Setup dehydrated » Historie » Version 3
Jeremias Keihsler, 21.09.2021 22:22
| 1 | 2 | Jeremias Keihsler | h1. Install Procedure for dehydrated |
|---|---|---|---|
| 2 | |||
| 3 | h2. Requirements |
||
| 4 | |||
| 5 | To install logwatch you will need the following: |
||
| 6 | * a installed and supported operating system (e.g. CentOS 8.x) |
||
| 7 | * [[repo_epel|EPEL repository]] |
||
| 8 | * root-access |
||
| 9 | * a fast internet connection |
||
| 10 | |||
| 11 | h2. Preliminary Note |
||
| 12 | |||
| 13 | 3 | Jeremias Keihsler | partly taken from: https://bob.gatsmas.de/let-s-encrypt-mit-nginx-und-dehydrated |
| 14 | |||
| 15 | 2 | Jeremias Keihsler | h2. Install |
| 16 | 1 | Jeremias Keihsler | |
| 17 | 3 | Jeremias Keihsler | Install @dehydrated@: |
| 18 | 1 | Jeremias Keihsler | |
| 19 | 3 | Jeremias Keihsler | <pre><code class="shell"> |
| 20 | yum install openssl curl sed grep mktemp |
||
| 21 | 1 | Jeremias Keihsler | yum install dehydrated |
| 22 | </code></pre> |
||
| 23 | 2 | Jeremias Keihsler | |
| 24 | 3 | Jeremias Keihsler | h2. Configure nginx |
| 25 | 1 | Jeremias Keihsler | |
| 26 | 3 | Jeremias Keihsler | im http-Bereich (Port 80) des jeweiligen Servers |
| 27 | 1 | Jeremias Keihsler | |
| 28 | 3 | Jeremias Keihsler | <pre><code class="shell"> |
| 29 | location /.well-known/acme-challenge { |
||
| 30 | alias /var/www/dehydrated; |
||
| 31 | } |
||
| 32 | 1 | Jeremias Keihsler | </code></pre> |
| 33 | 3 | Jeremias Keihsler | |
| 34 | <pre><code class="shell"> |
||
| 35 | mkdir -p /var/www/dehydrated |
||
| 36 | systemctl restart nginx |
||
| 37 | </code></pre> |
||
| 38 | |||
| 39 | h2. Test nginx |
||
| 40 | |||
| 41 | <pre><code class="shell"> |
||
| 42 | echo "Test OK" > /var/www/dehydrated/test.html |
||
| 43 | </code></pre> |
||
| 44 | |||
| 45 | try to get the file from somewhere else |
||
| 46 | |||
| 47 | <pre><code class="shell"> |
||
| 48 | curl http://subdomain.example.com/.well-known/acme-challenge/test.html |
||
| 49 | </code></pre> |
||
| 50 | |||
| 51 | h2. Configure dehydrated |
||
| 52 | |||
| 53 | add domains to @/etc/dehydrated/domains.txt@ |
||
| 54 | |||
| 55 | 1 | Jeremias Keihsler | <pre> |
| 56 | 3 | Jeremias Keihsler | hostXX.example.com |
| 57 | </pre> |
||
| 58 | 1 | Jeremias Keihsler | |
| 59 | 3 | Jeremias Keihsler | h2. register with AMCE-Server (Let's Encrypt) |
| 60 | |||
| 61 | <pre><code class="shell"> |
||
| 62 | dehydrated --register --accept-terms |
||
| 63 | </code></pre> |
||
| 64 | |||
| 65 | h2. get certs |
||
| 66 | |||
| 67 | <pre><code class="shell"> |
||
| 68 | dehydrated -c |
||
| 69 | </code></pre> |
||
| 70 | |||
| 71 | h2. Configure nginx-ssl |
||
| 72 | |||
| 73 | <pre> |
||
| 74 | server { |
||
| 75 | listen 443 ssl http2; |
||
| 76 | listen [::]:443 ssl http2; |
||
| 77 | server_name hostXX.example.com; |
||
| 78 | root /usr/share/nginx/html; |
||
| 79 | |||
| 80 | #ssl_certificate "/etc/pki/nginx/server.crt"; |
||
| 81 | #ssl_certificate_key "/etc/pki/nginx/private/server.key"; |
||
| 82 | ssl_certificate "/etc/dehydrated/certs/hostXX.example.com/fullchain.pem"; |
||
| 83 | ssl_certificate_key "/etc/dehydrated/certs/hostXX.example.com/privkey.pem"; |
||
| 84 | ssl_session_cache shared:SSL:1m; |
||
| 85 | ssl_session_timeout 10m; |
||
| 86 | ssl_ciphers PROFILE=SYSTEM; |
||
| 87 | ssl_prefer_server_ciphers on; |
||
| 88 | |||
| 89 | # Load configuration files for the default server block. |
||
| 90 | include /etc/nginx/default.d/*.conf; |
||
| 91 | |||
| 92 | location / { |
||
| 93 | } |
||
| 94 | |||
| 95 | error_page 404 /404.html; |
||
| 96 | location = /40x.html { |
||
| 97 | } |
||
| 98 | |||
| 99 | error_page 500 502 503 504 /50x.html; |
||
| 100 | location = /50x.html { |
||
| 101 | } |
||
| 102 | } |
||
| 103 | 2 | Jeremias Keihsler | </pre> |