|
Size: 2877
Comment:
|
Size: 4988
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 144: | Line 144: |
== test.example.org == {{{#!highlight sh # SSL/TLS cert sudo bash mkdir -p /var/www/test.example.org/ echo "<html><body>Hello test</body></html>" > /var/www/test.example.org/index.html # create getssl configuration files and folder for test.example.org ./getssl -c test.example.org # edit config file nano ~/.getssl/test.example.org/getssl.cfg }}} {{{#!highlight sh # specify correct ACL option CA="https://acme-v02.api.letsencrypt.org" ACL=('/var/www/test.example.org/.well-known/acme-challenge') }}} {{{#!highlight sh nano /etc/nginx/sites-enabled/test.example.org | grep -v "#" }}} {{{#!highlight sh server { listen 80; server_name test.example.org; root /var/www/test.example.org; } }}} {{{#!highlight sh ./getssl test.example.org #Certificate saved in /root/.getssl/test.example.org/test.example.org.crt cp /root/.getssl/test.example.org/fullchain.crt /etc/ssl/certs/test_fullchain.crt cp /root/.getssl/test.example.org/test.example.org.key /etc/ssl/private/test_private.key nano /etc/nginx/sites-enabled/test.example.org | grep -v "#" }}} {{{#!highlight sh server { listen 80; return 301 https://test.example.org$request_uri; server_name test.example.org; root /var/www/test.example.org; } server { listen 443 ssl; server_name test.example.org; root /var/www/test.example.org; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers on; ssl_certificate /etc/ssl/certs/test_fullchain.crt; ssl_certificate_key /etc/ssl/private/test_private.key; } }}} {{{#!highlight sh curl -s https://test.example.org/ -vvv 2>&1 | grep -e "expire date" -e Host #* Host test.example.org:443 was resolved. #* expire date: Sep 10 12:31:58 2026 GMT #> Host: test.example.org cd /var/www/ chown www-data * -R chgrp www-data * -R nginx -t service nginx restart }}} |
Contents
nginx
Install on FreeBSD 10.3
- pkg install nginx
- /usr/local/etc/nginx/nginx.conf
load_module /usr/local/libexec/nginx/ngx_mail_module.so;
load_module /usr/local/libexec/nginx/ngx_stream_module.so;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root /usr/local/www/nginx;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/www/nginx-dist;
}
}
}
include /usr/local/etc/nginx/sslbalance.d/*;- /usr/local/etc/nginx/sslbalance.d/sslbalance.conf
stream{
upstream backend {
server 127.0.0.1:8443;
server 127.0.0.1:8444;
}
server {
listen 443;
proxy_pass backend;
}
}
Install on Slackware
nginx.conf with reverse proxy example
# nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root /var/www/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/html;
}
}
server{
listen 80;
server_name abc.example.org;
location / { proxy_pass http://127.0.0.1:8081; }
}
server {
listen 80;
server_name cde.example.org;
location / { proxy_pass http://127.0.0.1:8082; }
}
}
Reverse proxy with redirect from 80 t0 443
cat /etc/nginx/sites-enabled/example.org
server {
listen 80;
return 301 https://example.org$request_uri;
server_name example.org;
#root /var/www/example;
location / {
proxy_pass http://localhost:8888/;
}
}
server {
listen 443 ssl;
server_name example.org;
location / {
proxy_pass http://localhost:8888/;
}
ssl_certificate /etc/ssl/certs/example_fullchain.crt;
ssl_certificate_key /etc/ssl/private/example_private.key;
}
test.example.org
1 # SSL/TLS cert
2 sudo bash
3 mkdir -p /var/www/test.example.org/
4 echo "<html><body>Hello test</body></html>" > /var/www/test.example.org/index.html
5
6 # create getssl configuration files and folder for test.example.org
7 ./getssl -c test.example.org
8 # edit config file
9 nano ~/.getssl/test.example.org/getssl.cfg
1 nano /etc/nginx/sites-enabled/test.example.org | grep -v "#"
1 ./getssl test.example.org
2 #Certificate saved in /root/.getssl/test.example.org/test.example.org.crt
3 cp /root/.getssl/test.example.org/fullchain.crt /etc/ssl/certs/test_fullchain.crt
4 cp /root/.getssl/test.example.org/test.example.org.key /etc/ssl/private/test_private.key
5 nano /etc/nginx/sites-enabled/test.example.org | grep -v "#"
1 server {
2 listen 80;
3 return 301 https://test.example.org$request_uri;
4 server_name test.example.org;
5 root /var/www/test.example.org;
6 }
7
8 server {
9 listen 443 ssl;
10 server_name test.example.org;
11 root /var/www/test.example.org;
12 ssl_protocols TLSv1.2 TLSv1.3;
13 ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
14 ssl_prefer_server_ciphers on;
15 ssl_certificate /etc/ssl/certs/test_fullchain.crt;
16 ssl_certificate_key /etc/ssl/private/test_private.key;
17 }
