Could you please tell me how do you implement letsnencrypt with nginx reverse proxy?
I have installed /security/acme-client and I now need to create an entry simillar to the following but so far no matter where I add this code, nginx do not restart
Here is my /etc/nginx.conf file
I have installed /security/acme-client and I now need to create an entry simillar to the following but so far no matter where I add this code, nginx do not restart
Code:
# Letsencrypt needs http for acme challenges
location ^~ /.well-known/acme-challenge/ {
proxy_redirect off;
default_type "text/plain";
root usr/local/www/acme;
allow all;
}
Code:
load_module /usr/local/libexec/nginx/ngx_mail_module.so;
load_module /usr/local/libexec/nginx/ngx_stream_module.so;
#user nobody;
worker_processes 1;
error_log /var/log/nginx/error.log;
#
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
proxy_cache_path /var/db/nginx levels=1:2 keys_zone=STATIC:10m
inactive=24h max_size=1g;
## Hiawatha backend for mydomain.co.uk ##
upstream domain1 {
server 10.30.1.14:80;
}
## Start mydomain.co.uk HTTP ##
server {
listen 10.30.1.11:80;
server_name mydomain.co.uk *.mydomain.co.uk;
return 301 https://$host$request_uri; ###FORCE HTTPS
root /usr/local/www/nginx;
index index.php index.html index.htm;
## send request back to domain1 ##
location / {
proxy_pass http://domain1;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache STATIC;
proxy_cache_valid 200 1d;
proxy_cache_use_stale error timeout invalid_header updating
http_500 http_502 http_503 http_504;
}
}
## End mydomain.co.uk HTTP ##
## Start mydomain.co.uk HTTPS##
server {
listen 10.30.1.11:303 ssl;
server_name mydomain.co.uk *.mydomain.co.uk;
ssl_certificate /etc/ssl/mydomain.co.uk.crt;
ssl_certificate_key /etc/ssl/mydomain.co.uk.key;
#ssl_client_certificate /etc/ssl/server/mydomain.co.uk.crt;
ssl_verify_client off;
root /usr/local/www/nginx;
index index.php index.html index.htm;
## send request back to domain1 ##
location / {
proxy_pass http://domain1;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cache STATIC;
proxy_cache_valid 200 1d;
proxy_cache_use_stale error timeout invalid_header updating
http_500 http_502 http_503 http_504;
}
}
}