sudo nano /etc/nginx/nginx.conf
#enable:
server_names_hash_bucket_size 64;
#restart nginx
sudo service nginx restart
sudo unlink /etc/nginx/sites-enabled/default
sudo rm /etc/nginx/sites-enabled/default
sudo nano /etc/nginx/sites-enabled/reverse-proxy.conf
server {
listen 80;
listen [::]:80;
server_name grafana.raiv.cc;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 80;
listen [::]:80;
server_name traccar.raiv.cc;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 80;
listen [::]:80;
server_name raiv.cc;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 80;
listen [::]:80;
server_name jitsi.raiv.cc;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 80;
listen [::]:80;
server_name raiv415.synology.me;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 80;
listen [::]:80;
server_name jevany.raiv.cc;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 80;
listen [::]:80;
server_name draytek.raiv.cc;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name jevany.raiv.cc;
ssl_certificate /etc/letsencrypt/live/jevany.raiv.cc/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jevany.raiv.cc/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSV1.1 TLSV1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://192.168.100.245:8443/;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name draytek.raiv.cc;
ssl_certificate /etc/letsencrypt/live/draytek.raiv.cc/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/draytek.raiv.cc/privkey.pem;
ssl_client_certificate /etc/nginx/certificates/ca.crt;
# ssl_verify_client optional;
ssl_verify_client on;
# ssl_verify_depth 3;
# access_log /var/log/nginx/draytek.raiv.cc;
ssl_session_timeout 5m;
ssl_protocols TLSV1.1 TLSV1.2;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# ssl_verify_client on;
location / {
if ($ssl_client_verify != SUCCESS) {
return 403;
}
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $http_host;
# proxy_redirect off;
# proxy_set_header X-Forwarded-Proto https;
proxy_pass http://192.168.100.253:2380/;
# proxy_redirect http://192.168.100.253:2380/ draytek.raiv.cc;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_verify off;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name raiv.cc;
ssl_certificate /etc/letsencrypt/live/raiv.cc/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/raiv.cc/privkey.pem;
ssl_client_certificate /etc/nginx/certificates/ca.crt;
ssl_verify_client on;
ssl_session_timeout 5m;
location / {
if ($ssl_client_verify != SUCCESS) {
return 403;
}
proxy_pass http://192.168.100.251/;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_verify off;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name jitsi.raiv.cc;
ssl_certificate /etc/letsencrypt/live/jitsi.raiv.cc/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jitsi.raiv.cc/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSV1.1 TLSV1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://192.168.100.250/;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_verify off;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name traccar.raiv.cc;
ssl_certificate /etc/letsencrypt/live/traccar.raiv.cc/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/traccar.raiv.cc/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSV1.1 TLSV1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://192.168.100.251:8082/;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_verify off;
}
}
#server {
# listen 443 ssl;
# listen [::]:443 ssl;
# server_name grafana.raiv.cc;
# ssl_certificate /etc/letsencrypt/live/grafana.raiv.cc/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/grafana.raiv.cc/privkey.pem;
# ssl_session_timeout 5m;
# ssl_protocols TLSV1.1 TLSV1.2;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# proxy_pass http://192.168.100.251:3000/;
# proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# proxy_ssl_verify off;
# }
#}
sudo ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.conf
sudo nginx -t
sudo service nginx restart
Https:
sudo nano /etc/hosts
>127.0.0.1 "new".raiv.cc
sudo nano /etc/nginx/sites-enabled/reverse-proxy.conf
server {
listen 80;
listen [::]:80;
server_name grafana.raiv.cc;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 80;
listen [::]:80;
server_name traccar.raiv.cc;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 80;
listen [::]:80;
server_name raiv.cc;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 80;
listen [::]:80;
server_name jitsi.raiv.cc;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 80;
listen [::]:80;
server_name raiv415.synology.me;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 80;
listen [::]:80;
server_name jevany.raiv.cc;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 80;
listen [::]:80;
server_name draytek.raiv.cc;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name jevany.raiv.cc;
ssl_certificate /etc/letsencrypt/live/jevany.raiv.cc/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jevany.raiv.cc/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSV1.1 TLSV1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://192.168.100.245:8443/;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name draytek.raiv.cc;
