99 lines
6.3 KiB
HTML
99 lines
6.3 KiB
HTML
<span class="step" ng-if="steps[step].slug === 'download'"><!--
|
|
|
|
step: download
|
|
|
|
--><ol>
|
|
<li>
|
|
<strong>Download</strong> generated config: <strong><a href="#" ng-click="downloadZip()">nginxconfig.io-{{ getDomains().join(',') }}.zip</a></strong>
|
|
</li>
|
|
<li>
|
|
<strong>Upload</strong> to server's <code>{{ data.directory_nginx.replace(endingSlashRegex, '') }}</code> directory<br>
|
|
or <strong>Copy</strong> as Base64 string: <strong><a href="#" ng-mouseenter="prepareBase64()" ng-click="copyAsBase64()" ngclipboard data-clipboard-target="#base64-zip-line" ngclipboard-success="clipboardSuccess('base64-zip-line')">Copy to clipboard</a></strong> and <strong>Paste</strong> from clipboard and run the command<br>
|
|
(<code>echo 'BASE64' | base64 --decode > {{ data.directory_nginx }}nginxconfig.io-{{ getDomains().join(',') }}.zip</code>)
|
|
</li>
|
|
<li>
|
|
Go to NGINX directory (over SSH):<br>
|
|
<code><span class="hljs-section">cd</span> {{ data.directory_nginx.replace(endingSlashRegex, '') }}</code>
|
|
</li>
|
|
<li>
|
|
<strong>Backup</strong> current configuration:<br>
|
|
<code><span class="hljs-section">tar</span> <span class="hljs-attribute">-czvf</span> nginx_$(date +'%F_%H-%M-%S').tar.gz nginx.conf sites-available/ sites-enabled/ nginxconfig.io/</code>
|
|
</li>
|
|
<li>
|
|
<strong>Unzip</strong> the uploaded archive:<br>
|
|
<code><span class="hljs-section">unzip</span> <span class="hljs-attribute">-o</span> nginxconfig.io-{{ getDomains().join(',') }}.zip</code><br>
|
|
(you probably need to install <strong>unzip</strong>: <code><span class="hljs-section"></span><strong>sudo</strong> <span class="hljs-section">apt-get</span> <span class="hljs-attribute">install</span> unzip</code>)
|
|
</li>
|
|
</ol></span><!--
|
|
|
|
|
|
|
|
--><span class="step" ng-if="steps[step].slug === 'ssl'"><ol><!--
|
|
|
|
step: ssl
|
|
|
|
--><!--
|
|
|
|
✔ SSL DH required --><li ng-if="isSSLDHRequired()">Generate <strong>Diffie-Hellman keys</strong>:<br>
|
|
<code><span class="hljs-section">openssl</span> <span class="hljs-attribute">dhparam</span> <span class="hljs-attribute">-out</span> {{ data.directory_nginx }}dhparam.pem <span class="hljs-number">{{ sslProfiles[ data.ssl_profile ].dh_param_size }}</span></code>
|
|
</li><!--
|
|
|
|
✔ Let's Encrypt
|
|
--><li ng-if="hasCertLetsEncrypt()">Create a common <strong>ACME-challenge</strong> directory (for <strong>Let's Encrypt</strong>):<br>
|
|
<code><span class="hljs-section">mkdir</span> <span class="hljs-attribute">-p</span> {{ data.directory_letsencrypt.replace(endingSlashRegex, '') }}</code><br>
|
|
<code><span class="hljs-section">chown</span> <span class="hljs-attribute">{{ data.user }}</span> {{ data.directory_letsencrypt.replace(endingSlashRegex, '') }}</code></li></ol></span><!--
|
|
|
|
|
|
|
|
--><span class="step" ng-if="steps[step].slug === 'certbot'"><!--
|
|
|
|
step: certbot
|
|
|
|
--><ol>
|
|
<li>
|
|
Comment out SSL related directives in configuration:<br>
|
|
<code><span class="hljs-section">sed</span> <span class="hljs-attribute">-i -r</span> 's/(listen .*443)/\1;#/g; s/(ssl_(certificate|certificate_key|trusted_certificate) )/#;#\1/g'<span ng-if="isUnified()"><!--
|
|
--> {{ data.directory_nginx }}nginx.conf</span><span ng-if="isModularized()"><span ng-repeat="(_site, _domain) in getDomains() track by $index" ng-if="isCertLetsEncrypt(_site)"><!--
