Last active
May 11, 2025 19:02
-
-
Save irman/22ae655fc3f8aa20bc1d82a776065fd3 to your computer and use it in GitHub Desktop.
Revisions
-
irman revised this gist
Apr 24, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -107,7 +107,7 @@ Follow: https://certbot.eff.org/lets-encrypt/centosrhel7-nginx 1. If all went well, your certs will be at `/etc/letsencrypt/live/sub1.domain.com/` and your `/etc/nginx/conf.d/default.conf` has been updated by cerbot automatically. * In the future, to renew: ``` sudo /opt/letsencrypt/letsencrypt-auto --authenticator standalone --installer nginx --pre-hook "nginx -s stop" --post-hook "nginx" renew ``` ## MariaDB -
Mar 15, 2018 . 1 changed file with 6 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -83,7 +83,7 @@ Follow: https://certbot.eff.org/lets-encrypt/centosrhel7-nginx ``` 1. Request cert: ``` sudo certbot --nginx ``` - Go through the wizard carefully. 1. If all went well, your certs will be at `/etc/letsencrypt/live/sub1.domain.com/` and your `/etc/nginx/conf.d/default.conf` has been updated by cerbot automatically. @@ -189,6 +189,11 @@ Once everything is working, you can start adding more (sub)domains. </VirtualHost> ``` 1. Request SSL cert using certbot again, but this time pick the new domain: - EC2 - With Amazon Linux 2 ``` sudo certbot --nginx ``` - Lightsail ``` sudo /opt/letsencrypt/letsencrypt-auto --authenticator standalone --installer nginx --pre-hook "nginx -s stop" --post-hook "nginx" ``` -
Mar 15, 2018 . 1 changed file with 11 additions and 11 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -69,7 +69,7 @@ You can skip certain parts if you don't need it. ## SSL (Let's Encrypt) ### EC2 - Amazon Linux 2 Follow: https://certbot.eff.org/lets-encrypt/centosrhel7-nginx 1. Enable optional channel: @@ -111,32 +111,32 @@ Follow: https://certbot.eff.org/lets-encrypt/centosrhel7-nginx ``` ## MariaDB 1. Add yum repository. Create this file: `/etc/yum.repos.d/mariadb.repo`: - Refer https://mariadb.com/kb/en/library/yum/ - Repo Generator: https://downloads.mariadb.org/mariadb/repositories/ 1. Install: ``` sudo yum makecache sudo yum install MariaDB-server MariaDB-client -y ``` 1. If you install version `10.2` and above, the service name is `mariadb`, otherwise it's `mysql` 1. Start service: ``` sudo service mysql(or mariadb) start ``` 1. Secure your MariaDB installation: `sudo mysql_secure_installation` 1. Auto-start MariaDB on system start: `sudo chkconfig mysql(or mariadb) on` ## PHP 7.1 1. Install: `sudo yum install php71 -y` - If no package available, try remi: https://rpms.remirepo.net/wizard/ 1. Install PHP Modules - Run `yum search php71-` to search for available modules and just yum install it. ## Start All Services 1. `sudo service nginx start` 1. `sudo service httpd start` 1. `sudo service mysql(or mariadb) start` ## Add More (Sub)Domains -
Mar 15, 2018 . 1 changed file with 5 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -86,6 +86,11 @@ Follow: https://certbot.eff.org/lets-encrypt/centosrhel7-nginx sudo sudo certbot --nginx ``` - Go through the wizard carefully. 1. If all went well, your certs will be at `/etc/letsencrypt/live/sub1.domain.com/` and your `/etc/nginx/conf.d/default.conf` has been updated by cerbot automatically. * In the future, to renew: ``` certbot renew ``` ### Lightsail 1. Install Certbot: -
Mar 14, 2018 . 1 changed file with 20 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -68,6 +68,26 @@ You can skip certain parts if you don't need it. 1. Auto-start Apache on system start: `sudo chkconfig httpd on` ## SSL (Let's Encrypt) ### EC2 Follow: https://certbot.eff.org/lets-encrypt/centosrhel7-nginx 1. Enable optional channel: ``` sudo yum -y install yum-utils sudo yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional ``` 1. Install certbot: ``` sudo yum install certbot-nginx ``` 1. Request cert: ``` sudo sudo certbot --nginx ``` - Go through the wizard carefully. ### Lightsail 1. Install Certbot: ``` sudo yum install python27-devel git -y -
