Skip to main content

Secure Sparrow Services with SSL

Step 1: Run the Setup Script

Connect to EC2 Instance via ssh

Navigate to the directory where the setup_nginx_proxy_ssl.sh script is located and run the following command:

cd /home
./setup_nginx_proxy_ssl.sh

Once executed, you’ll see a welcome message and a list of services:

========================================
 Welcome to Sparrow 
========================================
Let's begin with your domain setup.
Choose what you need to setup from the options below:
Note: Services marked with ✔ already have domain, SSL and NGINX configured.
[1] Backend [PORT: 9000]
[2] Socket [PORT: 9001] ✔ (sparrowsocket.test.com)
[3] App [PORT: 1422] ✔ (sparrowapp.test.com)
[4] Auth [PORT: 1421]
[5] Proxy [PORT: 3000]
[6] Exit

Step 2: Select the Service to Configure

  • When prompted, enter the number corresponding to the service you want to configure (e.g., type 1 and press Enter to configure the Backend).

  • Services that are already configured will display a ✔ along with their domain name.

Step 3: Follow the Prompts

For unconfigured services, the script will guide you through:

  • Entering the domain name (e.g., sparrowauth.test.com)

  • The script will:

    • Create the NGINX configuration for that service

    • Enable the site and reload NGINX

    • Issue an SSL certificate using Let’s Encrypt

  • You will then be prompted to provide your email address for certificate management and alerts:

    Email

This email is used for urgent renewal notifications and security alerts from Let’s Encrypt.

  • You will also be prompted to accept the Let's Encrypt Terms of Service: [Press YES]

    Lets encrypt terms

  • You may also be asked if you'd like to share your email with the EFF: [Press YES]

    EFF

  • If everything goes well, you’ll see:

    Account register

Step 4: Verify Setup

Once the configuration is complete:

  • The selected service will be accessible via the configured domain

  • SSL will be enabled with a valid certificate

  • A ✔ will appear next to the service on future runs of the script

Tip: You can rerun the script at any time to configure remaining services or update existing domain mappings.