Nginx

Aus Vokabulabor
Zur Navigation springen Zur Suche springen

Links

Zielsetzung

Nginx ist ein Webserver. Er beantwortet HTTP und HTTPS-Anforderungen an den Server.

Dazu benutzt er Subsysteme, die die eigentlichen Applikationen enthalten: PHP, CGI...

Installation

apt-get install nginx-full
# oder 
apt-get install nginx

Konfiguration

cat <<EOS > /etc/nginx/snippets/letsencrypt.conf
location ^~ /.well-known/acme-challenge/ {
    default_type "text/plain";
    root /home/www/letsencrypt;
}
# Hide /acme-challenge subdirectory and return 404 on all requests.
# It is somewhat more secure than letting Nginx return 403.
# Ending slash is important!
location = /.well-known/acme-challenge/ {
    return 404;
}
EOS
if [ ! -e /srv/www ]; then
  mkdir -p /home/www
  ln -s ../home/www /srv/www
fi
mkdir -p /srv/www/letsencrypt/.well-known/acme-challenge
echo "Hi" >/srv/www/letsencrypt/.well-known/acme-challenge/hi.txt
echo "Hi" >/srv/www/letsencrypt/.well-known/hi.txt
chown -R www-data:www-data /srv/www/letsencrypt

Script für Zertifikatserstellung

CITY=Munich
COMPANY=hamatoma.de

SCRIPT=/usr/local/bin/MkCert.sh
if [ -e $SCRIPT ]; then
  echo "+++ $SCRIPT already exists"
else
  cat <<ESCRIPT >$SCRIPT
#! /bin/bash

URL=\$1
if [ -z "\$URL" ] ; then
	echo "Usage MkCert URL"
	echo "+++ missing URL"
else
URL2=www.\$URL
FN=/tmp/config.tmp
cat >\$FN <<EOS
[req]
distinguished_name = req_distinguished_name
req_extensions = v3_req
prompt = no
[req_distinguished_name]
C = DE
ST = BY
L = $CITY
O = $COMPANY
OU = IT-Abteilung
CN = \$URL
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = \@alt_names
[alt_names]
DNS.1 = \$URL
DNS.2 = \$URL2
EOS
openssl req -new -days 999 -newkey rsa:4096bits -sha512 -x509 -nodes -out /etc/ssl/certs/\$URL.pem -keyout /etc/ssl/private/\$URL.key -config \$FN
chgrp ssl-cert /etc/ssl/private/\$URL.key ; chmod 640  /etc/ssl/private/\$URL.key
echo "Zertifikat für \$URL und \$URL2 erzeugt:"
cat <<EOS
    ssl_certificate /etc/ssl/certs/\$URL.pem;
    ssl_certificate_key /etc/ssl/private/\$URL.key;
EOS
fi
ESCRIPT
  chmod +x $SCRIPT
  echo "= $SCRIPT was created"
fi

Befehle

# Konfiguration testen:
nginx -t
# Änderungen der Konfiguration nutzen:
systemctl reload nginx
# Zustand Webserver abfragen
systemctl status nginx
# Webserver starten:
systemctl start nginx
# Webserver stoppen:
systemctl stop nginx
Abgerufen von „https://vokabulabor.hamatoma.de/index.php?title=Nginx&oldid=483