How To Configure GoCD with Let's Encrypt SSL Certificates on Ubuntu 16.04

GoCD is an open source continuous delivery service that helps organizations increase productivity and deliver high quality through automation. It is a flexible tool that can help teams deliver well-tested software to production environments.

In this guide, we will configure GoCD to use a trusted Let's Encrypt SSL certificate to prevent browser warnings when accessing the web interface.

You will need to have a GoCD server configured on Ubuntu 16.04, you will need to configure one before starting this guide. The base server requires at least 2G of RAM and 2 CPU cores. GoCD also needs a dedicated partition or disk to use for artifact storage. You will need to have a domain name to acquire an SSL certificate from Let's Encrypt.

Configuring Nginx

sudo nano /etc/nginx/sites-available/default

Open a new upsteam section outside of the server block at the top of the file:

upstream gocd {
server aaa.a.a.a:aaaa;} server {
. . .

Replace aaa.a.a.a:aaaa; with the address that Nginx can use to contact GoCD's HTTP interface.

Now, comment out the try_ files directive in the location block, add a proxy pass to the gocd upstream we defined, using the http:// protocol in the place of try_files and include the proxy_params file.

. . . server . . . location / {
    #try_files $uri $uri/ =404;
    proxy_pass http://gocd;
    include proxy_params;

. . .

Save and close the file.

Check the Nginx configuration for syntax errors:

sudo nginx -t

If no errors are found, restart Nginx:

sudo systemctl restart nginx

Your GoCD web UI should now be accessible through your regular domain name with the https:// protocol.

Update the GoCD Site URL

Visit your GoCD server domain in your web browser and log in if necessary:

Click ADMIN in the top menu bar and select Server Configuration from the drop down menu:

In the Server Management section, modify the Site URL to remove the :8154 port specification from the end. If you were using an IP address instead of a domain name previously, change the URL to use your domain name as well:

Scroll down to the bottom of the page and click **SAVE **to implement the change immediately. Your site is now set up to proxy all requests for your domain through Nginx to the GoCD web UI.