Mar 14, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -51,7 +51,7 @@ You can skip certain parts if you don't need it. ## Apache 1. Install: `sudo yum install httpd24 -y` - If no package available, refer https://stackoverflow.com/questions/37940661/aws-rhel7-missing-packages 1. Configure `/etc/httpd/conf/httpd.conf` as follows: ```httpd.conf Listen 8080 ``` -
Mar 14, 2018 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -50,6 +50,7 @@ You can skip certain parts if you don't need it. ## Apache 1. Install: `sudo yum install httpd24 -y` - If no package available, refer https://stackoverflow.com/questions/37940661/aws-rhel7-missing-packages 1. Configure `/etc/httpd/conf/default.conf` as follows: ```httpd.conf Listen 8080 -
Mar 14, 2018 . 1 changed file with 1 addition and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -19,6 +19,7 @@ You can skip certain parts if you don't need it. ## NGINX 1. Install: `sudo yum install nginx -y` - If no package available, refer https://aws.amazon.com/premiumsupport/knowledge-center/ec2-enable-epel/ 1. Configure this file: `/etc/nginx/conf.d/default.conf` to something like this: ```nginx.conf server { -
Mar 14, 2018 . 2 changed files with 10 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -35,6 +35,8 @@ You can skip certain parts if you don't need it. proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port 443; proxy_pass http://127.0.0.1:8080; } @@ -135,6 +137,8 @@ Once everything is working, you can start adding more (sub)domains. proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port 443; proxy_pass http://127.0.0.1:8080; } This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -12,6 +12,8 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port 443; proxy_pass http://127.0.0.1:8080; } @@ -38,13 +40,15 @@ server { index index.php index.html index.htm; location / { try_files $uri $uri/ /index.php$uri$is_args$args; } location ~ \.php { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Port 443; proxy_pass http://127.0.0.1:8080; } -
Mar 8, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -131,7 +131,7 @@ Once everything is working, you can start adding more (sub)domains. try_files $uri $uri/ /index.php$uri$is_args$args; } location ~ \.php { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; -
Mar 8, 2018 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -128,12 +128,12 @@ Once everything is working, you can start adding more (sub)domains. index index.php index.html index.htm; location / { try_files $uri $uri/ /index.php$uri$is_args$args; } location ~ \.php$ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_pass http://127.0.0.1:8080; } -
Feb 8, 2018 . 2 changed files with 6 additions and 6 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -28,12 +28,12 @@ You can skip certain parts if you don't need it. index index.php index.html index.htm; location / { try_files $uri $uri/ /index.php$uri$is_args$args; } location ~ \.php { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_pass http://127.0.0.1:8080; } This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -5,12 +5,12 @@ server { index index.php index.html index.htm; location / { try_files $uri $uri/ /index.php$uri$is_args$args; } location ~ \.php { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_pass http://127.0.0.1:8080; } -
Jan 17, 2018 . 1 changed file with 1 addition and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -47,9 +47,8 @@ You can skip certain parts if you don't need it. ## Apache 1. Install: `sudo yum install httpd24 -y` 1. Configure `/etc/httpd/conf/default.conf` as follows: ```httpd.conf Listen 8080 ``` 1. Configure virtual hosts at `/etc/httpd/conf.d/vhosts.conf`: -
Jan 17, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -174,8 +174,8 @@ Once everything is working, you can start adding more (sub)domains. ## Final Files for References You can view the final files down below. - [/etc/nginx/conf.d/default.conf](#file-default-conf) - [/etc/httpd/conf.d/vhosts.conf](#file-vhosts-conf) ## References: -
Jan 17, 2018 . 1 changed file with 3 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -171,11 +171,11 @@ Once everything is working, you can start adding more (sub)domains. 1. ??? 1. Profit. :D ## Final Files for References You can view the final files down below. - [/etc/httpd/conf.d/vhosts.conf](#file-vhosts-conf) - [/etc/nginx/conf.d/default.conf](#file-default-conf) ## References: -
