Skip to content

Instantly share code, notes, and snippets.

View keevitaja's full-sized avatar
💭
building jedmud

Tanel Tammik keevitaja

💭
building jedmud
View GitHub Profile
@keevitaja
keevitaja / letsencrypt_2017.md
Created May 9, 2018 09:35 — forked from cecilemuller/letsencrypt_2020.md
How to setup Let's Encrypt for Nginx on Ubuntu 16.04 (including IPv6, HTTP/2 and A+ SLL rating)

How to setup Let's Encrypt for Nginx on Ubuntu 16.04 (including IPv6, HTTP/2 and A+ SLL rating)

There are two main modes to run the Let's Encrypt client (called Certbot):

  • Standalone: replaces the webserver to respond to ACME challenges
  • Webroot: needs your webserver to serve challenges from a known folder.

Webroot is better because it doesn't need to replace Nginx (to bind to port 80).

In the following, we're setting up mydomain.com. HTML is served from /var/www/mydomain, and challenges are served from /var/www/letsencrypt.

@keevitaja
keevitaja / nginx.conf
Created May 9, 2018 09:17 — forked from nrollr/nginx.conf
NGINX config for SSL with Let's Encrypt certs
# Advanced config for NGINX
server_tokens off;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
# Redirect all HTTP traffic to HTTPS
server {
listen 80;
server_name www.domain.com domain.com;
return 301 https://$host$request_uri;
@keevitaja
keevitaja / default.vcl
Created April 30, 2018 05:55 — forked from kamigerami/default.vcl
haproxy + ssl -> varnish -> back to haproxy for loadbalancing to --> backend0/1/2 (webhost)
# This versions uses ELB loadbalancing
# The ELB points to these two HAProxy hosts
# The C-name of the Domain points to the ELB
# ELB -> HAPROXY 1 or 2 -> Varnish --> HIT or MISS --> HAPROXY 1 or 2 -> Backend 1/2/3
vcl 4.0;
import directors;
backend haproxy1 {
.host = "172.31.xx.235"; # back to HAPROXY-1 internal address
.port = "8080";
.probe = {