5.5 KiB
5.5 KiB
DNS and SSL Deployment Summary
🎯 What's Ready
All configuration files and scripts have been created for deploying your site with SSL encryption at:
https://houseofprayer.ddns.net
📋 Prerequisites Checklist
Before running the deployment, verify:
- DNS record
houseofprayer.ddns.netpoints to this server's public IP - Router forwards ports 80 and 443 to this server
- Firewall allows incoming traffic on ports 80 and 443
- Backend and frontend are currently running (ports 8080 and 5100)
🚀 Quick Deployment
Run this single command to set everything up:
cd /media/pts/Website/Church_HOP_MusicData/new-site
sudo ./deploy.sh
This automated script will:
- ✅ Install systemd services (auto-start on boot)
- ✅ Obtain SSL certificate from Let's Encrypt
- ✅ Configure Nginx as reverse proxy
- ✅ Set up automatic SSL renewal
- ✅ Start all services
📁 Files Created
Configuration Files
nginx-ssl.conf- Nginx configuration with SSLchurch-music-backend.service- Backend systemd servicechurch-music-frontend.service- Frontend systemd service
Scripts
deploy.sh- Complete deployment automationsetup-ssl.sh- SSL certificate and Nginx setup only
Documentation
SSL_SETUP_GUIDE.md- Complete guide with troubleshootingCREDENTIALS.md- Login credentials for all users
🔧 What Was Updated
Backend CORS Settings
Updated to accept requests from:
- ✅
https://houseofprayer.ddns.net - ✅
http://houseofprayer.ddns.net - ✅
http://localhost:5100(development) - ✅
http://localhost:3000(development)
Nginx Configuration
- HTTP → HTTPS redirect
- WebSocket support for Vite HMR
- Proxy to backend (port 8080)
- Proxy to frontend (port 5100)
- Modern SSL/TLS settings (TLS 1.2, 1.3)
- Security headers (HSTS, X-Frame-Options, etc.)
- OCSP stapling
- Gzip compression
🔐 SSL Certificate Details
- Provider: Let's Encrypt (free)
- Validity: 90 days
- Auto-renewal: Daily check at 3 AM
- Protocols: TLS 1.2, TLS 1.3
- Cipher Suites: Modern, secure ciphers only
🌐 Access Points
After deployment:
| Service | Internal | External |
|---|---|---|
| Frontend | http://localhost:5100 | https://houseofprayer.ddns.net |
| Backend API | http://localhost:8080/api | https://houseofprayer.ddns.net/api |
| Direct Access | ✅ Works | ⚠️ Use domain instead |
📊 Service Management
View Service Status
sudo systemctl status church-music-backend
sudo systemctl status church-music-frontend
sudo systemctl status nginx
Restart Services
sudo systemctl restart church-music-backend
sudo systemctl restart church-music-frontend
sudo systemctl restart nginx
View Logs
# Backend
sudo journalctl -u church-music-backend -f
# Frontend
sudo journalctl -u church-music-frontend -f
# Nginx
sudo tail -f /var/log/nginx/church-music-*.log
✅ Testing Checklist
After deployment, test:
-
DNS Resolution
nslookup houseofprayer.ddns.net -
SSL Certificate
curl -I https://houseofprayer.ddns.net -
HTTP → HTTPS Redirect
curl -I http://houseofprayer.ddns.net # Should return 301 redirect to HTTPS -
API Endpoint
curl https://houseofprayer.ddns.net/api/stats -
Login Functionality
- Open: https://houseofprayer.ddns.net
- Login with: hop / hopmusic2025
- Verify all features work
-
SSL Rating (optional)
- Visit: https://www.ssllabs.com/ssltest/analyze.html?d=houseofprayer.ddns.net
- Expected: A or A+ rating
🛡️ Security Features Enabled
- ✅ HTTPS enforcement (HTTP redirects to HTTPS)
- ✅ HSTS (HTTP Strict Transport Security)
- ✅ Secure cipher suites only
- ✅ X-Frame-Options: DENY (prevents clickjacking)
- ✅ X-Content-Type-Options: nosniff
- ✅ X-XSS-Protection enabled
- ✅ OCSP stapling
- ✅ Rate limiting (1000 req/15min)
- ✅ Bcrypt password hashing
- ✅ JWT token authentication (7-day expiry)
⚠️ Important Notes
- First-time SSL Setup: Certificate generation takes 1-2 minutes
- DNS Propagation: If DNS was just updated, wait up to 24 hours
- Port Forwarding: Must be configured on your router
- Firewall: Must allow ports 80 and 443
- Email for SSL: Update in
setup-ssl.shbefore running
🔄 Next Steps
-
Before Deployment:
- Verify DNS points to this server
- Check router port forwarding
- Update email in
setup-ssl.sh(line 12)
-
Run Deployment:
sudo ./deploy.sh -
Test Everything:
- Access https://houseofprayer.ddns.net
- Test all login credentials
- Test biometric authentication
- Verify mobile responsiveness
-
Monitor:
- Check logs daily for first week
- Verify SSL auto-renewal works (after 60 days)
📞 Support Commands
# Quick status check
sudo systemctl status church-music-* nginx
# View all logs
sudo journalctl -xe
# Restart everything
cd /media/pts/Website/Church_HOP_MusicData/new-site
sudo ./deploy.sh
# SSL certificate info
sudo certbot certificates
# Renew SSL manually
sudo certbot renew --force-renewal
📚 Additional Documentation
- SSL_SETUP_GUIDE.md - Detailed SSL setup and troubleshooting
- CREDENTIALS.md - All user login credentials
Ready to Deploy?
cd /media/pts/Website/Church_HOP_MusicData/new-site
sudo ./deploy.sh
Last Updated: January 25, 2026