Nginx: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
(Die Seite wurde neu angelegt: „= Links = = Zielsetzung = Nginx ist ein Webserver. Er beantwortet HTTP und HTTPS-Anforderungen an den Server. Dazu benutzt er Subsysteme, die die eigentlichen Applikationen enthalten: PHP, CGI... = Installation = <syntaxhighlight lang="bash"> apt-get install nginx-full # oder apt-get install nginx </syntaxhighlight> = Konfiguration = <syntaxhighlight lang="bash"> cat <<EOS > /etc/nginx/snippets/letsencrypt.conf location ^~ /.well-known/acme-challenge…“) |
|||
| Zeile 35: | Zeile 35: | ||
echo "Hi" >/srv/www/letsencrypt/.well-known/hi.txt | echo "Hi" >/srv/www/letsencrypt/.well-known/hi.txt | ||
chown -R www-data:www-data /srv/www/letsencrypt | chown -R www-data:www-data /srv/www/letsencrypt | ||
</syntaxhighlight> | |||
== Script für Zertifikatserstellung == | |||
CITY=Munich | |||
COMPANY=hamatoma.de | |||
<syntaxhighlight lang="bash"> | |||
SCRIPT=/usr/local/bin/MkCert.sh | |||
if [ -e $SCRIPT ]; then | |||
echo "+++ $SCRIPT already exists" | |||
else | |||
cat <<EOS >$SCRIPT | |||
#! /bin/bash | |||
URL=\$1 | |||
if [ -z "\$URL" ] ; then | |||
echo "Usage MkCert URL" | |||
echo "+++ missing URL" | |||
else | |||
URL2=www.\$URL | |||
FN=/tmp/config.tmp | |||
cat >\$FN <<EOS | |||
[req] | |||
distinguished_name = req_distinguished_name | |||
req_extensions = v3_req | |||
prompt = no | |||
[req_distinguished_name] | |||
C = DE | |||
ST = BY | |||
L = $CITY | |||
O = $COMPANY | |||
OU = IT-Abteilung | |||
CN = \$URL | |||
[v3_req] | |||
keyUsage = keyEncipherment, dataEncipherment | |||
extendedKeyUsage = serverAuth | |||
subjectAltName = \@alt_names | |||
[alt_names] | |||
DNS.1 = \$URL | |||
DNS.2 = \$URL2 | |||
EOS | |||
openssl req -new -days 999 -newkey rsa:4096bits -sha512 -x509 -nodes -out /etc/ssl/certs/\$URL.pem -keyout /etc/ssl/private/\$URL.key -config \$FN | |||
chgrp ssl-cert /etc/ssl/private/\$URL.key ; chmod 640 /etc/ssl/private/\$URL.key | |||
echo "Zertifikat für \$URL und \$URL2 erzeugt:" | |||
cat <<EOS | |||
ssl_certificate /etc/ssl/certs/\$URL.pem; | |||
ssl_certificate_key /etc/ssl/private/\$URL.key; | |||
EOS | |||
fi | |||
EOS | |||
chmod +x $SCRIPT | |||
echo "= $SCRIPT was created" | |||
fi | |||
</syntaxhighlight> | |||
= Befehle = | |||
<syntaxhighlight lang="bash"> | |||
# Konfiguration testen: | |||
nginx -t | |||
# Änderungen der Konfiguration nutzen: | |||
systemctl reload nginx | |||
# Zustand Webserver abfragen | |||
systemctl status nginx | |||
# Webserver starten: | |||
systemctl start nginx | |||
# Webserver stoppen: | |||
systemctl stop nginx | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Version vom 20. Februar 2024, 07:56 Uhr
Links
Zielsetzung
Nginx ist ein Webserver. Er beantwortet HTTP und HTTPS-Anforderungen an den Server.
Dazu benutzt er Subsysteme, die die eigentlichen Applikationen enthalten: PHP, CGI...
Installation
apt-get install nginx-full
# oder
apt-get install nginx
Konfiguration
cat <<EOS > /etc/nginx/snippets/letsencrypt.conf
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /home/www/letsencrypt;
}
# Hide /acme-challenge subdirectory and return 404 on all requests.
# It is somewhat more secure than letting Nginx return 403.
# Ending slash is important!
location = /.well-known/acme-challenge/ {
return 404;
}
EOS
if [ ! -e /srv/www ]; then
mkdir -p /home/www
ln -s ../home/www /srv/www
fi
mkdir -p /srv/www/letsencrypt/.well-known/acme-challenge
echo "Hi" >/srv/www/letsencrypt/.well-known/acme-challenge/hi.txt
echo "Hi" >/srv/www/letsencrypt/.well-known/hi.txt
chown -R www-data:www-data /srv/www/letsencrypt
Script für Zertifikatserstellung
CITY=Munich COMPANY=hamatoma.de
SCRIPT=/usr/local/bin/MkCert.sh
if [ -e $SCRIPT ]; then
echo "+++ $SCRIPT already exists"
else
cat <<EOS >$SCRIPT
#! /bin/bash
URL=\$1
if [ -z "\$URL" ] ; then
echo "Usage MkCert URL"
echo "+++ missing URL"
else
URL2=www.\$URL
FN=/tmp/config.tmp
cat >\$FN <<EOS
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = DE
ST = BY
L = $CITY
O = $COMPANY
OU = IT-Abteilung
CN = \$URL
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = \@alt_names
[alt_names]
DNS.1 = \$URL
DNS.2 = \$URL2
EOS
openssl req -new -days 999 -newkey rsa:4096bits -sha512 -x509 -nodes -out /etc/ssl/certs/\$URL.pem -keyout /etc/ssl/private/\$URL.key -config \$FN
chgrp ssl-cert /etc/ssl/private/\$URL.key ; chmod 640 /etc/ssl/private/\$URL.key
echo "Zertifikat für \$URL und \$URL2 erzeugt:"
cat <<EOS
ssl_certificate /etc/ssl/certs/\$URL.pem;
ssl_certificate_key /etc/ssl/private/\$URL.key;
EOS
fi
EOS
chmod +x $SCRIPT
echo "= $SCRIPT was created"
fi
Befehle
# Konfiguration testen:
nginx -t
# Änderungen der Konfiguration nutzen:
systemctl reload nginx
# Zustand Webserver abfragen
systemctl status nginx
# Webserver starten:
systemctl start nginx
# Webserver stoppen:
systemctl stop nginx