xholicka · June 23, 2022 06:00
diff --git a/6 Nginx Cloudflare Certbot.txt b/6 Nginx Cloudflare Certbot.txt
 # install nginx
 sudo apt install nginx

 # airdnd.helping.ninja
 # configure nginx - foundry and ssl redirect

 # This goes in a file within /etc/nginx/sites-available/. By convention,
 # the filename would be "yourdomain.com.conf"

 sudo vim /etc/nginx/sites-available/helping.ninja.conf

 # Define Server
 ---------------------------------
 # HTTP -> HTTPS
 server {
    listen 80;
 	listen [::]:80; # this thing in brackets is there for ipv6 addresses

    server_name *.yourdomain.com yourdomain.com;

    return 301 https://$host$request_uri;
 }

 # foundry
 server {

    # Enter your fully qualified domain name or leave blank
    server_name             yourfoundry.yourdomain.com;

    # Listen on port 443 with SSL certificates
    listen                  443;

    # Sets the Max Upload size to 300 MB
    client_max_body_size 300M;

    default_type  application/octet-stream;

    # Proxy Requests to Foundry VTT
    location / {

        # Set proxy headers
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # These are important to support WebSockets
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";

        # Make sure to set your Foundry VTT port number
        proxy_pass http://localhost:30000;
    }
 }

 ----------------------
 # Foundry config file ({userData}/Config/options.json)
 sudo vim ~/share/foundrydata/Config/options.json

 "hostname": "airdnd.helping.ninja", 
 "proxySSL": true,
 "proxyPort": 443,

 ------------------------
 cloudflare 
 - add site (we wont cover this here - Cloudflare got tutorials or wizzards of their own)
 - crete token 
    Edit zone DNS	Zone.DNS

 cloudflare.ini:
 # Cloudflare API token used by Certbot
 dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567

 Certbot with Cloudflare DNS

 https://certbot.eff.org/instructions?ws=nginx&os=debianbuster

 sudo apt update
 sudo apt install snapd
 sudo snap install core
 sudo snap refresh core

 sudo snap install --classic certbot

 # Prepare the Certbot command 
 sudo ln -s /snap/bin/certbot /usr/bin/certbot

 # Confirm plugin containment level 
 sudo snap set certbot trust-plugin-with-root=ok

 sudo snap install certbot-dns-cloudflare

 sudo ln -s /etc/nginx/sites-available/helping.ninja.conf /etc/nginx/sites-enabled/

 sudo certbot -i nginx --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -d "helping.ninja" -d "*.helping.ninja"

 # check nginx configuration
 sudo nginx -t

 sudo service nginx reload
	# install nginx
	sudo apt install nginx

	# airdnd.helping.ninja
	# configure nginx - foundry and ssl redirect

	# This goes in a file within /etc/nginx/sites-available/. By convention,
	# the filename would be "yourdomain.com.conf"

	sudo vim /etc/nginx/sites-available/helping.ninja.conf

	# Define Server
	---------------------------------
	# HTTP -> HTTPS
	server {
	listen 80;
	listen [::]:80; # this thing in brackets is there for ipv6 addresses

	server_name *.yourdomain.com yourdomain.com;

	return 301 https://$host$request_uri;
	}

	# foundry
	server {

	# Enter your fully qualified domain name or leave blank
	server_name yourfoundry.yourdomain.com;

	# Listen on port 443 with SSL certificates
	listen 443;

	# Sets the Max Upload size to 300 MB
	client_max_body_size 300M;

	default_type application/octet-stream;

	# Proxy Requests to Foundry VTT
	location / {

	# Set proxy headers
	proxy_set_header Host $host;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;

	# These are important to support WebSockets
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "Upgrade";

	# Make sure to set your Foundry VTT port number
	proxy_pass http://localhost:30000;
	}
	}

	----------------------
	# Foundry config file ({userData}/Config/options.json)
	sudo vim ~/share/foundrydata/Config/options.json

	"hostname": "airdnd.helping.ninja",
	"proxySSL": true,
	"proxyPort": 443,

	------------------------
	cloudflare
	- add site (we wont cover this here - Cloudflare got tutorials or wizzards of their own)
	- crete token
	Edit zone DNS Zone.DNS

	cloudflare.ini:
	# Cloudflare API token used by Certbot
	dns_cloudflare_api_token = 0123456789abcdef0123456789abcdef01234567

	Certbot with Cloudflare DNS

	https://certbot.eff.org/instructions?ws=nginx&os=debianbuster

	sudo apt update
	sudo apt install snapd
	sudo snap install core
	sudo snap refresh core

	sudo snap install --classic certbot

	# Prepare the Certbot command
	sudo ln -s /snap/bin/certbot /usr/bin/certbot

	# Confirm plugin containment level
	sudo snap set certbot trust-plugin-with-root=ok

	sudo snap install certbot-dns-cloudflare

	sudo ln -s /etc/nginx/sites-available/helping.ninja.conf /etc/nginx/sites-enabled/

	sudo certbot -i nginx --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -d "helping.ninja" -d "*.helping.ninja"

	# check nginx configuration
	sudo nginx -t

	sudo service nginx reload