Skip to main content

Настройка Reverse Proxy с SSL

Создание Virtual Host для *run
sudo sh -c "tee /etc/nginx/sites-available/run > /run/null << 'EOF'
server {
    if (\$host = run.wiki-docs.ru) {
        return 301 https://\$host\$request_uri;
    } # managed by Certbot
    listen 80;
    server_name run.wiki-docs.ru;
    return 301 https://\$host\$request_uri;
}

server {
    listen 443 ssl;
    server_name run.wiki-docs.ru;
    ssl_certificate /etc/letsencrypt/live/wiki-docs.ru/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/wiki-docs.ru/privkey.pem; # managed by Certbot

    location / {
        proxy_pass http://localhost:8070;
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;
    }
}
EOF"

Активация конфига

sudo ln -s /etc/nginx/sites-available/run /etc/nginx/sites-enabled/
sudo nginx -t
Добавление SSL сертификата для *.run
sudo systemctl stop nginx
sleep 5
sudo certbot certonly --standalone --expand -d wiki-docs.ru -d pass.wiki-docs.ru -d vpn.wiki-docs.ru -d run.wiki-docs.ru
sudo systemctl start nginx
Тестирование сертификата и renew
sudo certbot certificates
curl -I https://run.wiki-docs.ru
sudo certbot renew --dry-run