Make Nginx of CentOS8 SSL compatible with Let's Encrypt

snap install

dnf -y install epel-release
dnf --enablerepo=epel -y install snapd
ln -s /var/lib/snapd/snap /snap
echo 'export PATH=$PATH:/var/lib/snapd/snap/bin' > /etc/profile.d/snap.sh
systemctl enable --now snapd.service snapd.socket

certbot installation

snap install certbot --classic
ln -s /snap/bin/certbot /usr/bin/certbot

nginx settings

nginx.conf


    server {
        listen       80;
        server_name  nextcloud.vamdemicsystem.net;
        root         /usr/share/nginx/html;

        location / {
        }
    }

Obtaining a certificate

certbot certonly --webroot -w /usr/share/nginx/html/ -d nextcloud.vamdemicsystem.net

Stored in /etc/letsencrypt/live/nextcloud.vamdemicsystem.net/

Nginx setting example

    # NextCloud
    server {
        listen       443 ssl http2 default_server;
        listen       [::]:443 ssl http2 default_server;
        server_name  nextcloud.vamdemic.net;
        root         /usr/share/nginx/html;

        ssl_certificate     "/etc/nginx/cert/nextcloud.vamdemic.net/fullchain.pem";
        ssl_certificate_key "/etc/nginx/cert/nextcloud.vamdemic.net/privkey.pem";
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers PROFILE=SYSTEM;
        ssl_prefer_server_ciphers on;

        location / {
            proxy_pass http://192.168.99.5;
            proxy_set_header X-Forwarded-Proto    $scheme;
            proxy_set_header HOST                 $host;
            proxy_set_header X-Real-IP            $remote_addr;
            proxy_set_header X-Forwarded-Host     $host;
            proxy_set_header X-Forwarded-Server   $host;
            proxy_set_header X-Forwarded-For      $proxy_add_x_forwarded_for;
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

Recommended Posts

Make Nginx of CentOS8 SSL compatible with Let's Encrypt
Introducing Let's Encrypt on CentOS 7
Apply your own domain to Rails of VPS and make it SSL (https) (CentOS 8.2 / Nginx)
[Rails] Make pagination compatible with Ajax
[Centos7] [Let ’s Encrypt] Until Nginx is inserted and SSL is enabled
Summary of what we did to make JavaScript compatible with IE11
Let's make draw poker with ruby-Implementation 1 (card)-
Let's make a Christmas card with Processing!
Let's make draw poker with ruby ~ Preparation ~
[Now] Let's Redmine with Docker Compose with Let's Encrypt
Let's make draw poker with ruby-Implementation 4 (Deck)-
HTTPS with Spring Boot and Let's Encrypt
Get Let's Encrypt Wildcard Certificate on CentOS6
Let's make a smart home with Ruby!
[docker] [nginx] Make a simple ALB with nginx
Let's make draw poker with ruby-Implementation 3 (player)-
Let's make draw poker with ruby-Implementation 2 (role)-
Let's make an error screen with Rails
Creating an SSL certificate using Let's Encrypt and setting up Nginx on Ubuntu 20
Let's encrypt installation procedure (Oracle Linux, RHEL, Centos7)
Put SSL (certbot) in GCP + CentOS6 (VM) + nginx
Make SpringBoot1.5 + Gradle4.4 + Java8 + Docker environment compatible with Java11
Let's make draw poker with ruby ~ test-unit preparation ~
Let's make a search function with Rails (ransack)
Prepare the environment of CentOS 8 with Sakura VPS
Let's play with Minishift! Easy experience of kubernetes