Difference between revisions of "Template:Nginx/New Site"

From wiki
(Created page with "<noinclude> == Description == <templatedata> { "params": { "domain": { "label": "Domain", "example": "mysite.example.org", "type": "string", "required": true...")
 
(Fix syntaxhighlight blocks)
Line 19: Line 19:
 
}
 
}
 
</templatedata>
 
</templatedata>
</noinclude><includeonly>
+
== Example ==
# Create the config file <code>/etc/nginx/sites-available/{{{domain}}}</code><syntaxhighlight lang="nginx">{{{config}}}</syntaxhighlight>
+
 
# Activate the configuration with<syntaxhighlight lang="console">
+
<code><pre>{{Nginx/New Site|domain=mysite.example.org|config=server {
 +
    include snippets/listen-http.conf;
 +
    server_name mysite.example.org;
 +
 
 +
    access_log /var/log/nginx/mysite.access.log;
 +
    error_log /var/log/nginx/mysite.error.log info;
 +
 
 +
    include snippets/acme-challenge.conf;
 +
    include snippets/https-permanent-redirect.conf;
 +
}
 +
 
 +
server {
 +
    include snippets/listen-https.conf;
 +
    server_name mysite.example.org;
 +
 
 +
    access_log /var/log/nginx/mysite.access.log;
 +
    error_log /var/log/nginx/mysite.error.log info;
 +
 
 +
    include snippets/acme-challenge.conf;
 +
    #include snippets/ssl.conf;
 +
    #ssl_certificate      /etc/letsencrypt/live/mysite.example.org/fullchain.pem;
 +
    #ssl_certificate_key  /etc/letsencrypt/live/mysite.example.org/privkey.pem;
 +
    #more_set_headers "Strict-Transport-Security: max-age=31536000";
 +
 
 +
    root /var/www/mysite;
 +
} }}
 +
</pre></code>
 +
 
 +
{{Nginx/New Site|domain=mysite.example.org|config=server {
 +
    include snippets/listen-http.conf;
 +
    server_name mysite.example.org;
 +
 
 +
    access_log /var/log/nginx/mysite.access.log;
 +
    error_log /var/log/nginx/mysite.error.log info;
 +
 
 +
    include snippets/acme-challenge.conf;
 +
    include snippets/https-permanent-redirect.conf;
 +
}
 +
 
 +
server {
 +
    include snippets/listen-https.conf;
 +
    server_name mysite.example.org;
 +
 
 +
    access_log /var/log/nginx/mysite.access.log;
 +
    error_log /var/log/nginx/mysite.error.log info;
 +
 
 +
    include snippets/acme-challenge.conf;
 +
    #include snippets/ssl.conf;
 +
    #ssl_certificate      /etc/letsencrypt/live/mysite.example.org/fullchain.pem;
 +
    #ssl_certificate_key  /etc/letsencrypt/live/mysite.example.org/privkey.pem;
 +
    #more_set_headers "Strict-Transport-Security: max-age=31536000";
 +
 
 +
    root /var/www/mysite;
 +
} }}
 +
</noinclude><includeonly># Create the config file <code>/etc/nginx/sites-available/{{{domain}}}</code>{{#tag:syntaxhighlight|{{{config}}}|lang="nginx"}}
 +
# Activate the configuration with{{#tag:syntaxhighlight|
 
# ln -s /etc/nginx/sites-available/{{{domain}}} /etc/nginx/sites-enabled/
 
# ln -s /etc/nginx/sites-available/{{{domain}}} /etc/nginx/sites-enabled/
 
# service nginx reload
 
# service nginx reload
</syntaxhighlight>
+
|lang="console"}}
# Edit file <code>[[Let’s Encrypt#Renewal Script|/usr/local/sbin/renew_certificates]]</code> and add the following to the config list<syntaxhighlight lang="python">
+
# Edit file <code>[[Let’s Encrypt#Renewal Script|/usr/local/sbin/renew_certificates]]</code> and add the following to the config list{{#tag:syntaxhighlight|
 
{
 
{
 
     'domains': ['{{{domain}}}'],
 
     'domains': ['{{{domain}}}'],
 
     'reload': [['service', 'nginx', 'reload']]
 
     'reload': [['service', 'nginx', 'reload']]
 
