michaelmano · June 15, 2018 06:26
diff --git a/cloudflare.ssl b/cloudflare.ssl
 # Clone the files
 git clone [email protected]:Neilpang/acme.sh.git /home/ubuntu/.acme.sh

 # Edit https://github.com/Neilpang/acme.sh/blob/master/dnsapi/dns_cf.sh#L4 and https://github.com/Neilpang/acme.sh/blob/master/dnsapi/dns_cf.sh#L6 and add your cloudflare API Key and email
 nano /home/ubuntu/.acme.sh/dnsapi/dns_cf.sh

 # Run
 ./acme.sh --issue -d example.com -d '*.example.com' --dns dns_cf

 # Now create the cronjob to renew it

 sudo crontab -e 
 # add the following 
 0 0 * * * "/home/ubuntu/.acme.sh"/acme.sh --cron --home "/home/ubuntu/.acme.sh" > /dev/null

 # Create the folder and run the install command
 sudo mkdir /etc/nginx/certs/example.com/ && \
 sudo /home/ubuntu/.acme.sh/acme.sh --install-cert -d example.com \
 --cert-file /etc/nginx/certs/example.com/cert.pem \
 --key-file /etc/nginx/certs/example.com/key.pem \
 --fullchain-file /etc/nginx/certs/example.com/fullchain.pem \
 --reloadcmd "sudo service nginx restart"

 # Edit your /etc/nginx/sites-available/exmaple.com.conf


 server {
       listen         80;
       listen    [::]:80;
       server_name sub.example.com;
       return         301 https://$server_name$request_uri;
 }

 server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    root /var/www/bcm-status;

    index index.php index.html;

    server_name sub.example.com;

    ssl_certificate      /etc/nginx/certs/example.com/fullchain.pem;
    ssl_certificate_key  /etc/nginx/certs/example.com/key.pem;
  
    # Improve HTTPS performance with session resumption
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 5m;

    # Enable server-side protection against BEAST attacks
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
    
    # Disable SSLv3
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    add_header 'Access-Control-Allow-Origin' '*';
    add_header 'Access-Control-Allow-Headers' 'origin, content-type, accept';
    
    allow 220.101.23.227;
    deny all;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~* (index)\.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.1-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }
 }
diff --git a/manual-dns.ssl b/manual-dns.ssl
 git clone [email protected]:Neilpang/acme.sh.git /home/ubuntu/.acme.sh

 cd /home/ubuntu/.acme.sh

 ./acme.sh --issue -d example.com -d 'st.example.com' -d '*.st.example.com' --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please
 ./acme.sh --renew -d example.com -d 'st.example.com' -d '*.st.example.com' --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please

 # Create the folder and run the install command
 sudo mkdir /etc/nginx/certs/ && \
 sudo mkdir /etc/nginx/certs/example.com/ && \
 sudo /home/ubuntu/.acme.sh/acme.sh --install-cert -d example.com \
 --cert-file /etc/nginx/certs/example.com/cert.pem \
 --key-file /etc/nginx/certs/example.com/key.pem \
 --fullchain-file /etc/nginx/certs/example.com/fullchain.pem \
 --reloadcmd "sudo service nginx restart"



 # Edit your /etc/nginx/sites-available/exmaple.com.conf


 server {
       listen         80;
       listen    [::]:80;
       server_name sub.example.com;
       return         301 https://$server_name$request_uri;
 }

 server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    root /var/www/bcm-status;

    index index.php index.html;

    server_name sub.example.com;

    ssl_certificate      /etc/nginx/certs/example.com/fullchain.pem;
    ssl_certificate_key  /etc/nginx/certs/example.com/key.pem;
  
    # Improve HTTPS performance with session resumption
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 5m;

    # Enable server-side protection against BEAST attacks
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
    
    # Disable SSLv3
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    add_header 'Access-Control-Allow-Origin' '*';
    add_header 'Access-Control-Allow-Headers' 'origin, content-type, accept';
    
    allow 220.101.23.227;
    deny all;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~* (index)\.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.1-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }
 }
	# Clone the files
	git clone [email protected]:Neilpang/acme.sh.git /home/ubuntu/.acme.sh

