How to set up my own domain instead of Zima subdomain

Tutorials and Guides Miscellaneous
1

Let’s say you have signed up your zima subdomain: abcd.zima.cloud

Let’s say you have a domain: customname.com (fictional domain)
and you want your users to access zima using your domain instead of Zima subdomain.

Let’s say you want your users to access Zima by writing in their browser: customname.com or clients.customname.com

Both options are possible. The guide below will help you redirect your custom domain to your Zima subdomain.

You will need to:

  • Configure a web server with an iframe.
  • Add a DNS record for your own domain to point to web server IP Address.
  • Create an SSL certificate for your server with Let’s Encrypt.

Web Server Setup:

Assuming you have a Ubuntu Server with LAMP stack installed, perform the following steps.
Use sudo nano to create or edit config files.

1- Create /var/www/html/subdomain/index.php with the following:

Replace yoursubdomain.zima.cloud in the div section below with your Zima subdomain.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
    <head>
        <title>Test Layout</title>
        <style type="text/css">
            body, html
            {
                margin: 0; padding: 0; height: 100%; overflow: hidden;
            }

            #content
            {
                position:absolute; left: 0; right: 0; bottom: 0; top: 0px; 
            }
        </style>
    </head>
    <body>
        <div id="content">
            <iframe width="100%" height="100%" frameborder="0" src="https://yoursubdomain.zima.cloud" />
        </div>
    </body>
</html>

2- Edit /etc/apache2/sites-available/default-ssl.conf

To backup the file before editing, use the command:
sudo cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/default-ssl.conf.bak

<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerAdmin your_email@example.com
                ServerName your_own_domain

                DocumentRoot /var/www/html/subdomain/

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                SSLEngine on
                SSLCertificateFile    /etc/letsencrypt/live/your_own_domain/fullchain.pem
                SSLCertificateKeyFile /etc/letsencrypt/live/your_own_domain/privkey.pem

                <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                SSLOptions +StdEnvVars
                </FilesMatch>
                <Directory /usr/lib/cgi-bin>
                                SSLOptions +StdEnvVars
                </Directory>

        </VirtualHost>
</IfModule>

3- Edit /etc/apache2/sites-available/000-default.conf:

<VirtualHost *:80>

	ServerAdmin your_email@example.com
	ServerName your_own_domain

	Redirect "/" "https://your_own_domain/"

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

4- Run these commands:

sudo a2enmod ssl
sudo a2enmod headers
sudo a2ensite default-ssl
sudo a2enconf ssl-params
sudo apache2ctl configtest

Result:

AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Syntax OK

5- Restart apache2:

sudo systemctl restart apache2

DNS Record

At your DNS Provider, create the following record:

  • Name: @ or www or subdomain
  • Type: A
  • Value: your public ip address
  • TTL: 1 hour

Make sure to forward port 80 and 443 to your web server, if hosted on-premises.

Creating the SSL Certificate

Prerequisites and detailed steps: How To Secure Apache with Let's Encrypt on Ubuntu 18.04 | DigitalOcean

1- Install Certbot:

sudo add-apt-repository ppa:certbot/certbot
sudo apt install python-certbot-apache

2- Obtain Certificate:

sudo certbot --apache -d your_own_domain

Type 1 (no redirect) since the step was already done before.

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/your_own_domain/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/your_own_domain/privkey.pem
   Your cert will expire on 2018-07-23. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
  • Make sure /etc/apache2/sites-available/default-ssl.conf file matches with the output above:

SSLCertificateFile /etc/letsencrypt/live/your_own_domain/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/your_own_domain/privkey.pem

  • Restart apache2 if you made any changes to default-ssl.conf:
sudo systemctl restart apache2

3- Verify Certbot Auto-Renewal

sudo certbot renew --dry-run
1 Like