Securing HTTP traffic of your server

Introduction

These instructions will enable you to secure HTTP traffic of your self-hosted infrastructure, using a reverse proxy with Nginx.

Pre-requisites

• Your self-hosted infrastructure is running on our docker setup
• You've installed nginx in your server.
• You've configured a domain name (or subdomain) to point to your server's IP address.

Getting started

Setting up Nginx

1. Disable the default virtual host:

unlink /etc/nginx/sites-enabled/default

1. Create a new file named standardnotes.conf within /etc/nginx/sites-available:

server {
  listen 80;
  listen [::]:80;
  server_name yourdomain.com;

  access_log /var/log/nginx/standardnotes-access.log;
  error_log /var/log/nginx/standardnotes-error.log;

  client_max_body_size 50M;

  location / {
    proxy_pass http://127.0.0.1:3000;
  }
}

Note Replace yourdomain.com with your actual domain and 3000 with the port you have specified as {EXPOSED_PORT} if you have changed it.

1. Enable your new site:

ln -s /etc/nginx/sites-available/standardnotes.conf /etc/nginx/sites-enabled/standardnotes.conf

1. Restart Nginx to apply changes

There may be different ways to restart Nginx. If you installed Nginx from Ubuntu's default repository just type:

$ sudo service nginx restart

1. Test your Nginx configuration with:

$ nginx -t

1. Setting up Certbot for HTTPS configuration

Go to certbot to get and install your HTTPS certificate.

Certbot should automatically update your Nginx configuration and create SSL certificates for you.

After completing the above instructions, your Sync server should be HTTPS enabled!

Using your secured server

In the account menu, choose Advanced Options and enter the address of your new server in Sync Server Domain.

Then, register for a new account or log into an existing account and begin using your private new secure Standard Notes server!