SSL/TLS Setup Guide for the Forensic OSINT Backend (Windows Server)

This guide will walk you through the process of enabling SSL/TLS for secure communication between the Forensic OSINT backend and the Chrome Extension on a Windows Server. You can choose between using NGINX or IIS (Internet Information Services) for SSL termination.

Option A: Setting Up SSL with NGINX on Windows

1. Install NGINX on Windows

Download the NGINX Windows binaries and extract them to C:\nginx\ or your preferred directory.

2. Generate SSL Certificates

Generate a self-signed certificate or use an existing SSL certificate from a Certificate Authority (CA).

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout C:\nginx\ssl\selfsigned.key -out C:\nginx\ssl\selfsigned.crt

3. Configure NGINX for SSL

Edit the nginx.conf file and add the following configuration:

server {
            listen 443 ssl;
            server_name your-domain.com;
        
            ssl_certificate C:/nginx/ssl/selfsigned.crt;
            ssl_certificate_key C:/nginx/ssl/selfsigned.key;
        
            ssl_protocols TLSv1.2 TLSv1.3;
            ssl_ciphers HIGH:!aNULL:!MD5;
        
            location / {
                proxy_pass http://localhost:65200;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
            }
        
        }
        
        server {
            listen 80;
            server_name your-domain.com;
        
            return 301 https://$host$request_uri;
        }

4. Start NGINX

Open Command Prompt as Administrator, navigate to the NGINX directory, and start the service:

cd C:\nginx\
  start nginx

Option B: Setting Up SSL with IIS on Windows Server

1. Install IIS and SSL

Use the Server Manager to install IIS and the required SSL features. Navigate to Manage > Add Roles and Features and ensure the following are selected:

Web Server (IIS)
IIS Management Console
SSL and other security features

2. Create or Install an SSL Certificate

To create a self-signed certificate, use IIS Manager:

In IIS Manager > Server Certificates > Create Self-Signed Certificate

Enter a friendly name and select "OK".

3. Bind the SSL Certificate to Your Site

In IIS Manager, select your site, then click Edit Bindings. Add a new binding for https, and select your SSL certificate.

4. Set Up Reverse Proxy

Install the Application Request Routing (ARR) module from the IIS site. Then, configure a reverse proxy to forward traffic to http://localhost:65200.

5. Configure the Chrome Extension

Update the Chrome Extension's Backend URL to point to the HTTPS URL:

https://your-domain.com:443

Security Tips

Ensure that strong SSL ciphers are used for both NGINX and IIS.
Renew SSL certificates regularly if using Let’s Encrypt.
Limit access to the backend to trusted IP addresses.

OSINT Roundup:The Friday 5 Newsletter