![]() ![]() ![]() I’ve used a Bitnami LAMP stack before from within Amazon Lightsail, and their products really appealed to me. That’s when I remembered bitnami:īitnami offers their product stacks for tons of different platforms – I’ll be using their VM image. I also wanted to mostly set-and-forget the server settings that aren’t manageable from within WordPress. NGINX SSH PROXY PLUSHaving a VM would mimic a more realistic deployment (aws, azure) plus allow for snapshots of the blog over time. I knew that I wanted to run my blog from its own VM in ESXi. Considering I had some prior WordPress experience, the learning curve seemed low enough for me! I also wanted to see if my experiences developing the Community Meals project would help me better understand/customize WordPress. I wanted low-barrier, high-reward, high-stability. In this case, I chose WordPress because its so well established. Why wordpress? I usually try to roll-my-own with the help of bootstrap for website work. I’d always wanted a blog, so I started to think of the best way to test my homelab setup. Well, something other than my dozens of web-management consoles. Ssl_dhparam /etc/letsencrypt/ssl-dhparams.After finishing my NGINX reverse proxy ‘starter’ configuration, it was time to actually host something. Include /etc/letsencrypt/nf # managed by Certbot Ssl_certificate /etc/letsencrypt/live//fullchain.pem # ma Proxy_set_header X-Forwarded-Proto https Proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for Proxy_pass proxy_set_header X-Real-IP $remote_addr If you like Certbot, please consider supporting our work by:ĭonating to EFF: 確認最後的 NGIX Virtual Host 設定檔 :~$ cd /etc/nginx/sites-available/ Making regular backups of this folder is ideal. This configuration directory willĪlso contain certificates and private keys obtained by Certbot so ![]() Your account credentials have been saved in your CertbotĬonfiguration directory at /etc/letsencrypt. Version of this certificate in the future, simply run certbot again Congratulations! Your certificate and chain have been saved at: No matching insecure server blocks listening on port 80 found.Ĭongratulations! You have successfully enabled Select the appropriate number then (press 'c' to cancel): 2 You can undo thisĬhange by editing your web server's configuration. New sites, or if you're confident your site works on HTTPS. Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.ġ: No redirect - Make no further changes to the webserver configuration.Ģ: Redirect - Make all requests redirect to secure HTTPS access. Organization that develops Certbot? We'd like to send you email about our workĮncrypting the web, EFF news, campaigns, and ways to support digital freedom.ĭeploying Certificate to VirtualHost /etc/nginx/sites-enabled/tunnel Would you be willing to share your email address with the Electronic Frontierįoundation, a founding partner of the Let's Encrypt project and the non-profit Plugins selected: Authenticator nginx, Installer nginxĮnter email address (used for urgent renewal and security notices) (Enter 'c' toĪgree in order to register with the ACME server at Saving debug log to /var/log/letsencrypt/letsencrypt.log NGINX SSH PROXY INSTALL:~$ sudo service nginx restart 安裝支援 NGINX 的 Let’s Encrypt Certbot :~$ sudo apt install certbot python3-certbot-nginx 使用 Certbot 申請與驗證憑證,並自動更新 NGINX 設定檔 :~$ cd /etc/nginx/sites-available/ :~$ sudo vi tunnel Sudo apt install nginx 設定 NGINX: 設定 Virtual Host、使用 Reverse Proxy ServerAliveInterval: 每送出一次 KeepAlive,會等幾秒回應 R: 執行 remote port forwarding (reverse tunnel) N: 不執行遠端指令,適用於 port forwarding (reverse tunnel)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |