Cài SSL cho nginx

30-05-2022 / vominh

Tạo config:

touch /etc/nginx/sites-available/frp.duocnguyen.dev.conf

Link nó qua bên enabled:

sudo ln -s /etc/nginx/sites-available/frp.duocnguyen.dev.conf /etc/nginx/sites-enabled/

Config file:

server {
    server_name *.frp.duocnguyen.dev;
    listen 80;
    location / {
        proxy_pass http://127.0.0.1:8090;
        proxy_set_header    Host            $host;
        proxy_set_header    X-Real-IP       $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/frp.duocnguyen.dev/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/frp.duocnguyen.dev/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
    if ($host = .frp.duocnguyen.dev) {
        return 301 https://$host$request_uri;
    }
    listen 80;
    return 404;
}

Cài đặt certbot

Certbot là một công cụ nguồn mở và miễn phí được phát triển bởi Electronic Frontier Foundation (EFF) để tự động hóa việc lấy và gia hạn chứng chỉ SSL/TLS.

sudo apt install python3 python3-venv libaugeas0
sudo python3 -m venv /opt/certbot/
sudo /opt/certbot/bin/pip install --upgrade pip
sudo /opt/certbot/bin/pip install certbot certbot-nginx
sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot

Explanation

The first step is to install the necessary Python and system dependencies. This is achieved by running the command sudo apt install python3 python3-venv libaugeas0. Here, sudo grants administrator permissions, apt install is the package management command, and python3, python3-venv, and libaugeas0 are the packages to be installed.

Next, we create a Python virtual environment in the directory /opt/certbot/ using the command sudo python3 -m venv /opt/certbot/. This isolates our Certbot installation and its dependencies from the rest of the system.

Once the virtual environment is set up, we need to install and upgrade the Python package installer pip to the latest version. We do this by invoking pip directly from the virtual environment using the command sudo /opt/certbot/bin/pip install --upgrade pip.

With our virtual environment and pip set up, we can now install Certbot and its Nginx plugin. This is done by running sudo /opt/certbot/bin/pip install certbot certbot-nginx.

Finally, we create a symbolic link to the Certbot executable in the /usr/bin directory. This allows us to run the certbot command from any location within the terminal. This is achieved by running sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot.

Config cert bot và nginx

sudo certbot -d *.frp.duocnguyen.dev -d frp.duocnguyen.dev --manual --preferred-challenges dns-01 certonly

Cài đặt DNS theo như hướng dẫn là được.