Update docs for Arch Linux nginx setup
Alongside moving to certbot's nginx plugin, also use conf.d instead of recreating the sites-{available,enabled} setup that Debian/Ubuntu uses. Furthermore, also request a certificate for the media domain at the same time since that's now required.
This commit is contained in:
parent
5405828ab1
commit
39b8e73532
1 changed files with 11 additions and 24 deletions
|
@ -136,16 +136,17 @@ If you want to open your newly installed instance to the world, you should run n
|
||||||
sudo pacman -S nginx
|
sudo pacman -S nginx
|
||||||
```
|
```
|
||||||
|
|
||||||
* Create directories for available and enabled sites:
|
* Copy the example nginx configuration:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
sudo mkdir -p /etc/nginx/sites-{available,enabled}
|
sudo cp /opt/akkoma/installation/nginx/akkoma.nginx /etc/nginx/conf.d/akkoma.conf
|
||||||
```
|
```
|
||||||
|
|
||||||
* Append the following line at the end of the `http` block in `/etc/nginx/nginx.conf`:
|
* Before starting nginx edit the configuration and change it to your needs (e.g. change servername, change cert paths)
|
||||||
|
* Enable and start nginx:
|
||||||
|
|
||||||
```Nginx
|
```shell
|
||||||
include sites-enabled/*;
|
sudo systemctl enable --now nginx.service
|
||||||
```
|
```
|
||||||
|
|
||||||
* Setup your SSL cert, using your method of choice or certbot. If using certbot, first install it:
|
* Setup your SSL cert, using your method of choice or certbot. If using certbot, first install it:
|
||||||
|
@ -158,32 +159,18 @@ and then set it up:
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
sudo mkdir -p /var/lib/letsencrypt/
|
sudo mkdir -p /var/lib/letsencrypt/
|
||||||
sudo certbot certonly --email <your@emailaddress> -d <yourdomain> --standalone
|
sudo certbot --email <your@emailaddress> -d <yourdomain> -d <media_domain> --nginx
|
||||||
```
|
```
|
||||||
|
|
||||||
If that doesn’t work, make sure, that nginx is not already running. If it still doesn’t work, try setting up nginx first (change ssl “on” to “off” and try again).
|
If that doesn't work the first time, add `--dry-run` to further attempts to avoid being ratelimited as you identify the issue, and do not remove it until the dry run succeeds. A common source of problems are nginx config syntax errors; this can be checked for by running `nginx -t`.
|
||||||
|
|
||||||
---
|
To make sure renewals work, enable the appropriate systemd timer:
|
||||||
|
|
||||||
* Copy the example nginx configuration and activate it:
|
|
||||||
|
|
||||||
```shell
|
```shell
|
||||||
sudo cp /opt/akkoma/installation/nginx/akkoma.nginx /etc/nginx/sites-available/akkoma.nginx
|
sudo systemctl enable --now certbot-renew.timer
|
||||||
sudo ln -s /etc/nginx/sites-available/akkoma.nginx /etc/nginx/sites-enabled/akkoma.nginx
|
|
||||||
```
|
```
|
||||||
|
|
||||||
* Before starting nginx edit the configuration and change it to your needs (e.g. change servername, change cert paths)
|
Certificate renewal should be handled automatically by Certbot from now on.
|
||||||
* Enable and start nginx:
|
|
||||||
|
|
||||||
```shell
|
|
||||||
sudo systemctl enable --now nginx.service
|
|
||||||
```
|
|
||||||
|
|
||||||
If you need to renew the certificate in the future, uncomment the relevant location block in the nginx config and run:
|
|
||||||
|
|
||||||
```shell
|
|
||||||
sudo certbot certonly --email <your@emailaddress> -d <yourdomain> --webroot -w /var/lib/letsencrypt/
|
|
||||||
```
|
|
||||||
|
|
||||||
#### Other webserver/proxies
|
#### Other webserver/proxies
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue