acf to your computer and use it in GitHub Desktop.
Download ZIP
Raw
grafana-nginx-cloudflare.md

Setup Cloudflare Full Strict SSL with DigitalOcean

slight modifications from here
https://www.youtube.com/watch?v=Ye1OrYwVN-U
https://github.com/theADAMJR/theADAMJR.github.io/blob/master/guides/setup-cloudflare-full-strict-ssl-with-digitalocean.md

Get Started

This tutorial uses Ubuntu 20.04, using a DigitalOcean droplet. The goal of this is to setup full strict SSL with cloudflare for a static website.

I use FileZilla FTP for pasting in file content due to the DigitalOcean terminal having weird paste issues.

View the full tutorial here, where I setup a Discord bot dashboard with NginX: https://www.youtube.com/watch?v=Ye1OrYwVN-U

Cloudflare Setup

Ensure that the Full (strict) option is selected for this guide to work. Full (strict) SSL

Also make sure that SSL/TLS -> Origin Server -> Authenticated Origin Pulls are set to On. Authenticated Origin Pulls

Install NginX

apt-get install nginx NginX is used to serve our website on port 80 and 443.

Create Cloudflare Certificate File

ctouch /etc/ssl/certs/cloudflare.crt Create the cloudflare certificate file.

Copy the contents of this: https://support.cloudflare.com/hc/en-us/article_attachments/360044928032/origin-pull-ca.pem into cloudflare.crt

-----BEGIN CERTIFICATE-----
MIIGCjCCA/KgAwIBAgIIV5G6lVbCLmEwDQYJKoZIhvcNAQENBQAwgZAxCzAJBgNV
BAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMRQwEgYDVQQLEwtPcmln
aW4gUHVsbDEWMBQGA1UEBxMNU2FuIEZyYW5jaXNjbzETMBEGA1UECBMKQ2FsaWZv
cm5pYTEjMCEGA1UEAxMab3JpZ2luLXB1bGwuY2xvdWRmbGFyZS5uZXQwHhcNMTkx
MDEwMTg0NTAwWhcNMjkxMTAxMTcwMDAwWjCBkDELMAkGA1UEBhMCVVMxGTAXBgNV
BAoTEENsb3VkRmxhcmUsIEluYy4xFDASBgNVBAsTC09yaWdpbiBQdWxsMRYwFAYD
VQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMSMwIQYDVQQD
ExpvcmlnaW4tcHVsbC5jbG91ZGZsYXJlLm5ldDCCAiIwDQYJKoZIhvcNAQEBBQAD
ggIPADCCAgoCggIBAN2y2zojYfl0bKfhp0AJBFeV+jQqbCw3sHmvEPwLmqDLqynI
42tZXR5y914ZB9ZrwbL/K5O46exd/LujJnV2b3dzcx5rtiQzso0xzljqbnbQT20e
ihx/WrF4OkZKydZzsdaJsWAPuplDH5P7J82q3re88jQdgE5hqjqFZ3clCG7lxoBw
hLaazm3NJJlUfzdk97ouRvnFGAuXd5cQVx8jYOOeU60sWqmMe4QHdOvpqB91bJoY
QSKVFjUgHeTpN8tNpKJfb9LIn3pun3bC9NKNHtRKMNX3Kl/sAPq7q/AlndvA2Kw3
Dkum2mHQUGdzVHqcOgea9BGjLK2h7SuX93zTWL02u799dr6Xkrad/WShHchfjjRn
aL35niJUDr02YJtPgxWObsrfOU63B8juLUphW/4BOjjJyAG5l9j1//aUGEi/sEe5
lqVv0P78QrxoxR+MMXiJwQab5FB8TG/ac6mRHgF9CmkX90uaRh+OC07XjTdfSKGR
PpM9hB2ZhLol/nf8qmoLdoD5HvODZuKu2+muKeVHXgw2/A6wM7OwrinxZiyBk5Hh
CvaADH7PZpU6z/zv5NU5HSvXiKtCzFuDu4/Zfi34RfHXeCUfHAb4KfNRXJwMsxUa
+4ZpSAX2G6RnGU5meuXpU5/V+DQJp/e69XyyY6RXDoMywaEFlIlXBqjRRA2pAgMB
AAGjZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1Ud
DgQWBBRDWUsraYuA4REzalfNVzjann3F6zAfBgNVHSMEGDAWgBRDWUsraYuA4REz
alfNVzjann3F6zANBgkqhkiG9w0BAQ0FAAOCAgEAkQ+T9nqcSlAuW/90DeYmQOW1
QhqOor5psBEGvxbNGV2hdLJY8h6QUq48BCevcMChg/L1CkznBNI40i3/6heDn3IS
zVEwXKf34pPFCACWVMZxbQjkNRTiH8iRur9EsaNQ5oXCPJkhwg2+IFyoPAAYURoX
VcI9SCDUa45clmYHJ/XYwV1icGVI8/9b2JUqklnOTa5tugwIUi5sTfipNcJXHhgz
6BKYDl0/UP0lLKbsUETXeTGDiDpxZYIgbcFrRDDkHC6BSvdWVEiH5b9mH2BON60z
0O0j8EEKTwi9jnafVtZQXP/D8yoVowdFDjXcKkOPF/1gIh9qrFR6GdoPVgB3SkLc
5ulBqZaCHm563jsvWb/kXJnlFxW+1bsO9BDD6DweBcGdNurgmH625wBXksSdD7y/
fakk8DagjbjKShYlPEFOAqEcliwjF45eabL0t27MJV61O/jHzHL3dknXeE4BDa2j
bA+JbyJeUMtU7KMsxvx82RmhqBEJJDBCJ3scVptvhDMRrtqDBW5JShxoAOcpFQGm
iYWicn46nPDjgTU0bX1ZPpTpryXbvciVL5RkVBuyX2ntcOLDPlZWgxZCBp96x07F
AnOzKgZk4RzZPNAxCXERVxajn/FLcOhglVAKo5H0ac+AitlQ0ip55D2/mf8o72tM
fVQ6VpyjEXdiIXWUq/o=
-----END CERTIFICATE-----

Create a Cloudflare Origin Certificate

This will be also be used for secure connections with SSL.

Create a certificate

Create the Origin Certificate File

touch /etc/ssl/certs/cert.pem Then paste the contents of the Cloudflare Origin Certificate into this file.

Create the Private Key File

touch /etc/ssl/private/key.pem Then paste the contents of the Cloudflare Private key into this file.

Create the NginX Config File

touch /etc/nginx/sites-available/default Then paste in the contents of this, and tweak to fit the needs of your website. Replace values where necessary.

server {
    listen 80;
    listen [::]:80;
    server_name denarius.pro;
    return 302 https://$server_name$request_uri;

}

server {
        listen 443 ssl;
        listen [::]:443 ssl http2;
        ssl on;

        ssl_certificate /etc/ssl/certs/cert.pem;
        ssl_certificate_key /etc/ssl/private/key.pem;

        location / {
                proxy_pass    http://172.17.0.3:3000;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
        }
}

Reload NginX

You can optionally test that the config does not have syntax errors with nginx -t.

Type this to reload NginX and activate the config. nginx -s reload

Secure!

Secure!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment