Configuring SSL support in Spotipo
Enabling HTTPS will help you improve the security of your guest portal. Its mandatory if you are using Facebook login or payment login. In this tutorial we will explain the steps needed to enable it.
To follow this tutorial, you will need:
- One Ubuntu 16.04 server setup with latest version of Spotipo running
- A fully registered domain name. This tutorial will use example.com throughout. You can purchase a domain name on Namecheap, get one for free on Freenom, or use the domain registrar of your choice.
- DNS records set up for your server. The A record of your domain name should point to the server
- Ports 443 and 80 should be enabled on your server.
The first step to using Let’s Encrypt to obtain an SSL certificate is to install the Certbot software on your server.
Certbot is in very active development, so the Certbot packages provided by Ubuntu tend to be outdated. However, the Certbot developers maintain a Ubuntu software repository with up-to-date versions, so we’ll use that repository instead.
First, add the repository.
sudo add-apt-repository ppa:certbot/certbot
You’ll need to press ENTER to accept. Then, update the package list to pick up the new repository’s package information.
sudo apt-get update
And finally, install Certbot
sudo apt-get install certbot
Obtain your SSL certificate
Certbot provides a variety of ways to obtain SSL certificates, through various plugins. We will use the built-in server method to obtain the certificate.
First stop nginx service if its running.
sudo service nginx stop
Obtain the certificate for your domain. Replace example.com with your domain name.
sudo certbot certonly -d example.com
Cetbot will ask for your email and a bunch of questions. After which you will see the following message if everythoing goes well.
- Congratulations! Your certificate and chain have been saved at:
Your key file has been saved at:
Your cert will expire on 2018-06-24. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF:
Configure Nginx to serve SSL
Once the certificate is in place, we need to configure Nginx to use it. Just uncomment below lines available in /etc/nginx/sites-available/wifiapp.conf
Don’t forget to replace xxx.xxxx.com with your actual domain name.
listen 443 ssl;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Now restart nginx using
sudo service nginx restart
If everything went well, you should be able to get the SSL version of your spotipo by going to https://yourdomain
Force SSL usage
After testing that SSL works fine in last step. You can now force all requests to be served via SSL.
To do that add the following line to /usr/share/nginx/spotipo/instance/config.py
FORCE_SSL = 1
After that restart the app using
sudo service supervisor restart