Template:Nginx/New Site: Difference between revisions

Description

Example

{{Nginx/New Site|domain=mysite.example.org|config=server {
    include snippets/listen-http.conf;
    server_name mysite.example.org;

    access_log /var/log/nginx/mysite.access.log;
    error_log /var/log/nginx/mysite.error.log info;

    include snippets/acme-challenge.conf;
    include snippets/https-permanent-redirect.conf;
}

server {
    include snippets/listen-https.conf;
    server_name mysite.example.org;

    access_log /var/log/nginx/mysite.access.log;
    error_log /var/log/nginx/mysite.error.log info;

    include snippets/acme-challenge.conf;
    #include snippets/ssl.conf;
    #ssl_certificate      /etc/letsencrypt/live/mysite.example.org/fullchain.pem;
    #ssl_certificate_key  /etc/letsencrypt/live/mysite.example.org/privkey.pem;
    #more_set_headers "Strict-Transport-Security: max-age=31536000";

    root /var/www/mysite;
} }}

1. Create the config file /etc/nginx/sites-available/mysite.example.org

   server {
       include snippets/listen-http.conf;
       server_name mysite.example.org;
   
       access_log /var/log/nginx/mysite.access.log;
       error_log /var/log/nginx/mysite.error.log info;
   
       include snippets/acme-challenge.conf;
       include snippets/https-permanent-redirect.conf;
   }
   
   server {
       include snippets/listen-https.conf;
       server_name mysite.example.org;
   
       access_log /var/log/nginx/mysite.access.log;
       error_log /var/log/nginx/mysite.error.log info;
   
       include snippets/acme-challenge.conf;
       #include snippets/ssl.conf;
       #ssl_certificate      /etc/letsencrypt/live/mysite.example.org/fullchain.pem;
       #ssl_certificate_key  /etc/letsencrypt/live/mysite.example.org/privkey.pem;
       #more_set_headers "Strict-Transport-Security: max-age=31536000";
   
       root /var/www/mysite;
   }
   

2. Activate the configuration with

   # ln -s /etc/nginx/sites-available/mysite.example.org /etc/nginx/sites-enabled/
   # service nginx reload
   

3. Edit file /usr/local/sbin/renew_certificates and add the following to the config list

   {
       'domains': ['mysite.example.org'],
       'reload': [['service', 'nginx', 'reload']]
   }
   

4. Get your certificate

   $ sudo /usr/local/sbin/certmanage
   Renewing certificate for mysite.example.org that will expire on 0001-01-01
   
   Saving debug log to /var/log/letsencrypt/letsencrypt.log
   Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org
   Obtaining a new certificate
   Performing the following challenges:
   http-01 challenge for mysite.example.org
   Using the webroot path /var/www/acme-challenge for all unmatched domains.
   Waiting for verification...
   Cleaning up challenges
   Generating key (2048 bits): /etc/letsencrypt/keys/1764_key-certbot.pem
   Creating CSR: /etc/letsencrypt/csr/1764_csr-certbot.pem
   
   IMPORTANT NOTES:
    - Congratulations! Your certificate and chain have been saved at
      /etc/letsencrypt/live/mysite.example.org/fullchain.pem. Your cert
      will expire on 2025-07-22. To obtain a new or tweaked version of
      this certificate in the future, simply run certbot again. To
      non-interactively renew *all* of your certificates, run "certbot
      renew"
    - If you like Certbot, please consider supporting our work by:
   
      Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
      Donating to EFF:                    https://eff.org/donate-le
   
   Restarting services:
   service nginx restart
   

5. Uncomment the ssl related lines in /etc/nginx/sites-available/mysite.example.org and run

   # service nginx reload