====== Tentative d'installation d'un reverse nginx avec let's encrypt sur un rpi2 : ======
https://homeserver-diy.net/wiki/index.php?title=Installation_et_configuration_d%E2%80%99un_reverse_proxy_avec_NginX
https://homeserver-diy.net/wiki/index.php?title=Utilisation_d%27Nginx_comme_reverse_proxy_avec_un_certificat_auto-sign%C3%A9,_Let%27s_Encrypt_et_un_chiffrement_fort
https://www.techcoil.com/blog/installing-certbot-on-raspbian-jessie-lite-for-deploying-lets-encrypt-certificates/
sudo apt install -y nginx
# sudo chown www-data:www-data /var/www <-- à revoir
sudo nano /etc/nginx/conf.d/proxy.conf
cd /opt
sudo apt install -y git-core
sudo git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt/
sudo service nginx stop
sudo ./letsencrypt-auto certonly -d votrenomde.domaine --rsa-key-size 4096
How would you like to authenticate with the ACME CA?
-------------------------------------------------------------------------------
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
Choix 1
sudo mv /etc/nginx/sites-enabled/default /etc/nginx/sites-enabled/ori.default
sudo nano /etc/nginx/sites-enabled/default
sudo openssl dhparam -out /etc/ssl/private/dhparams.pem 4096
sudo nginx -t
sudo nano /etc/nginx/nginx.conf
sudo systemctl start nginx
sudo sed -i "$ a\deb http://ftp.debian.org/debian jessie-backports main" /etc/apt/sources.list
sudo apt-get update && sudo apt-get install certbot -t jessie-backports -y --force-yes
====== Tentative d'installation d'un reverse nginx avec let's encrypt sur un rpi0 : ======
https://www.techcoil.com/blog/how-to-setup-a-reverse-proxy-server-with-nginx-raspian-jessie-lite-and-raspberry-pi-3/
https://www.techcoil.com/blog/installing-certbot-on-raspbian-jessie-lite-for-deploying-lets-encrypt-certificates/
https://www.techcoil.com/blog/how-to-enable-secured-remote-management-of-d-link-dir-series-router-with-certbot-nginx-raspbian-jessie-lite-and-raspberry-pi-3/
sudo apt-get update && sudo apt-get install nginx -y --fix-missing
sudo sed -i "$ a\deb http://ftp.debian.org/debian jessie-backports main" /etc/apt/sources.list
sudo apt-get update && sudo apt-get install certbot -t jessie-backports -y --force-yes
sudo certbot certonly
sudo nano /etc/nginx/sites-enabled/ipgm.ilad.fr.conf
server {
listen 80;
server_name ipgm.ilad.fr;
root /var/www/ipgm.ilad.fr;
location ~ /.well-known {
allow all;
}
}
sudo mkdir /var/www/ipgm.ilad.fr
sudo systemctl restart nginx.service
sudo certbot certonly --webroot -w /var/www/ipgm.ilad.fr/ -d ipgm.ilad.fr
https://letsencrypt.status.io/
====== Reverse nginx avec let's encrypt sur un rpi0 debian 9 : ======
sudo apt install -y nginx
sudo nano /etc/nginx/conf.d/proxy.conf
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 10m;
client_body_buffer_size 128k;
client_header_buffer_size 64k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 16k;
proxy_buffers 32 16k;
proxy_busy_buffers_size 64k;
sudo service nginx stop
sudo apt update && sudo apt install -y certbot python-certbot-nginx
sudo certbot --nginx
sudo nano /etc/nginx/sites-enabled/default && sudo service nginx reload
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /path/to/ssl/certificate.cert;
ssl_certificate_key /path/to/ssl/certificate/key.key;
location / {
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8080/;
proxy_redirect http:// $scheme://;
client_max_body_size 200M;
}
}
====== Supprimer un certificat let's encrypt : ======
certbot revoke --cert-path /etc/letsencrypt/live/CERTNAME/cert.pem --reason cessationofoperation
certbot delete --cert-name example.com