2.1 KiB
2.1 KiB
Serve with Nginx and certify with Certbot SSL
Note: snapd isnt stable on Almalinux 10 at the time of writing, you might wanna install it via pip or some other way.
Installing packages
# Install packages
sudo dnf install snapd nginx && systemctl enable nginx && systemctl start nginx
# Snapd for certbot (https certs)
sudo systemctl enable --now snapd.socket &&
sudo ln -s /var/lib/snapd/snap /snap &&
sudo ln -s /snap/bin/certbot /usr/bin/certbot &&
sudo snap install --classic certbot &&
sudo ln -s /snap/bin/certbot /usr/bin/certbot
This installed our nginx and certbot.
Serving a website via nginx
Create an empty config file
nvim /etc/nginx/conf.d/$YOUR_SERVICE.conf
and then add
server {
server_name sub.yourdomain.com
location / {
root html;
index index.html;
}
}
then
sudo certbot --nginx -d sub.yourdomain.com
sudo certbot renew --dry-run # test renewal
This is all you need to have a self-renewing certificate for a service or website.
Passing the traffic thru to your APIs with upstream
For an API service, do the same as above point, but go into your config and change the /your_api block to include:
upstream your_api {
server 127.0.0.1:3498;
}
# ...
server {
# ...
location / {
proxy_pass http://your_api;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket support (if needed)
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# Timeouts
proxy_connect_timeout 5s;
proxy_read_timeout 60s;
proxy_send_timeout 60s;
}
# ...
}
Test and reload nginx by:
# Test configuration
sudo nginx -t
# Reload nginx
sudo systemctl reload nginx
Deleting Certbot certificates
# List your certificates
sudo certbot certificates
# Delete by name
sudo certbot delete --cert-name sub.domain.com