Jan 17, 2018 . 3 changed files with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes.File renamed without changes.File renamed without changes. -
Jan 17, 2018 . 2 changed files with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes.File renamed without changes. -
Jan 17, 2018 . 3 changed files with 86 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,66 @@ server { listen 80; server_name sub1.domain.com; root /var/www/domain.com/sub1/public; index index.php index.html index.htm; location / { try_files $uri $uri/ /index.php; } location ~ \.php$ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_pass http://127.0.0.1:8080; } location ~ /\.ht { deny all; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/sub1.domain.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/sub1.domain.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot if ($scheme != "https"){ return 301 https://$host$request_uri; } # managed by Certbot } server { listen 80; server_name sub2.domain.com; root /var/www/domain.com/sub2/public; index index.php index.html index.htm; location / { try_files $uri $uri/ /index.php; } location ~ \.php$ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_pass http://127.0.0.1:8080; } location ~ /\.ht { deny all; } listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/sub2.domain.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/sub2.domain.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot if ($scheme != "https"){ return 301 https://$host$request_uri; } # managed by Certbot } This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -171,6 +171,12 @@ Once everything is working, you can start adding more (sub)domains. 1. ??? 1. Profit. :D ## Final files You can view the final files down below. - /etc/httpd/conf.d/vhosts.conf - /etc/nginx/conf.d/default.conf ## References: - https://gist.github.com/nrollr/56e933e6040820aae84f82621be16670 This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,14 @@ <VirtualHost 127.0.0.1:8080> ServerAdmin [email protected] DocumentRoot /var/www/domain.com/sub1/public/ ServerName sub1.domain.com ErrorLog logs/sub1.domain.com-error_log CustomLog logs/sub1.domain.com-access_log common </VirtualHost> <VirtualHost 127.0.0.1:8080> ServerAdmin [email protected] DocumentRoot /var/www/domain.com/sub2/public/ ServerName sub2.domain.com ErrorLog logs/sub1.domain.com-error_log CustomLog logs/sub1.domain.com-access_log common </VirtualHost> -
Jan 17, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -77,7 +77,7 @@ You can skip certain parts if you don't need it. ``` - Go through the wizard carefully. 1. If all went well, your certs will be at `/etc/letsencrypt/live/sub1.domain.com/` and your `/etc/nginx/conf.d/default.conf` has been updated by cerbot automatically. * In the future, to renew: ``` sudo /opt/letsencrypt/letsencrypt-auto --authenticator standalone --installer nginx --pre-hook "nginx -s stop" --post-hook "nginx" ``` -
Jan 17, 2018 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,4 @@ # Setting up Nginx-Apache Reverse Proxy, PHP, & MariaDB with SSL on EC2/Lightsail with Amazon Linux Final setup should consists of: -
Jan 17, 2018 . 1 changed file with 12 additions and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -116,11 +116,11 @@ Once everything is working, you can start adding more (sub)domains. 1. Create new directory for your subdomain: `sudo mkdir -p /var/www/domain.com/sub2/public` 1. Give ownership to current logged in user: `sudo chown $USER:$USER -R /var/www/domain.com/sub2/` 1. Edit `/etc/nginx/conf.d/default.conf` to add more domains, but without the ssl settings: ``` # 1st domain settings are up here, don't remove server { ... } # 1st domain settings are up here, don't remove server { listen 80; @@ -146,6 +146,10 @@ Once everything is working, you can start adding more (sub)domains. ``` 1. Edit Apache virtual hosts at `/etc/httpd/conf.d/vhosts.conf` to add more virtual host: ``` # 1st domain settings are up here, don't remove <VirtualHost 127.0.0.1:8080> ... </VirtualHost> # 1st domain settings are up here, don't remove <VirtualHost 127.0.0.1:8080> ServerAdmin [email protected] DocumentRoot /var/www/domain.com/sub2/public/ @@ -159,6 +163,11 @@ Once everything is working, you can start adding more (sub)domains. sudo /opt/letsencrypt/letsencrypt-auto --authenticator standalone --installer nginx --pre-hook "nginx -s stop" --post-hook "nginx" ``` - If all went well, your certs will be at `/etc/letsencrypt/live/sub2.domain.com/` and your `/etc/nginx/conf.d/default.conf` has been updated by cerbot automatically. 1. Restart NGINX & Apache: ``` sudo service nginx restart sudo service httpd restart ``` 1. ??? 1. Profit. :D -
