diff --git a/server/nginx_webserver/https_ssl.md b/server/nginx_webserver/https_ssl.md new file mode 100644 index 0000000..1a5c017 --- /dev/null +++ b/server/nginx_webserver/https_ssl.md @@ -0,0 +1,32 @@ +# HTTPS/SSL + +To make your website safer. +It's also good for SEO, and having people actually be willing to us your site. + +## Install certbot +And it's nginx module +`apt install python3-certbot-nginx` + +## Start certbot +`certbot --nginx` +This will ask for an email, for renewals +`certbot --nginx --register-unsafely-without-email` +This will not ask for an email (although it's probably a good idea to use one) + +Read the terms and accept what you want. E.g. if you don't want to give +your email to anyone, deny that. + +When it asks for auto redirects, select option 2 + +### Apply SSL changes (if 2 selected) +`systemctl reload nginx` + +## Automatic SSL certificated renewal +With a crontab + +`crontab -e` + +Add a line containing +`0 0 1 * * certbot --nginx renew` +Every 1 month, it will try to renew your SSL certificates + diff --git a/server/nginx_webserver/nginx.md b/server/nginx_webserver/nginx.md new file mode 100644 index 0000000..b3df419 --- /dev/null +++ b/server/nginx_webserver/nginx.md @@ -0,0 +1,62 @@ +# Nginx + +## Install +`apt install nginx` + +## Make the site directory, and index +`mkdir /var/www/' +'touch /var/www//index.html' +### Git +If you're using git VC for the website then after making the directory +just `git clone ` and checkout the appropriate release/branch. + +## Make a config +`vim /etc/nginx/sites-available/` + +### Basic config +`server { + listen 80 ; + listen [::]:80 ; + server_name , www. ; + root /var/www/ ; + index index.html index.htm ; + location / { + try_files $uri $uri/ =404 ; + } +}` + +#### Basic description of above: +listen - listen to port 80 on ipv4 and ipv6 +server_name - the website/url that someone connecting to the server is looking for +root - directory for the website (commonly kept in `/var/www/` +index - the default file to load when connecting to the site. In order of desc priority +location - how the server should lookup files, if these aren't met throw a 404 error + +#### Example Configs +Some examples can be found on nginx's site [here](https://www.nginx.com/resources/wiki/start/topics/examples/full/) + + +## Enable the site +This uses the config we build, by creating a symbolic link to it. +`ln -s /etc/nginx/sites-available/ /etc/nginx/sites-enabled/` + +### Restart nginx +`sudo systemctl reload nginx` +Using reload will not restart the service if a config is incorrect, so this is +generally safer, especially in a working environment. + +## Allow http traffic +If you've not got a firewall installed, this can be ignored. If you do, for +example after installing adar's _base you're going to want to allow traffic. + +Http +`ufw allow 80` +Https (recommended, all sites need SSL these days) +`ufw allow 443` + +## WIP + +## Internal address +Edit `/etc/hosts` line `127.0.0.1 localhost` to `127.0.0.1 \*.localhost` +Edit `.../sites-available/` server_name and add
,localhost +