rorens05/ssl-installation.sh

Last active February 15, 2023 04:44

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/rorens05/8e5bbb87a5383588488bd7fba1ffe559.js"></script>
Save rorens05/8e5bbb87a5383588488bd7fba1ffe559 to your computer and use it in GitHub Desktop.

Download ZIP

NGINX Setup and SSL Installation

Raw

ssl-installation.sh

	# install nginx
	sudo apt-get install -y nginx-extras

	# install generator
	sudo apt install certbot python3-certbot-nginx

Author

rorens05 commented May 18, 2022 •

edited

Loading

Create config file
nano /etc/nginx/sites-enabled/[domain]
Note: Nginx config file name should be the same name as the domain

Sample config file

server {
  listen 80;
  listen [::]:80;

  server_name [domain];


  location /cable {
    proxy_pass http://localhost:3000/cable;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }

  location / {
        proxy_pass http://localhost:3000/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
  }
  client_max_body_size 500M;
}

Generate Certificate
sudo certbot --nginx -d [domain] -d [other_domain]

verify autoupdate
sudo systemctl status certbot.timer

Verify NGINX config is correct
sudo nginx -t

Restart NGINX
sudo service nginx restart

Author

rorens05 commented Jun 25, 2022 •

edited

Loading

Sample config file once SSL is installed

server {

  server_name gislingayen.com;
  
  location /cable {
    proxy_pass http://localhost:6000/cable;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
  }

  location / {
        proxy_pass http://localhost:6000/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
  }
  client_max_body_size 100M;

  listen [::]:443 ssl ipv6only=on; # managed by Certbot
  listen 443 ssl; # managed by Certbot
  ssl_certificate /etc/letsencrypt/live/gislingayen.com/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/gislingayen.com/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = gislingayen.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


  listen 80;
  listen [::]:80;

  server_name gislingayen.com;
    return 404; # managed by Certbot
}

Author

rorens05 commented Nov 30, 2022

To install NGINX
sudo apt-get install -y nginx-extras

Author

rorens05 commented Feb 6, 2023 •

edited

Loading

For apache
sudo apt install certbot python3-certbot-apache

Create config file
sudo nano /etc/apache2/sites-enabled/support.tekteach.com.conf

Initial Config

<VirtualHost *:80>
     ServerName support.tekteach.com
     ServerAlias support.tekteach.com
     ServerAdmin admin@example.com
     DocumentRoot /var/www/osTicket/upload

     <Directory /var/www/osTicket/>
          Options FollowSymlinks
          AllowOverride All
          Require all granted
     </Directory>

     ErrorLog ${APACHE_LOG_DIR}/osticket_error.log
     CustomLog ${APACHE_LOG_DIR}/osticket_access.log combined
</VirtualHost>

Generate SSL
sudo certbot --apache

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment