Skip to main content

Установка let's encrypt через webroot plugin

apt install nginx certbot

Настройка nginx - 80 порт снаружи должен быть проброшен на него

server {
        listen 81 default_server;
        listen [::]:81 default_server;

        root /var/www/html;
        location ^~ /.well-known/acme-challenge/ {
            default_type "text/plain";
            root /var/www/letsencrypt;
        }
        location / {
            return 403;
        }

}

Запуск получения сертификата:

certbot certonly --webroot -w /var/www/letsencrypt -d mydomain.com

Настройка nginx для https CSP:

server {
    server_name mydomain.com;
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    access_log /var/log/nginx/csp-access.log;
    error_log /var/log/nginx/csp-error.log warn;

    location / {
    }

    #websocket

    charset utf-8;
    client_max_body_size 100m;
}
Back to top