Update 'ownCast, nginx and TLS'

master
Luka Prinčič 2021-03-11 17:27:00 +01:00
parent 9450ace1f3
commit 18030b57cf
1 changed files with 11 additions and 6 deletions

@ -20,7 +20,9 @@ Welcome to the Wiki.
$ sudo touch /var/www/html/index.html $ sudo touch /var/www/html/index.html
$ sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/your.domain.com.conf $ sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/your.domain.com.conf
``` ```
edit /etc/nginx/sites-available/your.domain.com.conf into something like: edit /etc/nginx/sites-available/your.domain.com.conf into something like:
``` ```
server { server {
listen 80; listen 80;
@ -37,11 +39,15 @@ server {
} }
``` ```
## disable default page and enable your virtual domain
```
$ sudo ln -s /etc/nginx/sites-available/your.domain.com.conf /etc/nginx/sites-enabled/your.domain.com.conf $ sudo ln -s /etc/nginx/sites-available/your.domain.com.conf /etc/nginx/sites-enabled/your.domain.com.conf
$ sudo rm /etc/nginx/sites-enabled/default $ sudo rm /etc/nginx/sites-enabled/default
$ sytemctl restart nginx $ sudo sytemctl restart nginx
``` ```
Test your webserver by going with a browser to http://your.domain.com - does it work?
Test your webserver by going with a browser to http://your.domain.com.
## install certificates from Let's Encrypt ## install certificates from Let's Encrypt
@ -52,11 +58,10 @@ Test your webserver by going with a browser to http://your.domain.com - does it
## reconfigure nginx to proxy to ownCast ## reconfigure nginx to proxy to ownCast
edit /etc/nginx/sites-available/your.domain.com.conf into something like this: edit /etc/nginx/sites-available/your.domain.com.conf into something like this:
``` ```
server { server {
server_name your.domain.com; server_name your.domain.com;
location / { location / {
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;
@ -69,19 +74,19 @@ server {
proxy_set_header Connection $connection_upgrade; proxy_set_header Connection $connection_upgrade;
proxy_pass http://127.0.0.1:8080; proxy_pass http://127.0.0.1:8080;
} }
listen [::]:443 ssl ipv6only=on; # managed by Certbot listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/your.domain.com/fullchain.pem; # managed by Certbot ssl_certificate /etc/letsencrypt/live/your.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/your.domain.com/privkey.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/your.domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
} }
``` ```
(change your.domain.com to your own domain, and port in the proxy_pass setting to whatever you are using) (change your.domain.com to your own domain, and port in the proxy_pass setting to whatever you are using)
Edit /etc/nginx/nginx.conf and add anywhere into html{} stanza: Edit /etc/nginx/nginx.conf and add anywhere into html{} stanza:
``` ```
map $http_upgrade $connection_upgrade { map $http_upgrade $connection_upgrade {
default upgrade; default upgrade;