AWS LINUX2 NGINX CERBOT (SSL LET’S ENCRYPT)

# amazon-linux-extras list | grep "nginx"
NOTE: The livepatch extra is in public preview, not meant for production use
 38  nginx1                   available    [ =stable ]
# amazon-linux-extras install nginx1
# nginx -v
nginx version: nginx/1.16.1
# systemctl enable nginx
# systemctl start nginx
# cd /usr/local/src
# wget -r --no-parent -A 'epel-release-*.rpm' http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/
# rpm -Uvh dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-*.rpm
# yum-config-manager --enable epel*
# yum install certbot python2-certbot-nginx

# vi /etc/nginx/conf.d/nodejs.conf

upstream nodejs {
 server localhost:3000;
}

location / {
 root /path/to/node-app/public;
 try_files $uri @node;
 expires 30d;
 access_log off;
}

location @node {
 proxy_pass http://node;
 proxy_redirect off;
 proxy_http_version 1.1;
 proxy_set_header Upgrade $http_upgrade;
 proxy_set_header Connection 'upgrade';
 proxy_set_header Host $host;
 proxy_set_header X-Real-IP $remote_addr;
 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_cache_bypass $http_upgrade;
}

#crontab -e
0 0,12 * * * root certbot renew --no-self-upgrade

コメント

タイトルとURLをコピーしました