ssl_certificate /etc/letsencrypt/live/draytek.raiv.cc/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/draytek.raiv.cc/privkey.pem;
ssl_client_certificate /etc/nginx/certificates/ca.crt;
# ssl_verify_client optional;
ssl_verify_client on;
# ssl_verify_depth 3;
# access_log /var/log/nginx/draytek.raiv.cc;
ssl_session_timeout 5m;
ssl_protocols TLSV1.1 TLSV1.2;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# ssl_verify_client on;
location / {
if ($ssl_client_verify != SUCCESS) {
return 403;
}
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header Host $http_host;
# proxy_redirect off;
# proxy_set_header X-Forwarded-Proto https;
proxy_pass http://192.168.100.253:2380/;
# proxy_redirect http://192.168.100.253:2380/ draytek.raiv.cc;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_verify off;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name raiv.cc;
ssl_certificate /etc/letsencrypt/live/raiv.cc/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/raiv.cc/privkey.pem;
ssl_client_certificate /etc/nginx/certificates/ca.crt;
ssl_verify_client on;
ssl_session_timeout 5m;
location / {
if ($ssl_client_verify != SUCCESS) {
return 403;
}
proxy_pass http://192.168.100.251/;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_verify off;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name jitsi.raiv.cc;
ssl_certificate /etc/letsencrypt/live/jitsi.raiv.cc/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jitsi.raiv.cc/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSV1.1 TLSV1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://192.168.100.250/;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_verify off;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name traccar.raiv.cc;
ssl_certificate /etc/letsencrypt/live/traccar.raiv.cc/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/traccar.raiv.cc/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSV1.1 TLSV1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://192.168.100.251:8082/;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_verify off;
}
}
#server {
# listen 443 ssl;
# listen [::]:443 ssl;
# server_name grafana.raiv.cc;
# ssl_certificate /etc/letsencrypt/live/grafana.raiv.cc/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/grafana.raiv.cc/privkey.pem;
# ssl_session_timeout 5m;
# ssl_protocols TLSV1.1 TLSV1.2;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# proxy_pass http://192.168.100.251:3000/;
# proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# proxy_ssl_verify off;
# }
#}
#SAVE
######################################
#### generate certs for ALL - ROOT & Alias servers!
#### No proxy on port 80 enabled!!!
sudo certbot certonly --preferred-challenges http -d contacam245.raiv.cc
#>2
#>add: /usr/share/nginx/html/
output:
/etc/letsencrypt/live/draytek.raiv.cc/fullchain.pem
/etc/letsencrypt/live/draytek.raiv.cc/privkey.pem
sudo nano /etc/nginx/sites-enabled/reverse-proxy.conf
server {
listen 80;
listen [::]:80;
server_name contacam245.raiv.cc;
return 301 https://contacam245.raiv.cc;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name contacam245.raiv.cc;
ssl_certificate /etc/letsencrypt/live/contacam245.raiv.cc/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/contacam245.raiv.cc/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSV1.1 TLSV1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://192.168.100.245:8443/;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
}
}
#save
############ Lets Encrypt reneval
cd /etc/nginx/sites-enabled
# 1. backup raiv.cc.conf
sudo cp /etc/nginx/sites-enabled/reverse-proxy.conf ~/reverse-proxy.conf.bak
# 2. edit raiv.cc.conf >>> enable all :80 aliases site (MUST exist A record on DNS)
sudo nano ~/reverse-proxy.conf.rnw
server {
listen 80;
listen [::]:80;
server_name contacam245.raiv.cc;
}
server {
listen 80;
listen [::]:80;
server_name draytek.raiv.cc;
}
server {
listen 80;
listen [::]:80;
server_name jitsi.raiv.cc;
}
server {
listen 80;
listen [::]:80;
server_name raiv415.synology.me;
}
sudo cp ~/reverse-proxy.conf.rnw /etc/nginx/sites-enabled/reverse-proxy.conf
sudo nginx -T
sudo service nginx restart
# 3. renew lets encrypt - for created by: sudo certbot certonly --preferred-challenges http -d contacam245.raiv.cc
#sudo certbot renew --dry-run (test)
#sudo /usr/share/jitsi-meet/scripts/install-letsencrypt-cert.sh
sudo certbot renew
# 4. restore NGIX conf
sudo cp ~/reverse-proxy.conf.bak /etc/nginx/sites-enabled/reverse-proxy.conf
sudo nginx -T
sudo service nginx restart
#################### created renewal-letsencypt-cert.sh
sudo nano ~/renewal-letsencypt-cert.sh
#!/bin/bash
sudo cp /etc/nginx/sites-enabled/reverse-proxy.conf ~/reverse-proxy.conf.conf.bak
sudo cp ~/reverse-proxy.conf.rnw /etc/nginx/sites-enabled/reverse-proxy.conf
sudo service nginx restart
sudo certbot renew
sudo cp ~/reverse-proxy.conf.bak /etc/nginx/sites-enabled/reverse-proxy.conf
sudo service nginx restart
exit 0
# save
sudo chmod 777 ~/renewal-letsencypt-cert.sh
#add to Crontab
sudo crontab -e
6 2 * * * sudo ~/renewal-letsencypt-cert.sh >> ~/renewal.log
sudo crontab -l