Oracle VM + Cloudflare + Nginx HTTPS Setup

A short checklist I use to bring up a public site on an Oracle VM, fronted by Cloudflare, with HTTPS via Let’s Encrypt.

1) Oracle dashboard networking

Path: /overview/instances/instance

  1. In Default Route Table / Route Rules, make sure you have 0.0.0.0/0 -> Internet Gateway.
  2. In Networking / subnet / security / security list, allow inbound 0.0.0.0/0 for ports 80 and 443.

2) Cloudflare

  1. Add your A record in DNS.
  2. Set SSL/TLS mode to Full (strict).

3) VM setup

  1. Install Let’s Encrypt with Certbot.
  2. Configure Nginx with HTTP to HTTPS redirect and TLS site config.
server {
    listen 80;
    server_name foobar.baz www.foobar.baz;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name foobarbaz.win www.foobar.baz;

    root /var/www/example;
    index index.html;

    ssl_certificate /etc/letsencrypt/live/foobar.baz/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/foobar.baz/privkey.pem;

    location / {
        try_files $uri $uri/ =404;
    }
}

4) VM firewall

sudo iptables -I INPUT -p tcp --dport 80 -m state --state NEW -j ACCEPT
sudo iptables -I INPUT -p tcp --dport 443 -m state --state NEW -j ACCEPT