	# Edit https://github.com/Neilpang/acme.sh/blob/master/dnsapi/dns_cf.sh#L4 and https://github.com/Neilpang/acme.sh/blob/master/dnsapi/dns_cf.sh#L6 and add your cloudflare API Key and email
	nano /home/ubuntu/.acme.sh/dnsapi/dns_cf.sh

	# Run
	./acme.sh --issue -d example.com -d '*.example.com' --dns dns_cf

	# Now create the cronjob to renew it

	sudo crontab -e
	# add the following
	0 0 * * * "/home/ubuntu/.acme.sh"/acme.sh --cron --home "/home/ubuntu/.acme.sh" > /dev/null

	# Create the folder and run the install command
	sudo mkdir /etc/nginx/certs/example.com/ && \
	sudo /home/ubuntu/.acme.sh/acme.sh --install-cert -d example.com \
	--cert-file /etc/nginx/certs/example.com/cert.pem \
	--key-file /etc/nginx/certs/example.com/key.pem \
	--fullchain-file /etc/nginx/certs/example.com/fullchain.pem \
	--reloadcmd "sudo service nginx restart"

	# Edit your /etc/nginx/sites-available/exmaple.com.conf


	server {
	listen 80;
	listen [::]:80;
	server_name sub.example.com;
	return 301 https://$server_name$request_uri;
	}

	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	root /var/www/bcm-status;

	index index.php index.html;

	server_name sub.example.com;

	ssl_certificate /etc/nginx/certs/example.com/fullchain.pem;
	ssl_certificate_key /etc/nginx/certs/example.com/key.pem;

	# Improve HTTPS performance with session resumption
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 5m;

	# Enable server-side protection against BEAST attacks
	ssl_prefer_server_ciphers on;
	ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

	# Disable SSLv3
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

	add_header 'Access-Control-Allow-Origin' '*';
	add_header 'Access-Control-Allow-Headers' 'origin, content-type, accept';

	allow 220.101.23.227;
	deny all;

	location / {
	try_files $uri $uri/ /index.php?$query_string;
	}

	location ~* (index)\.php$ {
	include snippets/fastcgi-php.conf;
	fastcgi_pass unix:/run/php/php7.1-fpm.sock;
	}

	location ~ /\.ht {
	deny all;
	}
	}
	git clone [email protected]:Neilpang/acme.sh.git /home/ubuntu/.acme.sh

	cd /home/ubuntu/.acme.sh

	./acme.sh --issue -d example.com -d 'st.example.com' -d '*.st.example.com' --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please
	./acme.sh --renew -d example.com -d 'st.example.com' -d '*.st.example.com' --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please

	# Create the folder and run the install command
	sudo mkdir /etc/nginx/certs/ && \
	sudo mkdir /etc/nginx/certs/example.com/ && \
	sudo /home/ubuntu/.acme.sh/acme.sh --install-cert -d example.com \
	--cert-file /etc/nginx/certs/example.com/cert.pem \
	--key-file /etc/nginx/certs/example.com/key.pem \
	--fullchain-file /etc/nginx/certs/example.com/fullchain.pem \
	--reloadcmd "sudo service nginx restart"



	# Edit your /etc/nginx/sites-available/exmaple.com.conf


	server {
	listen 80;
	listen [::]:80;
	server_name sub.example.com;
	return 301 https://$server_name$request_uri;
	}

	server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	root /var/www/bcm-status;

	index index.php index.html;

	server_name sub.example.com;

	ssl_certificate /etc/nginx/certs/example.com/fullchain.pem;
	ssl_certificate_key /etc/nginx/certs/example.com/key.pem;

	# Improve HTTPS performance with session resumption
	ssl_session_cache shared:SSL:10m;
	ssl_session_timeout 5m;

	# Enable server-side protection against BEAST attacks
	ssl_prefer_server_ciphers on;
	ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

	# Disable SSLv3
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

	add_header 'Access-Control-Allow-Origin' '*';
	add_header 'Access-Control-Allow-Headers' 'origin, content-type, accept';

	allow 220.101.23.227;
	deny all;

	location / {
	try_files $uri $uri/ /index.php?$query_string;
	}

	location ~* (index)\.php$ {
	include snippets/fastcgi-php.conf;
	fastcgi_pass unix:/run/php/php7.1-fpm.sock;
	}

	location ~ /\.ht {
	deny all;
	}
	}