Difference between revisions of "Template:Nginx/New Site"
From wiki
(Fix syntaxhighlight blocks) |
m (Json uses double quotes) |
||
| (8 intermediate revisions by the same user not shown) | |||
| Line 21: | Line 21: | ||
== Example == | == Example == | ||
| − | < | + | === Code === |
| + | <syntaxhighlight lang="text">{{Nginx/New Site|domain=mysite.example.org|config=server { | ||
include snippets/listen-http.conf; | include snippets/listen-http.conf; | ||
server_name mysite.example.org; | server_name mysite.example.org; | ||
| Line 43: | Line 44: | ||
#ssl_certificate /etc/letsencrypt/live/mysite.example.org/fullchain.pem; | #ssl_certificate /etc/letsencrypt/live/mysite.example.org/fullchain.pem; | ||
#ssl_certificate_key /etc/letsencrypt/live/mysite.example.org/privkey.pem; | #ssl_certificate_key /etc/letsencrypt/live/mysite.example.org/privkey.pem; | ||
| − | # | + | #include snippets/hsts.conf; |
| + | |||
| + | include snippets/security-headers.conf; | ||
| + | include snippets/x-frame-options-deny.conf; | ||
root /var/www/mysite; | root /var/www/mysite; | ||
| − | } }} | + | } }}</syntaxhighlight> |
| − | </ | ||
| + | === Result === | ||
{{Nginx/New Site|domain=mysite.example.org|config=server { | {{Nginx/New Site|domain=mysite.example.org|config=server { | ||
include snippets/listen-http.conf; | include snippets/listen-http.conf; | ||
| Line 71: | Line 75: | ||
#ssl_certificate /etc/letsencrypt/live/mysite.example.org/fullchain.pem; | #ssl_certificate /etc/letsencrypt/live/mysite.example.org/fullchain.pem; | ||
#ssl_certificate_key /etc/letsencrypt/live/mysite.example.org/privkey.pem; | #ssl_certificate_key /etc/letsencrypt/live/mysite.example.org/privkey.pem; | ||
| − | # | + | #include snippets/hsts.conf; |
| + | |||
| + | include snippets/security-headers.conf; | ||
| + | include snippets/x-frame-options-deny.conf; | ||
root /var/www/mysite; | root /var/www/mysite; | ||
| Line 77: | Line 84: | ||
</noinclude><includeonly># Create the config file <code>/etc/nginx/sites-available/{{{domain}}}</code>{{#tag:syntaxhighlight|{{{config}}}|lang="nginx"}} | </noinclude><includeonly># Create the config file <code>/etc/nginx/sites-available/{{{domain}}}</code>{{#tag:syntaxhighlight|{{{config}}}|lang="nginx"}} | ||
# Activate the configuration with{{#tag:syntaxhighlight| | # Activate the configuration with{{#tag:syntaxhighlight| | ||
| − | + | $ sudo nginx_modsite -e {{{domain}}} | |
| − | + | Would you like to reload the Nginx configuration now? (Y/n) Y | |
|lang="console"}} | |lang="console"}} | ||
| − | # Edit file <code>[[Let’s Encrypt#Renewal Script|/usr/local/ | + | # Edit file <code>[[Let’s Encrypt#Renewal Script|/usr/local/etc/certmanage/main.json]]</code> and add the following to the list{{#tag:syntaxhighlight| |
{ | { | ||
| − | + | "domains": ["{{{domain}}}"], | |
| − | + | "reload": [["/bin/systemctl", "reload", "nginx.service"]] | |
} | } | ||
|lang="python"}} | |lang="python"}} | ||
| − | # Get your certificate{{Let’s Encrypt/New Cert Command|domain = {{{domain}}}|command = service | + | # Get your certificate{{Let’s Encrypt/New Cert Command|domain = {{{domain}}}|command = systemctl reload nginx.service}} |
# Uncomment the ssl related lines in <code>/etc/nginx/sites-available/{{{domain}}}</code> and run<syntaxhighlight lang="console"> | # Uncomment the ssl related lines in <code>/etc/nginx/sites-available/{{{domain}}}</code> and run<syntaxhighlight lang="console"> | ||
| − | + | $ sudo systemctl reload nginx.service | |
</syntaxhighlight></includeonly> | </syntaxhighlight></includeonly> | ||
Latest revision as of 10:00, 2 April 2017
Description
No description.
| Parameter | Description | Type | Status | |
|---|---|---|---|---|
| Domain | domain | no description
| String | required |
| Config | config | Nginx configuration file | Content | required |
Example
Code
{{Nginx/New Site|domain=mysite.example.org|config=server {
include snippets/listen-http.conf;
server_name mysite.example.org;
access_log /var/log/nginx/mysite.access.log;
error_log /var/log/nginx/mysite.error.log info;
include snippets/acme-challenge.conf;
include snippets/https-permanent-redirect.conf;
}
server {
include snippets/listen-https.conf;
server_name mysite.example.org;
access_log /var/log/nginx/mysite.access.log;
error_log /var/log/nginx/mysite.error.log info;
include snippets/acme-challenge.conf;
#include snippets/ssl.conf;
#ssl_certificate /etc/letsencrypt/live/mysite.example.org/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/mysite.example.org/privkey.pem;
#include snippets/hsts.conf;
include snippets/security-headers.conf;
include snippets/x-frame-options-deny.conf;
root /var/www/mysite;
} }}
Result
- Create the config file
/etc/nginx/sites-available/mysite.example.orgserver { include snippets/listen-http.conf; server_name mysite.example.org; access_log /var/log/nginx/mysite.access.log; error_log /var/log/nginx/mysite.error.log info; include snippets/acme-challenge.conf; include snippets/https-permanent-redirect.conf; } server { include snippets/listen-https.conf; server_name mysite.example.org; access_log /var/log/nginx/mysite.access.log; error_log /var/log/nginx/mysite.error.log info; include snippets/acme-challenge.conf; #include snippets/ssl.conf; #ssl_certificate /etc/letsencrypt/live/mysite.example.org/fullchain.pem; #ssl_certificate_key /etc/letsencrypt/live/mysite.example.org/privkey.pem; #include snippets/hsts.conf; include snippets/security-headers.conf; include snippets/x-frame-options-deny.conf; root /var/www/mysite; }
- Activate the configuration with
$ sudo nginx_modsite -e mysite.example.org Would you like to reload the Nginx configuration now? (Y/n) Y
- Edit file
/usr/local/etc/certmanage/main.jsonand add the following to the list{ "domains": ["mysite.example.org"], "reload": [["/bin/systemctl", "reload", "nginx.service"]] }
- Get your certificate
$ sudo /usr/local/sbin/certmanage Renewing certificate for mysite.example.org that will expire on 0001-01-01 Saving debug log to /var/log/letsencrypt/letsencrypt.log Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org Obtaining a new certificate Performing the following challenges: http-01 challenge for mysite.example.org Using the webroot path /var/www/acme-challenge for all unmatched domains. Waiting for verification... Cleaning up challenges Generating key (2048 bits): /etc/letsencrypt/keys/1764_key-certbot.pem Creating CSR: /etc/letsencrypt/csr/1764_csr-certbot.pem IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/mysite.example.org/fullchain.pem. Your cert will expire on 2025-02-18. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le Restarting services: systemctl reload nginx.service
- Uncomment the ssl related lines in
/etc/nginx/sites-available/mysite.example.organd run$ sudo systemctl reload nginx.service
