apache + certbot + modules
parent
9519a68df9
commit
2cca63f99a
|
@ -340,7 +340,17 @@ Install the following dependencies from Debian's repos:
|
|||
```
|
||||
sudo apt update
|
||||
|
||||
sudo apt install build-essential git openjdk-11-jre-headless python2 redis-server
|
||||
sudo apt install \
|
||||
apache2 \
|
||||
build-essential \
|
||||
git \
|
||||
openjdk-11-jre-headless \
|
||||
python-is-python3 \
|
||||
python2 \
|
||||
python3-certbot-apache \
|
||||
redis-server
|
||||
|
||||
sudo apt clean
|
||||
```
|
||||
|
||||
Note: Docs say `python2` is needed, but is that still correct?
|
||||
|
@ -447,10 +457,143 @@ debian@mychestserver:~$ yarn --version
|
|||
```
|
||||
|
||||
|
||||
## Set up Webserver
|
||||
It is a bit easier to set up the webserver and get its SSL certificates
|
||||
confirmed all working correctly before installing Lila, to
|
||||
lessen any complications.
|
||||
|
||||
|
||||
The webserver directories will be owned by user `debian`.
|
||||
|
||||
|
||||
```
|
||||
# User debian owns webserver files
|
||||
sudo chown -R debian:debian /var/www
|
||||
|
||||
# Quick words for the webserver for testing
|
||||
echo "mychestserver web" > /var/www/html/index.html
|
||||
|
||||
# Start webserver
|
||||
sudo systemctl start apache2
|
||||
|
||||
# Logs are:
|
||||
sudo tail -f /var/log/apache2/*.log
|
||||
```
|
||||
|
||||
In your browser, you should now be able to see your website
|
||||
in insecure plaintext on port 80. Go to your site with your
|
||||
workstation's browser to check.
|
||||
It should say like "mychestserver web".
|
||||
|
||||
* http://www.mychestserver.org
|
||||
|
||||
Note, your browser may try to send you to the `https` URL,
|
||||
but that is set up below with `certbot`.
|
||||
|
||||
```
|
||||
# Set up SSL certificates
|
||||
sudo certbot
|
||||
```
|
||||
|
||||
It should look something like this:
|
||||
|
||||
```
|
||||
debian@mychestserver:~$ sudo certbot
|
||||
Saving debug log to /var/log/letsencrypt/letsencrypt.log
|
||||
Plugins selected: Authenticator apache, Installer apache
|
||||
Enter email address (used for urgent renewal and security notices)
|
||||
(Enter 'c' to cancel): webmaster@mychestserver.org
|
||||
|
||||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
Please read the Terms of Service at
|
||||
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
|
||||
agree in order to register with the ACME server. Do you agree?
|
||||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
(Y)es/(N)o: y
|
||||
|
||||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
Would you be willing, once your first certificate is successfully issued, to
|
||||
share your email address with the Electronic Frontier Foundation, a founding
|
||||
partner of the Let's Encrypt project and the non-profit organization that
|
||||
develops Certbot? We'd like to send you email about our work encrypting the web,
|
||||
EFF news, campaigns, and ways to support digital freedom.
|
||||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
(Y)es/(N)o: n
|
||||
Account registered.
|
||||
No names were found in your configuration files. Please enter in your domain
|
||||
name(s) (comma and/or space separated) (Enter 'c' to cancel): www.mychestserver.org
|
||||
Requesting a certificate for www.mychestserver.org
|
||||
Performing the following challenges:
|
||||
http-01 challenge for www.mychestserver.org
|
||||
Enabled Apache rewrite module
|
||||
Waiting for verification...
|
||||
Cleaning up challenges
|
||||
Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf
|
||||
Enabled Apache socache_shmcb module
|
||||
Enabled Apache ssl module
|
||||
Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
|
||||
Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf
|
||||
Enabled Apache rewrite module
|
||||
Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-available/000-default-le-ssl.conf
|
||||
|
||||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
Congratulations! You have successfully enabled https://www.mychestserver.org
|
||||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||
|
||||
IMPORTANT NOTES:
|
||||
- Congratulations! Your certificate and chain have been saved at:
|
||||
/etc/letsencrypt/live/www.mychestserver.org/fullchain.pem
|
||||
Your key file has been saved at:
|
||||
/etc/letsencrypt/live/www.mychestserver.org/privkey.pem
|
||||
Your certificate will expire on 2022-03-22. To obtain a new or
|
||||
tweaked version of this certificate in the future, simply run
|
||||
certbot again with the "certonly" option. To non-interactively
|
||||
renew *all* of your certificates, run "certbot renew"
|
||||
- If you like Certbot, please consider supporting our work by:
|
||||
|
||||
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
|
||||
Donating to EFF: https://eff.org/donate-le
|
||||
```
|
||||
|
||||
Then restart your web server:
|
||||
|
||||
```
|
||||
sudo systemctl restart apache2
|
||||
```
|
||||
|
||||
Now go to your website, and you should see that `https` encrypted
|
||||
SSL is now working and you can view the certificate in your
|
||||
workstation's web browser:
|
||||
|
||||
* https://www.mychestserver.org/
|
||||
|
||||
|
||||
Lets also enable some Apache modules we'll need later.
|
||||
|
||||
```
|
||||
# Enable Apache modules
|
||||
sudo a2enmod headers http2 proxy proxy_http proxy_http2 proxy_wstunnel
|
||||
|
||||
# Restart Apache
|
||||
sudo systemctl restart apache2
|
||||
|
||||
# Enable Apache to start on boot
|
||||
sudo systemctl enable apache2
|
||||
```
|
||||
|
||||
|
||||
## Install Lila
|
||||
Now we can actually install lila! See here:
|
||||
|
||||
* https://github.com/ornicar/lila
|
||||
|
||||
Install thusly:
|
||||
|
||||
```
|
||||
git clone --recursive https://github.com/ornicar/lila.git
|
||||
|
||||
|
||||
```
|
||||
|
||||
## Install lila-ws
|
||||
* https://github.com/ornicar/lila-ws
|
||||
|
|
Loading…
Reference in New Issue