His Masters' Voices Wiki

よろずのことの書き残し

ユーザ用ツール

サイト用ツール

現在位置: start » server » nginx
server:nginx

差分

このページの2つのバージョン間の差分を表示します。

この比較画面へのリンク

両方とも前のリビジョン前のリビジョン
次のリビジョン		前のリビジョン
server:nginx [2022/07/18 17:27] – [環境] nipa28server:nginx [2022/07/18 18:54] (現在) – [操作ログ] nipa28
行 5: 行 5:
 --- ---
  
-https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-20-04-ja+[Ubuntu 20.04にNginxをインストールする方法](https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-20-04-ja)
  
 +[【Ubuntu】Let’s Encrypt+nginxでSSL/TLS(https接続)を設定する方法](https://vpslife.server-memo.net/letsencrypt_nginx/)
  
 環境 環境
行 12: 行 13:
  
 VPS, WebARENA indigo, Ubuntu20.04, 1vCPU 1G VPS, WebARENA indigo, Ubuntu20.04, 1vCPU 1G
-DDNS Nowで取得したドメインで接続 +DDNS Nowで取得したドメインで接続 xxx.f5.si, ooo.f5.si
  
 操作ログ 操作ログ
 ------ ------
 +
  
 ``` ```
行 26: 行 28:
 ``` ```
  
 +http(暗号化なし)ではつながる。
 {{:server:pasted:20220718-172614.png}} {{:server:pasted:20220718-172614.png}}
 +
 +サーバーブロックの設定
 +
 +```
 +ubuntu@i-12100000390816:~$ sudo mkdir -p /var/www/xxx.f5.si/html
 +ubuntu@i-12100000390816:~$ sudo chown -R $USER:$USER /var/www/xxx.f5.si/html
 +ubuntu@i-12100000390816:~$ sudo chmod -R 755 /var/www/xxx.f5.si
 +ubuntu@i-12100000390816:~$ vi /var/www/xxx.f5.si/html/index.html  #効果確認用ページ
 +ubuntu@i-12100000390816:~$ sudo ln -s /etc/nginx/sites-available/xxx.f5.si /etc/nginx/sites-enabled/
 +ubuntu@i-12100000390816:~$
 +```
 +
 +```
 +ubuntu@i-12100000390816:~$ cat /etc/nginx/sites-enabled/xxx.f5.si 
 +server {
 +        listen 80;
 +        listen [::]:80;
 +
 +        root /var/www/xxx.f5.si/html;
 +        index index.html index.htm index.nginx-debian.html;
 +
 +        server_name xxx.f5.si www.xxx.f5.si;
 +
 +        location / {
 +                try_files $uri $uri/ =404;
 +        }
 +}
 +ubuntu@i-12100000390816:~$ 
 +
 +```
 +
 +```
 +ubuntu@i-12100000390816:~$ sudo systemctl restart nginx.service
 +```
 +xxx.f5.si 効果確認用テストページが表示された
 +{{:server:pasted:20220718-175444.png}}
 +ooo.f5.si (xxx.f5.siと同じIP) デフォルトのページが表示された
 +{{:server:pasted:20220718-181553.png}}
 +
 +---
 +
 +SSL証明書
 +
 +xxx.f5.siのSSL証明書を取って、HTTPS接続可能にする。
 +
 +```
 +ubuntu@i-12100000390816:~$ sudo apt install certbot python3-certbot-nginx
 +ubuntu@i-12100000390816:~$ sudo certbot --nginx -d xxx.f5.si -m xxx@xxxxxx.co.jp --agree-tos
 +Saving debug log to /var/log/letsencrypt/letsencrypt.log
 +Plugins selected: Authenticator nginx, Installer nginx
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Would you be willing to share your email address with the Electronic Frontier
 +Foundation, a founding partner of the Let's Encrypt project and the non-profit
 +organization that develops Certbot? We'd like to send you email about our work
 +encrypting the web, EFF news, campaigns, and ways to support digital freedom.
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +(Y)es/(N)o: n
 +Obtaining a new certificate
 +Performing the following challenges:
 +http-01 challenge for xxx.f5.si
 +Waiting for verification...
 +Cleaning up challenges
 +Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/xxx.f5.si
 +
 +Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +1: No redirect - Make no further changes to the webserver configuration.
 +2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
 +new sites, or if you're confident your site works on HTTPS. You can undo this
 +change by editing your web server's configuration.
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
 +Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/xxx.f5.si
 +
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +Congratulations! You have successfully enabled https://xxx.f5.si
 +
 +You should test your configuration at:
 +https://www.ssllabs.com/ssltest/analyze.html?d=xxx.f5.si
 +- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +
 +IMPORTANT NOTES:
 + - Congratulations! Your certificate and chain have been saved at:
 +   /etc/letsencrypt/live/xxx.f5.si/fullchain.pem
 +   Your key file has been saved at:
 +   /etc/letsencrypt/live/xxx.f5.si/privkey.pem
 +   Your cert will expire on 2022-10-16. To obtain a new or tweaked
 +   version of this certificate in the future, simply run certbot again
 +   with the "certonly" option. To non-interactively renew *all* of
 +   your certificates, run "certbot renew"
 + - Your account credentials have been saved in your Certbot
 +   configuration directory at /etc/letsencrypt. You should make a
 +   secure backup of this folder now. This configuration directory will
 +   also contain certificates and private keys obtained by Certbot so
 +   making regular backups of this folder is ideal.
 + - If you like Certbot, please consider supporting our work by:
 +
 +   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 +   Donating to EFF:                    https://eff.org/donate-le
 +
 +ubuntu@i-12100000390816:~$ 
 +
 +```
 +
 +できた。
 +
 +{{:server:pasted:20220718-180407.png}}
 +
 +
 +
server/nginx.1658132856.txt.gz · 最終更新: 2022/07/18 17:27 by nipa28