DigitalOcean Zabbix (SSL) with NGINX and Certbot

The default Zabbix image from DigitalOcean installs Zabbix on CentOS without an SSL. This tutorial will show you how to set up an SSL using Let’s Encrypt Certbot. I expect that you are comfortable in Vim and general Linux administration.

Install Vim

Install Let’s Encrypt Certbot

Modify NGINX Config for Certbot

This will be needed to be added to the server block in the NGINX config. This file is located at: /etc/nginx/conf.d/zabbix.conf

Set Up Certbot SSL

There are many ways to run Certbot but in this example we will use the webroot plugin to validate ownership of the web server using the http method.

NGINX Config for SSL

It’s probably going to be easier to modify the server block for http (80) and convert that to the http 443 server block than to copy and move things around. The next set of instructions will be to force SSL using the http (80) server block configuration.

NGINX Server Block for SSL

Auto Renewal for SSL

// TODO

Allow 443 Through Firewall

After everything is set up it still won’t work. We need to allow HTTPS (TCP 443) through the firewall of CentOS.

You can check and see what is blocked and allowed by using this command.

Finally!

Hope this helps!