How To Install Let’s Encrypt SSL Certificate on Google Cloud Compute with a Bitnami Stack

So wanted to do this for some time now and got the chance to do this now as I wanted to share something new everyday.

Let’s Encrypt is a free, automated and open Certificate Authority. Today I learned it was not straight forward to install.

I first tried to add the ppa certbot and when I tried to install python certbot app I got errors on dependencies. I then tried certbot-auto script which was successful but my site was still not showing as being secured by SSL.

Finally the following worked for me.

Here are the steps to install the SSL
Login to shell on your google cloud instance
ssh -i xx_gca key bitnami@ipaddress

Change directory
cd /tmp

Run the following command – replace the version with the latest version from github

curl -s https://api.github.com/repos/xenolf/lego/releases/latest | grep browser_download_url | grep linux_amd64 | cut -d '"' -f 4 | wget -i - tar xf lego_v1.0.1_linux_amd64.tar.gz

Untar the file
tar xf lego_v1.0.1_linux_amd64.tar.gz

Make the lego executable by copying to the binary directory

sudo mv lego /usr/local/bin/lego

Stop your server
sudo /opt/bitnami/ctlscript.sh stop

Run the lego client
sudo lego --email="youremail@domain.com" --domains="yourdomain.com" --domains="www.yourdomain.com" --path="/etc/lego" run

Backup your existing certificates by renaming them
mv server.key server.key.2018

Copy the server certficates from /etc/lego/certificate to /opt/bitnami/apache2/conf

Change directory and go to
cd /opt/bitnami/apps/wordpress/conf

Edit the following httpd-app.conf file
sudo vi httpd-app.conf

Add the following conditions and rule
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.lopau.com/$1 [R,L]

Finally start back the server
sudo /opt/bitnami/ctlscript.sh start

Reload your website and check the URL, you should now be secured with an SSL

That should get your going.

Other things to note:

  • certificates only valid for 90 days
  • suggestions is to auto renew
  • certificates are free and can be used on websites, ftp servers, mail servers
  • need an ACME client

On my next tutorial, I’ll show you to setup a cron job to auto renew the certificate.

How to Send Emails from WordPress on a Google Cloud Compute Instance

Google Compute Engine does not allow outbound connections on ports 25, 465 and 587. These SMTP ports are blocked by default due to abuse.

For sending emails through the Google cloud compute instance Google recommends the following:

  • Relay emails through your G suite(formerly known as Google Apps) account
  • Relay using third party email service such as Sendgrid,  Mailgun or Mailjet.
  • Connect your instance to your network via VPN and use your network to send email

With setting up the relay service we would need to configure and install Postfix. We won’t be installing and configuring Postfix on this tutorial. Instead we would be utilizing a WordPress WP Mail Plugin that would allow us to use a Gmail SMTP to send emails. I recommend setting up a new gmail account just for this purpose.

Read the rest of this entry »

How to Access phpMyAdmin on Google Cloud Compute on your Mac

I’ve been doing a small bit of Google Cloud Compute(GCP) configurations to run this blog. I thought I’ll start sharing some of the steps I’ve gone through which could be useful to others out there. So I’ve setup a GCP instance and configured it with a WordPress Bitnami stack. I’ve got some videos of those in this playlist if you want to follow along.

But on this post I would be discussing about accessing phpMyAdmin on GCP via an SSH Tunnel on your Mac.

In order to access phpMyadmin on a WordPress Bitnami stack from Google Cloud Compute you need to do this using an SSH tunnel. On the WordPress Bitnami stack, phpMyAdmin is blocked from the public and only accessible from the localhost. This is where SSH tunnel comes in. Basically you access the localhost on a particular port on your computer that forwards that information to the remote server on an encrypted channel and then the remote server sends the content back to the local computer.

Here is an illustration on how that access is provided via the SSH tunnel.

Another example of using SSH tunnel is when a website is blocked from your company firewall or proxy filter, you can use SSH tunnel to bypass the proxy and connect to a remote computer that has no restriction and can access the blocked website.

With that said, lets connect via SSH tunnel on your Mac.

  1. Open the terminal and change directory to where your private key is located
  2. Type in following, replace the private key name, user and IP to match yours. Enter passphrase when prompted.
    • ssh -N -L 8888:127.0.0.1:80 -i <keyfile> <username>@<ip>
  3. If successful it would not prompt any errors. If you want to login to the instance you can strip out the -N parameter.
    • ssh  -L 8888:127.0.0.1:80 -i <keyfile> <username>@<ip>
  4. Open your brower and enter 127.0.0.1:8888/phpMyAdmin
  5. You should be able to view phpMyAdmin

 

Here is a video I made for the process.

 

That should be it. If you have questions or comments please use the section below and feel free to subscribe to my youtube channel.