nathan
/
references
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add info on a basic nginx setup

Browse Source
master
Nathan Steel 5 years ago
parent 8747f62cf8
commit 58973d13c8
2 changed files with 94 additions and 0 deletions
Show Stats Download Patch File Download Diff File

32
server/nginx_webserver/https_ssl.md
Unescape Escape View File

@ -0,0 +1,32 @@
# HTTPS/SSL
To make your website safer.
It's also good for SEO, and having people actually be willing to us your site.
## Install certbot
And it's nginx module
`apt install python3-certbot-nginx`
## Start certbot
`certbot --nginx`
This will ask for an email, for renewals
`certbot --nginx --register-unsafely-without-email`
This will not ask for an email (although it's probably a good idea to use one)
Read the terms and accept what you want. E.g. if you don't want to give
your email to anyone, deny that.
When it asks for auto redirects, select option 2
### Apply SSL changes (if 2 selected)
`systemctl reload nginx`
## Automatic SSL certificated renewal
With a crontab
`crontab -e`
Add a line containing
`0 0 1 * * certbot --nginx renew`
Every 1 month, it will try to renew your SSL certificates

62
server/nginx_webserver/nginx.md
Unescape Escape View File

@ -0,0 +1,62 @@
# Nginx
## Install
`apt install nginx`
## Make the site directory, and index
`mkdir /var/www/<website>'
'touch /var/www/<website>/index.html'
### Git
If you're using git VC for the website then after making the directory
just `git clone <repo>` and checkout the appropriate release/branch.
## Make a config
`vim /etc/nginx/sites-available/<website>`
### Basic config
`server {
listen 80 ;
listen [::]:80 ;
server_name <domain>, www.<domain> ;
root /var/www/<website> ;
index index.html index.htm ;
location / {
try_files $uri $uri/ =404 ;
}
}`
#### Basic description of above:
listen - listen to port 80 on ipv4 and ipv6
server_name - the website/url that someone connecting to the server is looking for
root - directory for the website (commonly kept in `/var/www/<websitename>`
index - the default file to load when connecting to the site. In order of desc priority
location - how the server should lookup files, if these aren't met throw a 404 error
#### Example Configs
Some examples can be found on nginx's site [here](https://www.nginx.com/resources/wiki/start/topics/examples/full/)
## Enable the site
This uses the config we build, by creating a symbolic link to it.
`ln -s /etc/nginx/sites-available/<website> /etc/nginx/sites-enabled/<website>`
### Restart nginx
`sudo systemctl reload nginx`
Using reload will not restart the service if a config is incorrect, so this is
generally safer, especially in a working environment.
## Allow http traffic
If you've not got a firewall installed, this can be ignored. If you do, for
example after installing adar's _base you're going to want to allow traffic.
Http
`ufw allow 80`
Https (recommended, all sites need SSL these days)
`ufw allow 443`
## WIP
## Internal address
Edit `/etc/hosts` line `127.0.0.1 localhost` to `127.0.0.1 \*.localhost`
Edit `.../sites-available/<website>` server_name and add <address>,localhost
Write Preview
Loading…
Cancel
Save