diff --git a/ownCast%2C-nginx-and-TLS.md b/ownCast%2C-nginx-and-TLS.md index 71320da..ebc4db5 100644 --- a/ownCast%2C-nginx-and-TLS.md +++ b/ownCast%2C-nginx-and-TLS.md @@ -20,7 +20,9 @@ Welcome to the Wiki. $ sudo touch /var/www/html/index.html $ sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/your.domain.com.conf ``` + edit /etc/nginx/sites-available/your.domain.com.conf into something like: + ``` server { listen 80; @@ -37,11 +39,15 @@ server { } ``` +## disable default page and enable your virtual domain + +``` $ sudo ln -s /etc/nginx/sites-available/your.domain.com.conf /etc/nginx/sites-enabled/your.domain.com.conf $ sudo rm /etc/nginx/sites-enabled/default -$ sytemctl restart nginx +$ sudo sytemctl restart nginx ``` -Test your webserver by going with a browser to http://your.domain.com - does it work? + +Test your webserver by going with a browser to http://your.domain.com. ## install certificates from Let's Encrypt @@ -52,11 +58,10 @@ Test your webserver by going with a browser to http://your.domain.com - does it ## reconfigure nginx to proxy to ownCast edit /etc/nginx/sites-available/your.domain.com.conf into something like this: + ``` server { - server_name your.domain.com; - location / { proxy_set_header Host $host; proxy_set_header X-Forwarded-Host $host; @@ -69,19 +74,19 @@ server { proxy_set_header Connection $connection_upgrade; proxy_pass http://127.0.0.1:8080; } - listen [::]:443 ssl ipv6only=on; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/your.domain.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/your.domain.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - } ``` + (change your.domain.com to your own domain, and port in the proxy_pass setting to whatever you are using) Edit /etc/nginx/nginx.conf and add anywhere into html{} stanza: + ``` map $http_upgrade $connection_upgrade { default upgrade;