Final setup should consists of:
- NGINX (reverse proxy & static contents)
- Supports SSL (Let's Encrypt).
- Supports multiple domains, 1 IP.
- Apache 2.4 (Dynamic content: PHP)
- PHP 7.1
- MariaDB 10.1
You can skip certain parts if you don't need it.
- Create www directory if not exists yet:
sudo mkdir -p /var/www
- Give write permission:
sudo chmod -R 755 /var/www
- Create new directory for your subdomain:
sudo mkdir -p /var/www/domain.com/sub1/public
- Give ownership to current logged in user:
sudo chown $USER:$USER -R /var/www/domain.com/sub1/
- Install:
sudo yum install nginx -y
- If no package available, refer https://aws.amazon.com/premiumsupport/knowledge-center/ec2-enable-epel/
- Configure this file:
/etc/nginx/conf.d/default.conf
to something like this:server { listen 80; server_name sub1.domain.com; root /var/www/domain.com/sub1/public/; index index.php index.html index.htm; location / { try_files $uri $uri/ /index.php$uri$is_args$args; } location ~ \.php { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port 443; proxy_pass http://127.0.0.1:8080; } location ~ /\.ht { deny all; } }
- Auto-start NGINX on system start:
sudo chkconfig nginx on
- Install:
sudo yum install httpd24 -y
- If no package available, refer https://stackoverflow.com/questions/37940661/aws-rhel7-missing-packages
- Configure
/etc/httpd/conf/httpd.conf
as follows:Listen 8080
- Configure virtual hosts at
/etc/httpd/conf.d/vhosts.conf
:<VirtualHost 127.0.0.1:8080> ServerAdmin email@sub1.domain.com DocumentRoot /var/www/domain.com/sub1/public/ ServerName sub1.domain.com ErrorLog logs/sub1.domain.com-error_log CustomLog logs/sub1.domain.com-access_log common </VirtualHost>
- Auto-start Apache on system start:
sudo chkconfig httpd on
Follow: https://certbot.eff.org/lets-encrypt/centosrhel7-nginx
- Enable optional channel:
sudo yum -y install yum-utils sudo yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional
- Install certbot:
sudo yum install certbot-nginx
- Request cert:
sudo certbot --nginx
- Go through the wizard carefully.
- If all went well, your certs will be at
/etc/letsencrypt/live/sub1.domain.com/
and your/etc/nginx/conf.d/default.conf
has been updated by cerbot automatically.
- In the future, to renew:
certbot renew
- Install Certbot:
sudo yum install python27-devel git -y sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt sudo /opt/letsencrypt/letsencrypt-auto --debug
- Request cert:
sudo /opt/letsencrypt/letsencrypt-auto --authenticator standalone --installer nginx --pre-hook "nginx -s stop" --post-hook "nginx"
- Go through the wizard carefully.
- If all went well, your certs will be at
/etc/letsencrypt/live/sub1.domain.com/
and your/etc/nginx/conf.d/default.conf
has been updated by cerbot automatically.
- In the future, to renew:
sudo /opt/letsencrypt/letsencrypt-auto --authenticator standalone --installer nginx --pre-hook "nginx -s stop" --post-hook "nginx" renew
- Add yum repository. Create this file:
/etc/yum.repos.d/mariadb.repo
:- Refer https://mariadb.com/kb/en/library/yum/
- Repo Generator: https://downloads.mariadb.org/mariadb/repositories/
- Install:
sudo yum makecache sudo yum install MariaDB-server MariaDB-client -y
- If you install version
10.2
and above, the service name ismariadb
, otherwise it'smysql
- Start service:
sudo service mysql(or mariadb) start
- Secure your MariaDB installation:
sudo mysql_secure_installation
- Auto-start MariaDB on system start:
sudo chkconfig mysql(or mariadb) on
- Install:
sudo yum install php71 -y
- If no package available, try remi: https://rpms.remirepo.net/wizard/
- Install PHP Modules
- Run
yum search php71-
to search for available modules and just yum install it.
- Run
sudo service nginx start
sudo service httpd start
sudo service mysql(or mariadb) start
Once everything is working, you can start adding more (sub)domains.
- Create new directory for your subdomain:
sudo mkdir -p /var/www/domain.com/sub2/public
- Give ownership to current logged in user:
sudo chown $USER:$USER -R /var/www/domain.com/sub2/
- Edit
/etc/nginx/conf.d/default.conf
to add more domains, but without the ssl settings:# 1st domain settings are up here, don't remove server { ... } # 1st domain settings are up here, don't remove server { listen 80; server_name sub2.domain.com; root /var/www/domain.com/sub2/public/; index index.php index.html index.htm; location / { try_files $uri $uri/ /index.php$uri$is_args$args; } location ~ \.php { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port 443; proxy_pass http://127.0.0.1:8080; } location ~ /\.ht { deny all; } }
- Edit Apache virtual hosts at
/etc/httpd/conf.d/vhosts.conf
to add more virtual host:# 1st domain settings are up here, don't remove <VirtualHost 127.0.0.1:8080> ... </VirtualHost> # 1st domain settings are up here, don't remove <VirtualHost 127.0.0.1:8080> ServerAdmin email@sub2.domain.com DocumentRoot /var/www/domain.com/sub2/public/ ServerName sub2.domain.com ErrorLog logs/sub2.domain.com-error_log CustomLog logs/sub2.domain.com-access_log common </VirtualHost>
- Request SSL cert using certbot again, but this time pick the new domain:
- EC2 - With Amazon Linux 2
sudo certbot --nginx
- Lightsail
sudo /opt/letsencrypt/letsencrypt-auto --authenticator standalone --installer nginx --pre-hook "nginx -s stop" --post-hook "nginx"
- If all went well, your certs will be at
/etc/letsencrypt/live/sub2.domain.com/
and your/etc/nginx/conf.d/default.conf
has been updated by cerbot automatically.
- Restart NGINX & Apache:
sudo service nginx restart sudo service httpd restart
- ???
- Profit. :D
You can view the final files down below.
- https://gist.github.com/nrollr/56e933e6040820aae84f82621be16670
- https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-reverse-proxy-for-apache
- https://stackoverflow.com/questions/14434120/nginx-set-multiple-server-name-with-ssl-support
- https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-centos-7
- https://certbot.eff.org/#centosrhel7-nginx
- https://community.letsencrypt.org/t/solution-client-with-the-currently-selected-authenticator-does-not-support-any-combination-of-challenges-that-will-satisfy-the-ca/49983
- https://coderwall.com/p/e7gzbq/https-with-certbot-for-nginx-on-amazon-linux
- https://mariadb.com/kb/en/library/yum/