Jan 17, 2018 . 1 changed file with 65 additions and 12 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -5,14 +5,17 @@ Final setup should consists of: 1. NGINX (reverse proxy & static contents) - Supports SSL ([Let's Encrypt](https://letsencrypt.org)). - Supports multiple domains, 1 IP. 1. Apache 2.4 (Dynamic content: PHP) 1. PHP 7.1 1. MariaDB 10.1 You can skip certain parts if you don't need it. ## Preparations 1. Create www directory if not exists yet: `sudo mkdir -p /var/www` 1. Give write permission: `sudo chmod -R 755 /var/www` 1. Create new directory for your subdomain: `sudo mkdir -p /var/www/domain.com/sub1/public` 1. Give ownership to current logged in user: `sudo chown $USER:$USER -R /var/www/domain.com/sub1/` ## NGINX 1. Install: `sudo yum install nginx -y` @@ -21,7 +24,7 @@ You can skip certain parts if you don't need it. server { listen 80; server_name sub1.domain.com; root /var/www/domain.com/sub1/public/; index index.php index.html index.htm; location / { @@ -53,14 +56,12 @@ You can skip certain parts if you don't need it. ``` <VirtualHost 127.0.0.1:8080> ServerAdmin [email protected] DocumentRoot /var/www/domain.com/sub1/public/ ServerName sub1.domain.com ErrorLog logs/sub1.domain.com-error_log CustomLog logs/sub1.domain.com-access_log common </VirtualHost> ``` 1. Auto-start Apache on system start: `sudo chkconfig httpd on` ## SSL (Let's Encrypt) @@ -75,11 +76,11 @@ You can skip certain parts if you don't need it. sudo /opt/letsencrypt/letsencrypt-auto --authenticator standalone --installer nginx --pre-hook "nginx -s stop" --post-hook "nginx" ``` - Go through the wizard carefully. 1. If all went well, your certs will be at `/etc/letsencrypt/live/sub1.domain.com/` and your `/etc/nginx/conf.d/default.conf` has been updated by cerbot automatically. * In the futurem, to renew: ``` sudo /opt/letsencrypt/letsencrypt-auto --authenticator standalone --installer nginx --pre-hook "nginx -s stop" --post-hook "nginx" ``` ## MariaDB 1. Add yum repository. Create this file: `/etc/yum.repos.d/maria.repo`: @@ -109,6 +110,58 @@ You can skip certain parts if you don't need it. 1. `sudo service httpd start` 1. `sudo service mysql start` ## Add More (Sub)Domains Once everything is working, you can start adding more (sub)domains. 1. Create new directory for your subdomain: `sudo mkdir -p /var/www/domain.com/sub2/public` 1. Give ownership to current logged in user: `sudo chown $USER:$USER -R /var/www/domain.com/sub2/` 1. Edit `/etc/nginx/conf.d/default.conf` to add more domains, but without the ssl setting: ``` # 1st domain settings up here, don't remove server { ... } # 1st domain settings up here, don't remove server { listen 80; server_name sub2.domain.com; root /var/www/domain.com/sub2/public/; index index.php index.html index.htm; location / { try_files $uri $uri/ /index.php; } location ~ \.php$ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_pass http://127.0.0.1:8080; } location ~ /\.ht { deny all; } } ``` 1. Edit Apache virtual hosts at `/etc/httpd/conf.d/vhosts.conf` to add more virtual host: ``` <VirtualHost 127.0.0.1:8080> ServerAdmin [email protected] DocumentRoot /var/www/domain.com/sub2/public/ ServerName sub2.domain.com ErrorLog logs/sub2.domain.com-error_log CustomLog logs/sub2.domain.com-access_log common </VirtualHost> ``` 1. Request SSL cert using certbot again, but this time pick the new domain: ``` sudo /opt/letsencrypt/letsencrypt-auto --authenticator standalone --installer nginx --pre-hook "nginx -s stop" --post-hook "nginx" ``` - If all went well, your certs will be at `/etc/letsencrypt/live/sub2.domain.com/` and your `/etc/nginx/conf.d/default.conf` has been updated by cerbot automatically. 1. ??? 1. Profit. :D ## References: - https://gist.github.com/nrollr/56e933e6040820aae84f82621be16670 -
