mojo acme nginx

mojo

# Setup perlbrew + carton
#   https://gist.github.com/s1037989/03b9fcf4e4ee0bfe890b7e529965c315
# Configure nginx for SSL with LE
#   http://blog.mojolicious.org/post/157710119941/configuring-nginx-for-ssl-with-lets-encrypt
# cat /usr/sbin/mojo-acme 
#   use Mojolicious::Lite;
#   app->log->path('/var/log/mojo-acme.log');
#   plugin 'ACME';
#   app->start;
# Start mojo-acme
#   PERL5LIB=/home/ubuntu/.perlbrew/libs/perl-5.26.0@carton/lib/perl5 /home/ubuntu/perl5/perlbrew/perls/perl-5.26.0/bin/perl /home/ubuntu/.perlbrew/libs/perl-5.26.0@carton/bin/hypnotoad /usr/sbin/mojo-acme 
# One time: register an account
#   PERL5LIB=/home/ubuntu/.perlbrew/libs/perl-5.26.0@carton/lib/perl5 /home/ubuntu/perl5/perlbrew/perls/perl-5.26.0/bin/perl /usr/sbin/mojo-acme acme account register -a /etc/nginx/ssl/mojo-acme.key
# In cron: generate cert
#   PERL5LIB=/home/ubuntu/.perlbrew/libs/perl-5.26.0@carton/lib/perl5 /home/ubuntu/perl5/perlbrew/perls/perl-5.26.0/bin/perl /usr/sbin/mojo-acme acme cert generate -a /etc/nginx/ssl/mojo-acme.key -n /etc/nginx/ssl/mojo ama.kit.cm 

$ cat /etc/nginx/sites-enabled/mojo
server {
  listen 80 default_server;
  location /.well-known/ {
    proxy_pass http://127.0.0.1:8080;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }
  location / {
    return 301 https://$host$request_uri;
  }
}
server {
  listen 443 ssl default_server;
  ssl_certificate     /etc/nginx/ssl/mojo.crt;
  ssl_certificate_key /etc/nginx/ssl/mojo.key;
  ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers         'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
  ssl_dhparam         /etc/nginx/ssl/dhparam.pem;
  ssl_session_cache   shared:SSL:10m;
  ssl_prefer_server_ciphers on;
  location / {
    proxy_pass http://mojo.kit.cm:8080;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_read_timeout 3600s;
  }
}

$ cat /lib/systemd/system/mojo-acme-server.service
[Unit]
Description=Mojo ACME service
Requires=network.target
After=network.target
# put here other service requirements

[Service]
Type=simple
Restart=always
SyslogIdentifier=mojo-acme-server
User=ubuntu
Group=ubuntu
WorkingDirectory=/opt/mojo-acme-server
Environment=MANPATH=/opt/perl5/perls/perl-5.26.0/man:/usr/local/man:/usr/local/share/man:/usr/share/man
Environment=PATH=/opt/perl5/bin:/opt/perl5/perls/perl-5.26.0/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
Environment=PERLBREW_VERSION=0.78
Environment=PERLBREW_PERL=perl-5.26.0
Environment=PERLBREW_BASHRC_VERSION=0.78
Environment=PERLBREW_ROOT=/opt/perl5
Environment=PERLBREW_HOME=/opt/mojo-acme-server/.perlbrew
Environment=PERLBREW_MANPATH=/opt/perl5/perls/perl-5.26.0/man
Environment=PERLBREW_PATH=/opt/perl5/bin:/opt/perl5/perls/perl-5.26.0/bin
PIDFile=/opt/mojo-acme-server/mojo-acme-server.pid
KillSignal=SIGQUIT
ExecStart=/opt/perl5/perls/perl-5.26.0/bin/carton exec /opt/perl5/perls/perl-5.26.0/bin/perl /opt/mojo-acme-server/local/bin/hypnotoad /opt/mojo-acme-server/mojo-acme-server -f
ExecStop=/opt/perl5/perls/perl-5.26.0/bin/carton exec /opt/perl5/perls/perl-5.26.0/bin/perl /opt/mojo-acme-server/local/bin/hypnotoad -s /opt/mojo-acme-server/mojo-acme-server
ExecReload=/opt/perl5/perls/perl-5.26.0/bin/carton exec /opt/perl5/perls/perl-5.26.0/bin/perl /opt/mojo-acme-server/local/bin/hypnotoad /opt/mojo-acme-server/mojo-acme-server