Gestion du site (HTML et CSS) du Repair Café
Frédéric Lehobey 2017-15-15
Serveur virtuel
# mkdir /srv/repair-cafe.liberespace.org
# editor /etc/nginx/sites-available/repair-cafe.liberespace.org.conf
server {
listen 80;
listen [::]:80;
server_name repair-cafe.liberespace.org;
access_log /var/log/nginx/repair-cafe.liberespace.org_access.log;
error_log /var/log/nginx/repair-cafe.liberespace.org_error.log;
root /srv/repair-cafe.liberespace.org;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
# ln -s /etc/nginx/sites-available/repair-cafe.liberespace.org.conf /etc/nginx/sites-enabled/
# nginx -t
# cp /var/www/html/index.nginx-debian.html /srv/repair-cafe.liberespace.org/index.html
# systemctl reload nginx
Certificat
# certbot certonly --nginx --agree-tos --email root@liberespace.org -d repair-cafe.liberespace.org -n
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for repair-cafe.liberespace.org
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/repair-cafe.liberespace.org/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/repair-cafe.liberespace.org/privkey.pem
Your cert will expire on 2018-03-15. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
HTTPS
# editor /etc/nginx/sites-available/repair-cafe.liberespace.org.conf
server {
listen 80;
listen [::]:80;
server_name repair-cafe.liberespace.org;
access_log /var/log/nginx/repair-cafe.liberespace.org_access.log;
error_log /var/log/nginx/repair-cafe.liberespace.org_error.log;
return 301 https://repair-cafe.liberespace.org$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name repair-cafe.liberespace.org;
access_log /var/log/nginx/repair-cafe.liberespace.org_access.log;
error_log /var/log/nginx/repair-cafe.liberespace.org_error.log;
root /srv/repair-cafe.liberespace.org;
index index.html;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_certificate /etc/letsencrypt/live/repair-cafe.liberespace.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/repair-cafe.liberespace.org/privkey.pem;
location / {
try_files $uri $uri/ =404;
}
}
# nginx -t
# systemctl reload nginx
Adelin PIAU 2018-02-05
PHP
# apt install php7.0-fpm php7.0-gd php7.0-xml
Lecture des listes de paquets... Fait
Construction de l'arbre des dépendances
Lecture des informations d'état... Fait
Le paquet suivant a été installé automatiquement et n'est plus nécessaire :
gcc-6-base
Veuillez utiliser « apt autoremove » pour le supprimer.
Les paquets supplémentaires suivants seront installés :
php-common php7.0-cli php7.0-common php7.0-json php7.0-opcache php7.0-readline psmisc
Paquets suggérés :
php-pear
Les NOUVEAUX paquets suivants seront installés :
php-common php7.0-cli php7.0-common php7.0-fpm php7.0-gd php7.0-json php7.0-opcache php7.0-readline php7.0-xml psmisc
0 mis à jour, 10 nouvellement installés, 0 à enlever et 12 non mis à jour.
Il est nécessaire de prendre 3 868 ko dans les archives.
Après cette opération, 15,3 Mo d'espace disque supplémentaires seront utilisés.
Souhaitez-vous continuer ? [O/n]
# cat /etc/nginx/sites-available/repair-cafe.liberespace.org.conf
server {
listen 80;
listen [::]:80;
server_name repair-cafe.liberespace.org;
access_log /var/log/nginx/repair-cafe.liberespace.org_access.log;
error_log /var/log/nginx/repair-cafe.liberespace.org_error.log;
return 301 https://repair-cafe.liberespace.org$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name repair-cafe.liberespace.org;
access_log /var/log/nginx/repair-cafe.liberespace.org_access.log;
error_log /var/log/nginx/repair-cafe.liberespace.org_error.log;
root /srv/repair-cafe.liberespace.org;
index index.html;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_certificate /etc/letsencrypt/live/repair-cafe.liberespace.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/repair-cafe.liberespace.org/privkey.pem;
location / {
try_files $uri $uri/ =404;
}
}
# sed -i "s#index index.html;#index index.html index.php;#" /etc/nginx/sites-available/repair-cafe.liberespace.org.conf
# sed -i "s# location / {# location ~ \.php$ {\n include snippets/fastcgi-php.conf;\n fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;\n }\n\n location / {#" /etc/nginx/sites-available/repair-cafe.liberespace.org.conf
# systemctl restart nginx
# cat /etc/nginx/sites-available/repair-cafe.liberespace.org.conf
server {
listen 80;
listen [::]:80;
server_name repair-cafe.liberespace.org;
access_log /var/log/nginx/repair-cafe.liberespace.org_access.log;
error_log /var/log/nginx/repair-cafe.liberespace.org_error.log;
return 301 https://repair-cafe.liberespace.org$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name repair-cafe.liberespace.org;
access_log /var/log/nginx/repair-cafe.liberespace.org_access.log;
error_log /var/log/nginx/repair-cafe.liberespace.org_error.log;
root /srv/repair-cafe.liberespace.org;
index index.html index.php;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_certificate /etc/letsencrypt/live/repair-cafe.liberespace.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/repair-cafe.liberespace.org/privkey.pem;
location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}
location / {
try_files $uri $uri/ =404;
}
}
Adelin PIAU 2018-02-10
Conf Nginx
# sed "s#location / {#include /etc/nginx/sites-available/access_repair-cafe.conf;\n\n location / {#" /etc/nginx/sites-available/repair-cafe.liberespace.org.conf
# cat /etc/nginx/sites-available/repair-cafe.liberespace.org.conf
server {
listen 80;
listen [::]:80;
server_name repair-cafe.liberespace.org;
access_log /var/log/nginx/repair-cafe.liberespace.org_access.log;
error_log /var/log/nginx/repair-cafe.liberespace.org_error.log;
return 301 https://repair-cafe.liberespace.org$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name repair-cafe.liberespace.org;
access_log /var/log/nginx/repair-cafe.liberespace.org_access.log;
error_log /var/log/nginx/repair-cafe.liberespace.org_error.log;
root /srv/repair-cafe.liberespace.org;
index index.html index.php;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_certificate /etc/letsencrypt/live/repair-cafe.liberespace.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/repair-cafe.liberespace.org/privkey.pem;
location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}
include /etc/nginx/sites-available/access_repair-cafe.conf;
location / {
try_files $uri $uri/ =404;
}
}
# editor /etc/nginx/sites-available/access_repair-cafe.conf
# accès
location ~ /blog/update.*$ {
deny all;
return 404;
}
location ~ /blog/data/(articles|commentaires|configuration|statiques|index.html).*$ {
deny all;
return 404;
}