Back to Portfolio
Article
March 20, 2024
12 min read

DNS Configuration, SSL, and HTTP Setup

Learn how to configure custom domains, set up SSL certificates with Let's Encrypt, and secure your Flask application.

Security DNS SSL Let's Encrypt

Setting up a secure, production-ready web application requires proper DNS configuration and SSL certificates. This guide walks through the steps to configure DNS, obtain SSL certificates, and set up HTTPS.


Understanding the Stack

  • DNS: Translates domain names to IP addresses
  • SSL/TLS: Encrypts data transmission
  • HTTPS: Secure HTTP protocol

    • 1. DNS Records Setup

    Configure these records at your registrar (GoDaddy, Namecheap, Route53):


    Type: A

    Name: @

    Value: your-ec2-public-ip


    Type: CNAME

    Name: www

    Value: yourdomain.com



    2. Installing Certbot


    sudo apt update

    sudo apt install certbot python3-certbot-nginx -y



    3. Obtaining SSL Certificates

    Certbot can automatically configure Nginx for you:


    sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com


    Follow the prompts to redirect HTTP to HTTPS (recommended).


    4. Automatic Renewal

    Let's Encrypt certs expire in 90 days. Verify the auto-renewal timer:


    sudo systemctl status certbot.timer

    sudo certbot renew --dry-run



    5. Security Best Practices

    Add these headers to your Nginx config for better security:


    add_header X-Frame-Options "SAMEORIGIN" always;

    add_header X-Content-Type-Options "nosniff" always;

    add_header X-XSS-Protection "1; mode=block" always;



    Verification

    Visit your site at https://yourdomain.com and check for the padlock icon!