• hermes.liberespace.org

# mkdir /srv/repair-cafe.liberespace.org

# editor /etc/nginx/sites-available/repair-cafe.liberespace.org.conf

server {
  listen 80;
  listen [::]:80;
  
  server_name repair-cafe.liberespace.org;

  access_log /var/log/nginx/repair-cafe.liberespace.org_access.log;
  error_log /var/log/nginx/repair-cafe.liberespace.org_error.log;
  
  root /srv/repair-cafe.liberespace.org;
  index index.html;

  location / {
    try_files $uri $uri/ =404;
  }

}

# ln -s /etc/nginx/sites-available/repair-cafe.liberespace.org.conf /etc/nginx/sites-enabled/

# nginx -t

# cp /var/www/html/index.nginx-debian.html /srv/repair-cafe.liberespace.org/index.html

# systemctl reload nginx

# certbot certonly --nginx --agree-tos --email root@liberespace.org -d repair-cafe.liberespace.org -n

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Obtaining a new certificate
Performing the following challenges:
tls-sni-01 challenge for repair-cafe.liberespace.org
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/repair-cafe.liberespace.org/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/repair-cafe.liberespace.org/privkey.pem
   Your cert will expire on 2018-03-15. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

# editor /etc/nginx/sites-available/repair-cafe.liberespace.org.conf

server {
  listen 80;
  listen [::]:80;
  
  server_name repair-cafe.liberespace.org;

  access_log /var/log/nginx/repair-cafe.liberespace.org_access.log;
  error_log /var/log/nginx/repair-cafe.liberespace.org_error.log;
  
  return 301 https://repair-cafe.liberespace.org$request_uri;

}

server {
  listen 443 ssl;
  listen [::]:443 ssl;

  server_name repair-cafe.liberespace.org;

  access_log /var/log/nginx/repair-cafe.liberespace.org_access.log;
  error_log /var/log/nginx/repair-cafe.liberespace.org_error.log;

  root /srv/repair-cafe.liberespace.org;
  index index.html;

  include /etc/letsencrypt/options-ssl-nginx.conf;

  ssl_certificate /etc/letsencrypt/live/repair-cafe.liberespace.org/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/repair-cafe.liberespace.org/privkey.pem;

  location / {
    try_files $uri $uri/ =404;
  }

}

# nginx -t

# systemctl reload nginx

   # apt install php7.0-fpm php7.0-gd php7.0-xml

Lecture des listes de paquets... Fait
Construction de l'arbre des dépendances       
Lecture des informations d'état... Fait
Le paquet suivant a été installé automatiquement et n'est plus nécessaire :
  gcc-6-base
Veuillez utiliser « apt autoremove » pour le supprimer.
Les paquets supplémentaires suivants seront installés : 
  php-common php7.0-cli php7.0-common php7.0-json php7.0-opcache php7.0-readline psmisc
Paquets suggérés :
  php-pear
Les NOUVEAUX paquets suivants seront installés :
  php-common php7.0-cli php7.0-common php7.0-fpm php7.0-gd php7.0-json php7.0-opcache php7.0-readline php7.0-xml psmisc
0 mis à jour, 10 nouvellement installés, 0 à enlever et 12 non mis à jour.
Il est nécessaire de prendre 3 868 ko dans les archives.
Après cette opération, 15,3 Mo d'espace disque supplémentaires seront utilisés.
Souhaitez-vous continuer ? [O/n]

# cat /etc/nginx/sites-available/repair-cafe.liberespace.org.conf

server {
  listen 80;
  listen [::]:80;
  
  server_name repair-cafe.liberespace.org;

  access_log /var/log/nginx/repair-cafe.liberespace.org_access.log;
  error_log /var/log/nginx/repair-cafe.liberespace.org_error.log;
  
  return 301 https://repair-cafe.liberespace.org$request_uri;

}

server {
  listen 443 ssl;
  listen [::]:443 ssl;

  server_name repair-cafe.liberespace.org;

  access_log /var/log/nginx/repair-cafe.liberespace.org_access.log;
  error_log /var/log/nginx/repair-cafe.liberespace.org_error.log;

  root /srv/repair-cafe.liberespace.org;
  index index.html;

  include /etc/letsencrypt/options-ssl-nginx.conf;

  ssl_certificate /etc/letsencrypt/live/repair-cafe.liberespace.org/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/repair-cafe.liberespace.org/privkey.pem;

  location / {
    try_files $uri $uri/ =404;
  }

}

# sed -i "s#index index.html;#index index.html index.php;#" /etc/nginx/sites-available/repair-cafe.liberespace.org.conf
# sed -i "s#  location / {#  location ~ \.php$ {\n    include snippets/fastcgi-php.conf;\n    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;\n  }\n\n  location / {#" /etc/nginx/sites-available/repair-cafe.liberespace.org.conf
# systemctl restart nginx

# cat /etc/nginx/sites-available/repair-cafe.liberespace.org.conf

server {
  listen 80;
  listen [::]:80;
  
  server_name repair-cafe.liberespace.org;

  access_log /var/log/nginx/repair-cafe.liberespace.org_access.log;
  error_log /var/log/nginx/repair-cafe.liberespace.org_error.log;
  
  return 301 https://repair-cafe.liberespace.org$request_uri;

}

server {
  listen 443 ssl;
  listen [::]:443 ssl;

  server_name repair-cafe.liberespace.org;

  access_log /var/log/nginx/repair-cafe.liberespace.org_access.log;
  error_log /var/log/nginx/repair-cafe.liberespace.org_error.log;

  root /srv/repair-cafe.liberespace.org;
  index index.html index.php;

  include /etc/letsencrypt/options-ssl-nginx.conf;

  ssl_certificate /etc/letsencrypt/live/repair-cafe.liberespace.org/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/repair-cafe.liberespace.org/privkey.pem;

  location ~ .php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
  }

  location / {
    try_files $uri $uri/ =404;
  }

}