|
|
--> {{ data.directory_nginx }}sites-{{ isSymlink() ? 'available' : 'enabled' }}/{{ _domain }}.conf</span></span></code>
|
|
</li>
|
|
<li>
|
|
Reload NGINX:<br>
|
|
<code><strong>sudo</strong> <span class="hljs-section">nginx</span> <span class="hljs-attribute">-t</span> && <strong>sudo</strong> <span class="hljs-section">systemctl</span> <span class="hljs-attribute">reload</span> nginx</code>
|
|
</li>
|
|
<li>
|
|
Obtain certificate{{ getDomains().length > 1 ? 's' : '' }}:<br>
|
|
<div ng-repeat="(_site, _domain) in getDomains() track by $index" ng-if="isCertLetsEncrypt(_site)"><code>
|
|
<span class="hljs-section">certbot</span> <!--
|
|
--><span class="hljs-attribute">certonly</span> <!--
|
|
--><span class="hljs-attribute">--webroot</span> <!--
|
|
--><span ng-if="isNonWWW(_site) || isRedirect(_site)"><span class="hljs-attribute" tooltips tooltip-template="--domain" tooltip-side="top">-d</span> {{ _domain.indexOf('-') !== -1 ? '"' + _domain + '"' : _domain }} </span><!--
|
|
--><span ng-if="isWWW(_site) || isRedirect(_site)"><span class="hljs-attribute" tooltips tooltip-template="--domain" tooltip-side="top">-d</span> {{ _domain.indexOf('-') !== -1 ? '"' : '' }}www.{{ _domain }}{{ _domain.indexOf('-') !== -1 ? '"' : '' }} </span><!--
|
|
--><span ng-if="isCDN(_site)"><span class="hljs-attribute" tooltips tooltip-template="--domain" tooltip-side="top">-d</span> {{ _domain.indexOf('-') !== -1 ? '"' : '' }}cdn.{{ _domain }}{{ _domain.indexOf('-') !== -1 ? '"' : '' }} </span><!--
|
|
--><span class="hljs-attribute">--email</span> {{ data.sites[_site].email ? data.sites[_site].email : 'info@' + _domain }} <!--
|
|
--><span class="hljs-attribute" tooltips tooltip-template="--webroot-path" tooltip-side="top">-w</span> {{ data.directory_letsencrypt.replace(endingSlashRegex, '') }} <!--
|
|
--><span class="hljs-attribute" tooltips tooltip-template="--non-interactive" tooltip-side="top">-n</span> <!--
|
|
--><span class="hljs-attribute">--agree-tos</span> <!--
|
|
--><span class="hljs-attribute">--force-renewal</span></code></div>
|
|
</li>
|
|
<li>
|
|
Reload NGINX:<br>
|
|
<code><strong>sudo</strong> <span class="hljs-section">nginx</span> <span class="hljs-attribute">-t</span> && <strong>sudo</strong> <span class="hljs-section">systemctl</span> <span class="hljs-attribute">reload</span> nginx</code>
|
|
</li>
|
|
<li>
|
|
Configure Certbot to reload NGINX after success renew:<br>
|
|
<code><span class="hljs-section">echo</span> <span class="hljs-attribute">-e</span> '#!/bin/bash\nnginx -t && systemctl reload nginx' | <strong>sudo</strong> <span class="hljs-section">tee</span> /etc/letsencrypt/renewal-hooks/post/nginx-reload.sh</code><br>
|
|
<code><strong>sudo</strong> <span class="hljs-section">chmod</span> <span class="hljs-attribute">a+x</span> /etc/letsencrypt/renewal-hooks/post/nginx-reload.sh</code>
|
|
</li>
|
|
</ol></span><!--
|
|
|
|
|
|
|
|
--><span class="step" ng-if="steps[step].slug === 'live'"><ol><!--
|
|
|
|
step: live
|
|
|
|
--><li>
|
|
Reload NGINX:<br>
|
|
<code><strong>sudo</strong> <span class="hljs-section">nginx</span> <span class="hljs-attribute">-t</span> && <strong>sudo</strong> <span class="hljs-section">systemctl</span> <span class="hljs-attribute">reload</span> nginx</code>
|
|
</li></ol></span>
|