Jan 17, 2018 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,121 @@ # Setting up Nginx-Apache Reverse Proxy, PHP, & MySQL on EC2/Lightsail with Amazon Linux Final setup should consists of: 1. NGINX (reverse proxy & static contents) - Supports SSL ([Let's Encrypt](https://letsencrypt.org)). - Supports multiple domains, 1 IP. 1. Apache (Dynamic content: PHP) 1. PHP 7 1. MariaDB You can skip certain parts if you don't need it. ## Preparations 1. Create new directory for your subdomain: `sudo mkdir /var/www/sub1.domain.com` ## NGINX 1. Install: `sudo yum install nginx -y` 1. Configure this file: `/etc/nginx/conf.d/default.conf` to something like this: ```nginx.conf server { listen 80; server_name sub1.domain.com; root /var/www/sub1.domain.com/public/; index index.php index.html index.htm; location / { try_files $uri $uri/ /index.php; } location ~ \.php$ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; proxy_pass http://127.0.0.1:8080; } location ~ /\.ht { deny all; } } ``` 1. Auto-start NGINX on system start: `sudo chkconfig nginx on` ## Apache 1. Install: `sudo yum install httpd24 -y` 1. Configure `/etc/httpd/conf/httpd.conf` as follows: ```httpd.conf NameVirtualHost 127.0.0.1:8080 # Only accessible from localhost Listen 8080 ``` 1. Configure virtual hosts at `/etc/httpd/conf.d/vhosts.conf`: ``` <VirtualHost 127.0.0.1:8080> ServerAdmin [email protected] DocumentRoot /var/www/sub1.domain.com/public/ ServerName sub1.domain.com ErrorLog logs/sub1.domain.com-error_log CustomLog logs/sub1.domain.com-access_log common </VirtualHost> ``` 1. Give ownership to current logged in user: `sudo chown $USER:$USER -R /var/www/sub1.domain.com/` 1. Give write permission: `sudo chmod -R 755 /var/www` 1. Auto-start Apache on system start: `sudo chkconfig httpd on` ## SSL (Let's Encrypt) 1. Install Certbot: ``` sudo yum install python27-devel git -y sudo git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt sudo /opt/letsencrypt/letsencrypt-auto --debug ``` 1. Request cert: ``` sudo /opt/letsencrypt/letsencrypt-auto --authenticator standalone --installer nginx --pre-hook "nginx -s stop" --post-hook "nginx" ``` - Go through the wizard carefully. - To renew: ``` sudo /opt/letsencrypt/letsencrypt-auto --authenticator standalone --installer nginx --pre-hook "nginx -s stop" --post-hook "nginx" ``` 1. If all went well, your certs will be at `/etc/letsencrypt/live/sub1.domain.com/` and your `/etc/nginx/conf.d/default.conf` has been updated by cerbot automatically. ## MariaDB 1. Add yum repository. Create this file: `/etc/yum.repos.d/maria.repo`: ``` [mariadb] name = MariaDB baseurl = http://yum.mariadb.org/10.1/centos6-amd64 gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck=1 ``` - Refer https://mariadb.com/kb/en/library/yum/ 1. Install: ``` sudo yum makecache sudo yum install MariaDB-server MariaDB-client -y ``` 1. Secure your MariaDB installation: `sudo mysql_secure_installation` 1. Auto-start MariaDB on system start: `sudo chkconfig mysql on` ## PHP 7.1 1. Install: `sudo yum install php71 -y` 1. Install PHP Modules - Run `yum search php71-` to search for available modules and just yum install it. ## Start All Services 1. `sudo service nginx start` 1. `sudo service httpd start` 1. `sudo service mysql start` ## References: - https://gist.github.com/nrollr/56e933e6040820aae84f82621be16670 - https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-reverse-proxy-for-apache - https://stackoverflow.com/questions/14434120/nginx-set-multiple-server-name-with-ssl-support - https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-centos-7 - https://certbot.eff.org/#centosrhel7-nginx - https://community.letsencrypt.org/t/solution-client-with-the-currently-selected-authenticator-does-not-support-any-combination-of-challenges-that-will-satisfy-the-ca/49983 - https://coderwall.com/p/e7gzbq/https-with-certbot-for-nginx-on-amazon-linux - https://mariadb.com/kb/en/library/yum/