How To Secure Nginx with Let's Encrypt on Ubuntu 16.04

Опубликовано: 01 Август 2016
на канале: NixInPix

3,471

Let’s Encrypt is a new Certificate Authority. It’s free, automated, and open, thereby enabling encrypted HTTPS on web servers. It simplifies the process by providing a software client, letsencrypt, that attempts to automate most (if not all) of the required steps.

You must own or control the registered domain name that you wish to use the certificate with and you need to have Nginx installed to.

Commands:
sudo apt-get update
sudo apt-get -y install git
sudo git clone https://github.com/letsencrypt/letsen... /opt/letsencrypt
sudo nano /etc/nginx/sites-available/default
--------
location ~ /.well-known {
allow all;
}
--------
sudo nginx -t
sudo systemctl reload nginx
cd /opt/letsencrypt
./letsencrypt-auto certonly -a webroot --webroot-path=/var/www/html -d nipone.com -d www.nipone.com
sudo ls -l /etc/letsencrypt/live/your_domain_name
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

sudo nano /etc/nginx/snippets/ssl-example.com.conf
---------------
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
---------------
sudo nano /etc/nginx/snippets/ssl-params.conf
---------------
from https://cipherli.st/
and https://raymii.org/s/tutorials/Strong...

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;

ssl_dhparam /etc/ssl/certs/dhparam.pem;
-------------

sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak
sudo nano /etc/nginx/sites-available/default

------------
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name example.com www.example.com;
return 301 https://$server_name$request_uri;
}

server {

SSL configuration

listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
-------------

sudo systemctl restart nginx
==============
In a web browser:
https://www.ssllabs.com/ssltest/analy...
==============

/opt/letsencrypt/letsencrypt-auto renew

sudo crontab -e

------------Here you have Brackets please don't just copy paste you must replace those big brackets with normal one ---------------

30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew ＞＞ /var/log/le-renew.log
35 2 * * 1 /bin/systemctl reload nginx
-------------

cd /opt/letsencrypt
sudo git pull
_____________________________________

Music by Joakim Karud / joakimkarud

You can always Deploy an SSD cloud server in 55 seconds
with Digitalocean.
Anyone how use this link will receive $10 in hosting credit immediately after unlocking their account by adding a valid payment method.
Sign Up with this link
https://m.do.co/c/7b9082af029f

Смотрите видео How To Secure Nginx with Let's Encrypt on Ubuntu 16.04 онлайн без регистрации, длительностью часов минут секунд в хорошем качестве. Это видео добавил пользователь NixInPix 01 Август 2016, не забудьте поделиться им ссылкой с друзьями и знакомыми, на нашем сайте его посмотрели 3,47 раз и оно понравилось 1 людям.