mico/systems-guide
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6cfae9993b
systems-guide/nginx-certbot.md
mic0 6cfae9993b
Initial guide
2025-11-18 14:44:53 +01:00

88 lines
1.9 KiB
Markdown
Raw Blame History

# Serve with Nginx and certify with Certbot SSL
Note: `snapd` isnt stable on Almalinux 10 at the time of writing, you might wanna install it via `pip` or some other way.
## Installing packages
```sh
# Install packages
sudo dnf install snapd nginx && systemctl enable nginx && systemctl start nginx
# Snapd for certbot (https certs)
sudo systemctl enable --now snapd.socket &&
sudo ln -s /var/lib/snapd/snap /snap &&
sudo ln -s /snap/bin/certbot /usr/bin/certbot &&
sudo snap install --classic certbot &&
sudo ln -s /snap/bin/certbot /usr/bin/certbot
```
This installed our nginx and certbot.
## Serving a website via nginx
Create an empty config file
```sh
nvim /etc/nginx/conf.d/$YOUR_SERVICE.conf
```
and then add
```nginx
server {
server_name sub.yourdomain.com
location / {
root html;
index index.html;
}
}
```
then
```sh
sudo certbot --nginx -d sub.yourdomain.com
sudo certbot renew --dry-run # test renewal
```
This is all you need to have a self-renewing certificate for a service or website.
## Passing the traffic thru to your APIs with `upstream`
For an API service, do the same as above point, but go into your config and change the `/your_api` block to include:
```nginx
upstream your_api {
server 127.0.0.1:3498;
}
# ...
server {
# ...
location / {
proxy_pass http://your_api;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket support (if needed)
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# Timeouts
proxy_connect_timeout 5s;
proxy_read_timeout 60s;
proxy_send_timeout 60s;
}
# ...
}
```
Reference in New Issue View Git Blame Copy Permalink