OS Update
freebsd-update fetch
freebsd-update install
Package update
pkg update
Install and configure NGINX
pkg install nginx
sysrc nginx_enable=YES
NGINX configuration - /usr/local/etc/nginx/nginx.conf
Web content location - /usr/local/www/nginx
Configuration of virtual hosts is documented at https://www.cyberciti.biz/faq/freebsd-nginx-namebased-virtual-hosting-configuration/
Config Example
# m4k.dpasek.com
server {
listen 80;
listen 443 ssl;
server_name m4k.dpasek.com;
ssl_certificate /usr/local/etc/letsencrypt/live/m4k.dpasek.com/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/m4k.dpasek.com/privkey.pem;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /home/dpasek/www/math4kids;
index index.html index.htm;
}
}
Other NGINX Resources
- Rewrite rules - https://www.nginx.com/blog/creating-nginx-rewrite-rules/
- rewrite ^(.*) https://www.example.com $1 permanent;
SSL Certificates with Letsencrypt.org
# Install certbot
pkg install py37-certbot
# Stop NGINX - this is needed to create new SSL certifiacate
service nginx stop
# Create new SSl Certificate
certbot certonly --standalone
or
certbot certonly --standalone -d example.com
or more domains
certbot certonly --standalone -d yourdomain.com -d www.yourdomain.com
# start NGINX
service nginx start
# SSL Certification renewal automation
put in /etc/periodic.conf
weekly_certbot_enable="YES"
weekly_certbot_service="nginx" # this will stop and start NGINX service during certification renewal
# for more info look at file /usr/local/etc/periodic/weekly/500.certbot-3.7
# Add the script to restart NGINX in case of certificate renewal
cd /usr/local/etc/letsencrypt/renewal-hooks/deploy/
vi reload_nginx.sh
#!/bin/sh
service nginx reload
:q!
chmod 755 reload_nginx.sh
No comments:
Post a Comment