John Efemer johnefemer

How to setup Let's Encrypt for Nginx on Ubuntu 18.04 (including IPv6, HTTP/2 and A+ SLL rating)

Virtual hosts

Let's say you want to host domains first.com and second.com.

Create folders for their files:

How to setup Let's Encrypt for Nginx on Ubuntu 16.04 (including IPv6, HTTP/2 and A+ SLL rating)

There are two main modes to run the Let's Encrypt client (called Certbot):

Standalone: replaces the webserver to respond to ACME challenges
Webroot: needs your webserver to serve challenges from a known folder.

Webroot is better because it doesn't need to replace Nginx (to bind to port 80).

In the following, we're setting up mydomain.com. HTML is served from /var/www/mydomain, and challenges are served from /var/www/letsencrypt.

Adjusting child processes for PHP-FPM (Nginx)

When setting these options consider the following:

How long is your average request?
What is the maximum number of simultaneous visitors the site(s) get?
How much memory on average does each child process consume?

Determine if the max_children limit has been reached.

sudo grep max_children /var/log/php?.?-fpm.log.1 /var/log/php?.?-fpm.log

Drupal 8 Cheatsheet

Files, Images and Media

// Load file object
$file = File::load($fid);

// Get uri (public://foo/bar/baz.png)
$uri = $file-&gt;getFileUri();

If .DS_Store was never added to your git repository, simply add it to your .gitignore file.

If you don't have one, create a file called

.gitignore

In your the root directory of your app and simply write

🚨 2020 Update: I recommend using mkcert to generate local certificates. You can do everything below by just running the commands brew install mkcert and mkcert -install. Keep it simple!

This gives you that beautiful green lock in Chrome. I'm assuming you're putting your SSL documents in /etc/ssl, but you can put them anywhere and replace the references in the following commands. Tested successfully on Mac OS Sierra and High Sierra.

Set up `localhost.conf`

sudo nano /etc/ssl/localhost/localhost.conf

	#!/usr/bin/env python
	# -- mode: python; coding: utf-8-unix --
	import sys
	import os.path
	import smtplib

	if len(sys.argv) <= 2:
	print('Usage:')
	print(' $ python ' + sys.argv[0] + ' mailfrom rcptto <emlfile>')
	print

	# Based on https://steveholgado.com/nginx-for-nextjs/

	# - /var/cache/nginx sets a directory to store the cached assets
	# - levels=1:2 sets up a two‑level directory hierarchy as file access speed can be reduced when too many files are in a single directory
	# - keys_zone=STATIC:10m defines a shared memory zone for cache keys named “STATIC” and with a size limit of 10MB (which should be more than enough unless you have thousands of files)
	# - inactive=7d is the time that items will remain cached without being accessed (7 days), after which they will be removed
	# - use_temp_path=off tells NGINX to write files directly to the cache directory and avoid unnecessary copying of data to a temporary storage area first
	proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=STATIC:10m inactive=7d use_temp_path=off;

	upstream nextjs_upstream {

	// Export database in gzip form
	mysqldump -u user -p database \| gzip > database.sql.gz

	// Import database from gzip form
	gunzip < database.sql.gz \| mysql -u user -p database