Last active
May 24, 2017 17:48
-
-
Save peteroid/201c5a45ce0ac0787194f987c6d4f2e5 to your computer and use it in GitHub Desktop.
Setup Nginx with Certbot on Centos with some extras about SELinux
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## as root! | |
| sudo -s | |
| # Cannot resolve host: mirrorlist blah blah | |
| # need to add a standard nameserver, like Google DNS to /etc/resolv.conf | |
| cat "nameserver 8.8.8.8" >> /etc/resolv.conf | |
| # git is not installed | |
| yum install git | |
| # update yum first | |
| yum update | |
| # add nginx repo | |
| yum install epel-release | |
| # install nginx | |
| yum install nginx | |
| # edit nginx conf | |
| vi /etc/nginx/conf.d/your.conf | |
| # SELinux issue | |
| # http://stackoverflow.com/a/26228135/5233592 | |
| setenforce Permissive | |
| chcon -Rt httpd_sys_content_t /your/www/dir | |
| setenforce Enforcing | |
| systemctl restart nginx | |
| ## as normal user | |
| exit | |
| # clone certbot repo | |
| git clone https://github.com/certbot/certbot.git | |
| cd certbot | |
| # Certbot | |
| ./certbot-auto certonly --manual --email [email protected] -d your.domain | |
| # follow the instructions and get through the challenge | |
| ## SELinux | |
| # debug only | |
| sudo setenforce 0 # same as Permissive (disable SE) | |
| sudo setenforce 1 # same as Enforcing (enable SE) | |
| # enable port for http access | |
| sudo semanage port -a -t http_port_t -p tcp 3000 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment