generated via plantuml
- install nginx :
sudo apt install nginx
- stop nginx :
sudo service stop nginx
- install letsencrypt certbot : (check here for other distros : https://certbot.eff.org/lets-encrypt/ubuntufocal-nginx)
sudo apt install snapd && sudo snap install --classic certbot
this example shows how to add a new app, served locally (via docker) on
127.0.0.1:8080
for the subdomainapp1.example.com
.
-
create a new file for this app :
sudo touch /etc/nginx/sites-available/YOUR_SUBDOMAIN
-
and activate this file :
sudo ln -s /etc/nginx/sites-available/YOUR_SUBDOMAIN /etc/nginx/sites-enabled/YOUR_SUBDOMAIN
-
then edit the file with :
sudo nano /etc/nginx/sites-available/YOUR_SUBDOMAIN
server {
server_name app1.example.com;
# HTTP configuration
listen 80;
listen [::]:80;
# HTTP to HTTPS
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
# HTTPS configuration
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/app1.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/app1.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_pass http://127.0.0.1:8080;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
}
don't worry if those files don't exist yet, they will be created in just a moment.
- Don't forget to change :
app1.example.com
by your (sub)domain- the info in
proxy_pass
- Run the next command to generate your certificates :
sudo certbot --nginx
- If you want to add another app (for another app/subdomain), simply repeat the process in
Adding a new app
.
- Create a new file in
/etc/cron.weekly
:sudo touch /etc/cron.weekly/certbot
- Make it executable :
sudo chmod +x /etc/cron.weekly/certbot
- And add this code :
#!/bin/sh
certbot renew
Great manual! Thank you for creating it.
However, I encountered some issues when following the instructions:
The lines in the Nginx configuration marked with # managed by Certbot should not be present before Certbot is installed. These lines will cause an error when you run sudo certbot --nginx.
Certbot will automatically add these lines when it installs the certificate.
Additionally, my domain name is only linked to an IPv4 address, so I needed to remove the line listen [::]:80;.
I hope this helps someone else.