Счетчик

Яндекс.Метрика
Cервер и сайт запущен 2011.02.01 на Debian

Начало пути с ngixn

apt install ca-certificates apt-transport-https

wget -q https://packages.sury.org/php/apt.gpg -O- | apt-key add -

echo "deb https://packages.sury.org/php/ stretch main" | tee /etc/apt/sources.list.d/php.list

apt update

apt install php7.2-fpm php7.2-cli php7.2-common php7.2-curl php7.2-mbstring php7.2-mysql php7.2-xml php7.2-gd php7.2-zip php7.2-bcmath

service php7.2-fpm reload

apt install nginx

_____________________________________________________________________________________________________________________________________

server {

        charset utf-8;

        client_max_body_size 128M;

        listen 80; ## listen for ipv4

        server_name *.superskid.ru superskid.ru;

                              

                               include inc_letsencrypt;

                               # Редирект с http на https.

    location / {

        return 301 https://superskid.ru$request_uri;

    }

        root        /var/www/superskid.ru/$subdomain/web;

                              

                               set $subdomain "";

    if ($host ~* ^([a-z0-9-\.]+)\.superskid.ru$) {

        set $subdomain $1;

    }

    if ($host ~* ^www.superskid.ru$) {

        set $subdomain "";

    }

                              

                              

                              

                              

        index       index.php;

        access_log  /var/log/nginx/ngixn-access.log;

        error_log   /var/log/nginx/ngixn-error.log;

                              

        location ~ ^/assets/.*\.php$ {

            deny all;

        }

       location ~ \.php$ {

            include fastcgi_params;

            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

            fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;

            try_files $uri =404;

        }

         location ~* /\. {

            deny all;

        }

                              

                                 

    }

    

   

                server {

    listen 443 ssl http2;

    listen [::]:443 ssl http2;

    server_name *.superskid.ru superskid.ru;

    # Подключаем все необходимое для ssl.

    ssl on;

ssl_certificate /etc/letsencrypt/live/superskid.ru-0001/fullchain.pem;

ssl_certificate_key /etc/letsencrypt/live/superskid.ru-0001/privkey.pem;

ssl_session_timeout 1d;

ssl_session_cache shared:SSL:50m;

ssl_session_tickets off;

ssl_dhparam /etc/nginx/dhparam.pem;

ssl_protocols TLSv1.2;

ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';

ssl_prefer_server_ciphers on;

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

ssl_stapling on;

ssl_stapling_verify on;

ssl_trusted_certificate /etc/letsencrypt/live/superskid.ru-0001/chain.pem;

resolver 8.8.8.8;

            root        /var/www/superskid.ru/$subdomain/web;

                              

                               set $subdomain "";

    if ($host ~* ^([a-z0-9-\.]+)\.superskid.ru$) {

        set $subdomain $1;

    }

    if ($host ~* ^www.superskid.ru$) {

        set $subdomain "";

    }

               

    index index.php;

    add_header X-Frame-Options "SAMEORIGIN";

    add_header x-xss-protection "1; mode=block" always;

    add_header X-Content-Type-Options "nosniff" always;

    location / {

        try_files $uri $uri/ /index.php$is_args$args;

    }

    location ~ ^/assets/.*\.php$ {

            deny all;

        }

       location ~ \.php$ {

            include fastcgi_params;

            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

            fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;

            try_files $uri =404;

        }

         location ~* /\. {

            deny all;

        }

                              

                              

                                       access_log  /var/log/nginx/frontend-access.log;

        error_log   /var/log/nginx/frontend-error.log;

                              

    }

 ___________________________________________________________________________________________________________________             

ln -s /etc/nginx/sites-available/superskid.ru /etc/nginx/sites-enabled/superskid.ru

service nginx reload

nginx -t

apt install python-certbot-nginx

Пример теста получения сертификата:

 certbot certonly --manual -d *.superskid.ru --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory

Добавляем записи в DNS TXT

Кроме сертификата необходимо сгенерировать ключ:

openssl dhparam -out /etc/nginx/dhparam.pem 4096

apt install mysql-server php7.2-mysql phpmyadmin

Приустановки phpmyadmin ни каких модулей не выбираем, оставляем пустое окно и нажимаем далее

mysql_secure_installation

Remove anonymous users? : y

Disallow root login remotely? : y

Remove test database and access to it? : y

Reload privilege tables now? : y

Перевыпуск сертификатов

certbot renew

Партнеры

skid.crm

Система СКИД - онлайн приложение

для автоматизации строительного
контроля и ведения документации
по строительным объектам