edoo
8/1/2018 - 9:44 AM

certbot standalone multiple domain #https #tls

certbot standalone multiple domain #https #tls

tls-https.md
content_copyfile_download
  • Rendered
  • Source
certbot certonly --standalone -d dns.de.blahdns.com -d svr5.ookangzheng.com -d doh.de.blahdns.com

nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
    worker_connections 1024;
}

http {

server {
listen 443 ssl;
listen [::]:443 ssl;
#rewrite ^(.*) https://$server_name$1 permanent;
server_name doh.de.blahdns.com dns.de.blahdns.com;

ssl on;
    ssl_certificate       /etc/letsencrypt/live/dns.de.blahdns.com/fullchain.pem;
    ssl_certificate_key   /etc/letsencrypt/live/dns.de.blahdns.com/privkey.pem;
    ssl_protocols         TLSv1.2;
    ssl_ciphers           ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_session_tickets on;
    ssl_session_timeout   4h;
    ssl_stapling on; 
    ssl_stapling_verify on;
    ssl_session_cache shared:SSL:20m;
    proxy_set_header    Host              $host;
    proxy_set_header    X-Real-IP         $remote_addr;
    proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-SSL on;
    proxy_set_header    X-Forwarded-Proto $scheme;

location / {
        return      444;
        }

location /dns-query {
    proxy_pass http://localhost:8053;
        #proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        #proxy_set_header X-Forwarded-Proto https;
        include /etc/nginx/proxy_params;
}

}

# server {
#     listen 81 ;
#     listen [::]:81 ;
#     server_name svr5.ookangzheng.com;
#     return 301 https://$host$request_uri;
# }

server {
listen 81 ssl;
listen [::]:81 ssl;
server_name svr5.ookangzheng.com;

ssl on;
    ssl_certificate       /etc/letsencrypt/live/dns.de.blahdns.com/fullchain.pem;
    ssl_certificate_key   /etc/letsencrypt/live/dns.de.blahdns.com/privkey.pem;
    ssl_protocols         TLSv1.2;
    ssl_ciphers           ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_session_tickets on;
    ssl_session_timeout   4h;
    ssl_stapling on; 
    ssl_stapling_verify on;
    ssl_session_cache shared:SSL:20m;
    proxy_set_header    Host              $host;
    proxy_set_header    X-Real-IP         $remote_addr;
    proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-SSL on;
    proxy_set_header    X-Forwarded-Proto $scheme;

location / {
         return      444;
        }

location /admin {
    proxy_pass http://127.0.0.1:82/admin;
    #proxy_redirect off;
    include /etc/nginx/proxy_params;
}
}

}