}
 
}
</syntaxhighlight>
+
|lang="python"}}
 
# Get your certificate{{Let’s Encrypt/New Cert Command|domain = {{{domain}}}|command = service nginx restart}}
 
# Get your certificate{{Let’s Encrypt/New Cert Command|domain = {{{domain}}}|command = service nginx restart}}
 
# Uncomment the ssl related lines in <code>/etc/nginx/sites-available/{{{domain}}}</code> and run<syntaxhighlight lang="console">
 
# Uncomment the ssl related lines in <code>/etc/nginx/sites-available/{{{domain}}}</code> and run<syntaxhighlight lang="console">
 
# service nginx reload
 
# service nginx reload
 
</syntaxhighlight></includeonly>
 
</syntaxhighlight></includeonly>

Revision as of 21:33, 11 May 2016

Description

No description.

Template parameters

ParameterDescriptionTypeStatus
Domaindomain

no description

Example
mysite.example.org
Stringrequired
Configconfig

Nginx configuration file

Contentrequired

Example

{{Nginx/New Site|domain=mysite.example.org|config=server {
    include snippets/listen-http.conf;
    server_name mysite.example.org;

    access_log /var/log/nginx/mysite.access.log;
    error_log /var/log/nginx/mysite.error.log info;

    include snippets/acme-challenge.conf;
    include snippets/https-permanent-redirect.conf;
}

server {
    include snippets/listen-https.conf;
    server_name mysite.example.org;

    access_log /var/log/nginx/mysite.access.log;
    error_log /var/log/nginx/mysite.error.log info;

    include snippets/acme-challenge.conf;
    #include snippets/ssl.conf;
    #ssl_certificate      /etc/letsencrypt/live/mysite.example.org/fullchain.pem;
    #ssl_certificate_key  /etc/letsencrypt/live/mysite.example.org/privkey.pem;
    #more_set_headers "Strict-Transport-Security: max-age=31536000";

    root /var/www/mysite;
} }}
  1. Create the config file /etc/nginx/sites-available/mysite.example.org
    server {
        include snippets/listen-http.conf;
        server_name mysite.example.org;
    
        access_log /var/log/nginx/mysite.access.log;
        error_log /var/log/nginx/mysite.error.log info;
    
        include snippets/acme-challenge.conf;
        include snippets/https-permanent-redirect.conf;
    }
    
    server {
        include snippets/listen-https.conf;
        server_name mysite.example.org;
    
        access_log /var/log/nginx/mysite.access.log;
        error_log /var/log/nginx/mysite.error.log info;
    
        include snippets/acme-challenge.conf;
        #include snippets/ssl.conf;
        #ssl_certificate      /etc/letsencrypt/live/mysite.example.org/fullchain.pem;
        #ssl_certificate_key  /etc/letsencrypt/live/mysite.example.org/privkey.pem;
        #more_set_headers "Strict-Transport-Security: max-age=31536000";
    
        root /var/www/mysite;
    }
    
  2. Activate the configuration with
    # ln -s /etc/nginx/sites-available/mysite.example.org /etc/nginx/sites-enabled/
    # service nginx reload
    
  3. Edit file /usr/local/sbin/renew_certificates and add the following to the config list
    {
        'domains': ['mysite.example.org'],
        'reload': [['service', 'nginx', 'reload']]
    }
    
  4. Get your certificate
    $ sudo /usr/local/sbin/certmanage
    Renewing certificate for mysite.example.org that will expire on 0001-01-01
    
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
    Obtaining a new certificate
    Performing the following challenges:
    http-01 challenge for mysite.example.org
    Using the webroot path /var/www/acme-challenge for all unmatched domains.
    Waiting for verification...
    Cleaning up challenges
    Generating key (2048 bits): /etc/letsencrypt/keys/1764_key-certbot.pem
    Creating CSR: /etc/letsencrypt/csr/1764_csr-certbot.pem
    
    IMPORTANT NOTES:
     - Congratulations! Your certificate and chain have been saved at
       /etc/letsencrypt/live/mysite.example.org/fullchain.pem. Your cert
       will expire on 2025-02-19. To obtain a new or tweaked version of
       this certificate in the future, simply run certbot again. To
       non-interactively renew *all* of your certificates, run "certbot
       renew"
     - If you like Certbot, please consider supporting our work by:
    
       Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
       Donating to EFF:                    https://eff.org/donate-le
    
    Restarting services:
    service nginx restart
    
  5. Uncomment the ssl related lines in /etc/nginx/sites-available/mysite.example.org and run
    # service nginx reload