infra

Setup an Nginx server with SSL in one command line

Sang

2 min read
Setup an Nginx server with SSL in one command line

Recently, due to the need for multiple servers/domain management personally, I feel waste of time to config the server one by one. Especially, when server restart, migration, upgrade, SSL certificate update.

Thus, I have made a Github project to accomplish this task automatically. This project has the following advantages

  • Almost zero dependence: all you need is docker. It even does not require any reversed proxy server like Nginx, Apache (httpd) installed.
  • Simple usage: all operations are accomplished in just ONE command with ZERO argument. Everything is done underneath.
  • Secured and high performance: the default configuration is built based on h5bp configuration.
  • High customizable: you can configure Nginx as you like without touching the bash script or docker image.
  • Versatile: support multiple domains in the same server, automatic SSL refresh, automatic restart Nginx server if SSH certification is updated.
  • Open-source
  • Slack webhook notification if there is an error when refreshing the SSL certificate.

Usage

  • Make sure there is no process listening to port 80 or 443 via sudo netstat -tulnp or more precise with
sudo netstat -tulnp | grep :80
sudo netstat -tulnp | grep :443
  • Change the DNS setting in your domain provider control panel to point to your server. This step is required to verify the SSL certificate
  • Download the project from github repository
git clone https://github.com/tranvansang/ssl
  • Go to the project directory cd ssl
  • Setup your domain and listening port
cp .env.example .env
# edit .env
cat .env

The environment file is as below with mydomain1.com myadmin.mydomain2.com are domain names, 8082 8081 are local listening port, respectively.
SLACK_WEBHOOOK_URL is a slack webhook URL to send an error if there is when refreshing an SSL certificate. If this variable is empty, the error will be printed locally only without sending it to the slack channel.

DOMAINS=mydomain1.com,myadmin.mydomain2.com
PORTS=8082,8081
#slack webhook can be empty
SLACK_WEBHOOK_URL=https://hooks.slack.com/services/TB1MYMSUX/some/hook-id
EMAIL=info@transang.me

CERTBOT_VER=v0.33.1
NGINX_VER=1.17.1
NGINX_DOCKER_FLAG=
  • Now, execute ./run.sh to start/restart the Nginx server
  • To automatically check for SSL certificate update and server restart, add the following crontab via crontab -e
0 15 * * * $HOME/ssl/watch.sh

Customization

In addition, to customize Nginx configuration. You need to do all steps above. Then, there will be a file named nginx.conf in build/ directory. Copy this file to the root directory of the project cp build/nginx.conf ..

Modify ./nginx.conf with your own customization, then re-run ./run.sh. From now on customized configuration will be used to restart the Nginx server instead of the default.

How to stop the server

Run ./run.sh stop to stop the running server.

Happy coding!

xem tiếng việt

Buy Me A Coffee

Sign up for more like this.

Enter your email
Subscribe