reverse proxies with nginx
09.08.2023 2 min readI was tired of nginx proxy manager
dying on me (granted, it could very well be a “me thing” - maybe I hadn’t configured it properly) - so I decided to do everything manually (MORE manually, anyway - Certbot
still doing quite a bit of work).
Setting up Reverse Proxies with Certbot
Installation
sudo apt install nginx
sudo apt install certbot python3-certbot-nginx
Adding an entry
sudo nano /etc/nginx/sites-available/domain.example
server {
listen 80;
listen [::]:80;
server_name domain.example;
location / {
proxy_pass http://xxx.xxx.x.xxx:xxxx;
include proxy_params;
}
}
sudo nginx -t
- test if config is validsudo systemctl restart nginx
sudo ln -s /etc/nginx/sites-available/domain.example /etc/nginx/sites-enabled
- create thesymlink
Getting the cert
sudo certbot --nginx -d domain.example --staging # Browsers will complain that cert is not secure
sudo certbot --nginx -d domain.example
certbot
will take care of the SSL stuff and add the following into /etc/nginx/sites-available/domain.example
:
server {
# ... all the previous stuff
# the following is config added by Certbot
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.example/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.example/privkey.pem;
# ...etc.
}
Choose 1: No redirect
Certificate Auto-Renewal
sudo letsencrypt renew --dry-run --agree-tos
** DRY RUN: simulating 'certbot renew' close to cert expiry
** (The test certificates below have not been saved.)
Congratulations, all renewals succeeded. The following certs have been renewed:
# Your certs here
12 3 * * * letsencrypt renew >> /var/log/letsencrypt/renew.log
Test the command with bash
:
sudo bash -c "letsencrypt renew >> /var/log/letsencrypt/renew.log"
References
Built with Astro and Tailwind 🚀