Skip to content

Instantly share code, notes, and snippets.

@zoonderkins

zoonderkins/tls-https.md

Last active August 1, 2018 10:08
Show Gist options
  • Save zoonderkins/f4a43a46381658f624982eed173a0b44 to your computer and use it in GitHub Desktop.
Save zoonderkins/f4a43a46381658f624982eed173a0b44 to your computer and use it in GitHub Desktop.
Download ZIP
certbot standalone multiple domain #https #tls
Raw
tls-https.md 
certbot certonly --standalone -d dns.de.blahdns.com -d svr5.ookangzheng.com -d doh.de.blahdns.com

nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
	worker_connections 1024;
}

http {

server {
listen 443 ssl;
listen [::]:443 ssl;
#rewrite ^(.*) https://$server_name$1 permanent;
server_name doh.de.blahdns.com dns.de.blahdns.com;

ssl on;
    ssl_certificate       /etc/letsencrypt/live/dns.de.blahdns.com/fullchain.pem;
    ssl_certificate_key   /etc/letsencrypt/live/dns.de.blahdns.com/privkey.pem;
    ssl_protocols         TLSv1.2;
    ssl_ciphers           ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_session_tickets on;
    ssl_session_timeout   4h;
    ssl_stapling on; 
    ssl_stapling_verify on;
    ssl_session_cache shared:SSL:20m;
    proxy_set_header    Host              $host;
    proxy_set_header    X-Real-IP         $remote_addr;
    proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-SSL on;
    proxy_set_header    X-Forwarded-Proto $scheme;

location / {
        return      444;
        }

location /dns-query {
    proxy_pass http://localhost:8053;
        #proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        #proxy_set_header X-Forwarded-Proto https;
        include /etc/nginx/proxy_params;
}

}

# server {
#     listen 81 ;
#     listen [::]:81 ;
#     server_name svr5.ookangzheng.com;
#     return 301 https://$host$request_uri;
# }

server {
listen 81 ssl;
listen [::]:81 ssl;
server_name svr5.ookangzheng.com;

ssl on;
    ssl_certificate       /etc/letsencrypt/live/dns.de.blahdns.com/fullchain.pem;
    ssl_certificate_key   /etc/letsencrypt/live/dns.de.blahdns.com/privkey.pem;
    ssl_protocols         TLSv1.2;
    ssl_ciphers           ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_session_tickets on;
    ssl_session_timeout   4h;
    ssl_stapling on; 
    ssl_stapling_verify on;
    ssl_session_cache shared:SSL:20m;
    proxy_set_header    Host              $host;
    proxy_set_header    X-Real-IP         $remote_addr;
    proxy_set_header    X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-SSL on;
    proxy_set_header    X-Forwarded-Proto $scheme;

location / {
         return      444;
        }

location /admin {
    proxy_pass http://127.0.0.1:82/admin;
    #proxy_redirect off;
    include /etc/nginx/proxy_params;
}
}

}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment