Installing SSL (LetsEncrypt or other)
Install certbot
sudo apt install certbot python3-certbot-nginx
Make file /etc/nginx/sites-enabled/grusher look like this
Replace YOUR_URL in config on your real URL (like grusher.in.ua)
server {
root /var/www/html;
server_name YOUR_URL;
charset utf-8;
# We will be use main settings in /var/www/html/.nginx
include /var/www/html/.nginx;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/YOUR_URL/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/YOUR_URL/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
if ($scheme != "https") {
return 302 https://$host$request_uri;
} # managed by Certbot
}
server {
server_name YOUR_URL;
charset utf-8;
listen 8443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/YOUR_URL/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/YOUR_URL/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_pass http://127.0.0.1:8080/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
}
}
Change on config/grusher_modules.php port in web_socket_port_for_web on 8443
sudo nginx -t
sudo systemctl reload nginx
Setting Firewall (if enabled)
sudo ufw status
Output
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Nginx HTTP ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Nginx HTTP (v6) ALLOW Anywhere (v6)
sudo ufw allow 'Nginx Full'
sudo ufw delete allow 'Nginx HTTP'
sudo ufw status
Output
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Nginx Full ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
Installing cert
sudo certbot --nginx -d example.com -d www.example.com
Manual update cert
sudo certbot renew --dry-run
No comments to display
No comments to display