Template:Nginx/New Site
From wiki
Description
No description.
Parameter | Description | Type | Status | |
---|---|---|---|---|
Domain | domain | no description
| String | required |
Config | config | Nginx configuration file | Content | required |
Example
{{Nginx/New Site|domain=mysite.example.org|config=server {
include snippets/listen-http.conf;
server_name mysite.example.org;
access_log /var/log/nginx/mysite.access.log;
error_log /var/log/nginx/mysite.error.log info;
include snippets/acme-challenge.conf;
include snippets/https-permanent-redirect.conf;
}
server {
include snippets/listen-https.conf;
server_name mysite.example.org;
access_log /var/log/nginx/mysite.access.log;
error_log /var/log/nginx/mysite.error.log info;
include snippets/acme-challenge.conf;
#include snippets/ssl.conf;
#ssl_certificate /etc/letsencrypt/live/mysite.example.org/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/mysite.example.org/privkey.pem;
#more_set_headers "Strict-Transport-Security: max-age=31536000";
root /var/www/mysite;
} }}
- Create the config file
/etc/nginx/sites-available/mysite.example.org
server { include snippets/listen-http.conf; server_name mysite.example.org; access_log /var/log/nginx/mysite.access.log; error_log /var/log/nginx/mysite.error.log info; include snippets/acme-challenge.conf; include snippets/https-permanent-redirect.conf; } server { include snippets/listen-https.conf; server_name mysite.example.org; access_log /var/log/nginx/mysite.access.log; error_log /var/log/nginx/mysite.error.log info; include snippets/acme-challenge.conf; #include snippets/ssl.conf; #ssl_certificate /etc/letsencrypt/live/mysite.example.org/fullchain.pem; #ssl_certificate_key /etc/letsencrypt/live/mysite.example.org/privkey.pem; #more_set_headers "Strict-Transport-Security: max-age=31536000"; root /var/www/mysite; }
- Activate the configuration with
# ln -s /etc/nginx/sites-available/mysite.example.org /etc/nginx/sites-enabled/ # service nginx reload
- Edit file
/usr/local/sbin/renew_certificates
and add the following to the config list{ 'domains': ['mysite.example.org'], 'reload': [['service', 'nginx', 'reload']] }
- Get your certificate
$ sudo /usr/local/sbin/certmanage Renewing certificate for mysite.example.org that will expire on 0001-01-01 Saving debug log to /var/log/letsencrypt/letsencrypt.log Starting new HTTPS connection (1): acme-v01.api.letsencrypt.org Obtaining a new certificate Performing the following challenges: http-01 challenge for mysite.example.org Using the webroot path /var/www/acme-challenge for all unmatched domains. Waiting for verification... Cleaning up challenges Generating key (2048 bits): /etc/letsencrypt/keys/1764_key-certbot.pem Creating CSR: /etc/letsencrypt/csr/1764_csr-certbot.pem IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/mysite.example.org/fullchain.pem. Your cert will expire on 2025-02-22. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le Restarting services: service nginx restart
- Uncomment the ssl related lines in
/etc/nginx/sites-available/mysite.example.org
and run# service nginx reload