apache + certbot + modules
parent
9519a68df9
commit
2cca63f99a
|
@ -340,7 +340,17 @@ Install the following dependencies from Debian's repos:
|
||||||
```
|
```
|
||||||
sudo apt update
|
sudo apt update
|
||||||
|
|
||||||
sudo apt install build-essential git openjdk-11-jre-headless python2 redis-server
|
sudo apt install \
|
||||||
|
apache2 \
|
||||||
|
build-essential \
|
||||||
|
git \
|
||||||
|
openjdk-11-jre-headless \
|
||||||
|
python-is-python3 \
|
||||||
|
python2 \
|
||||||
|
python3-certbot-apache \
|
||||||
|
redis-server
|
||||||
|
|
||||||
|
sudo apt clean
|
||||||
```
|
```
|
||||||
|
|
||||||
Note: Docs say `python2` is needed, but is that still correct?
|
Note: Docs say `python2` is needed, but is that still correct?
|
||||||
|
@ -447,10 +457,143 @@ debian@mychestserver:~$ yarn --version
|
||||||
```
|
```
|
||||||
|
|
||||||
|
|
||||||
|
## Set up Webserver
|
||||||
|
It is a bit easier to set up the webserver and get its SSL certificates
|
||||||
|
confirmed all working correctly before installing Lila, to
|
||||||
|
lessen any complications.
|
||||||
|
|
||||||
|
|
||||||
|
The webserver directories will be owned by user `debian`.
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
# User debian owns webserver files
|
||||||
|
sudo chown -R debian:debian /var/www
|
||||||
|
|
||||||
|
# Quick words for the webserver for testing
|
||||||
|
echo "mychestserver web" > /var/www/html/index.html
|
||||||
|
|
||||||
|
# Start webserver
|
||||||
|
sudo systemctl start apache2
|
||||||
|
|
||||||
|
# Logs are:
|
||||||
|
sudo tail -f /var/log/apache2/*.log
|
||||||
|
```
|
||||||
|
|
||||||
|
In your browser, you should now be able to see your website
|
||||||
|
in insecure plaintext on port 80. Go to your site with your
|
||||||
|
workstation's browser to check.
|
||||||
|
It should say like "mychestserver web".
|
||||||
|
|
||||||
|
* http://www.mychestserver.org
|
||||||
|
|
||||||
|
Note, your browser may try to send you to the `https` URL,
|
||||||
|
but that is set up below with `certbot`.
|
||||||
|
|
||||||
|
```
|
||||||
|
# Set up SSL certificates
|
||||||
|
sudo certbot
|
||||||
|
```
|
||||||
|
|
||||||
|
It should look something like this:
|
||||||
|
|
||||||
|
```
|
||||||
|
debian@mychestserver:~$ sudo certbot
|
||||||
|
Saving debug log to /var/log/letsencrypt/letsencrypt.log
|
||||||
|
Plugins selected: Authenticator apache, Installer apache
|
||||||
|
Enter email address (used for urgent renewal and security notices)
|
||||||
|
(Enter 'c' to cancel): webmaster@mychestserver.org
|
||||||
|
|
||||||
|
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||||
|
Please read the Terms of Service at
|
||||||
|
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
|
||||||
|
agree in order to register with the ACME server. Do you agree?
|
||||||
|
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||||
|
(Y)es/(N)o: y
|
||||||
|
|
||||||
|
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||||
|
Would you be willing, once your first certificate is successfully issued, to
|
||||||
|
share your email address with the Electronic Frontier Foundation, a founding
|
||||||
|
partner of the Let's Encrypt project and the non-profit organization that
|
||||||
|
develops Certbot? We'd like to send you email about our work encrypting the web,
|
||||||
|
EFF news, campaigns, and ways to support digital freedom.
|
||||||
|
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||||
|
(Y)es/(N)o: n
|
||||||
|
Account registered.
|
||||||
|
No names were found in your configuration files. Please enter in your domain
|
||||||
|
name(s) (comma and/or space separated) (Enter 'c' to cancel): www.mychestserver.org
|
||||||
|
Requesting a certificate for www.mychestserver.org
|
||||||
|
Performing the following challenges:
|
||||||
|
http-01 challenge for www.mychestserver.org
|
||||||
|
Enabled Apache rewrite module
|
||||||
|
Waiting for verification...
|
||||||
|
Cleaning up challenges
|
||||||
|
Created an SSL vhost at /etc/apache2/sites-available/000-default-le-ssl.conf
|
||||||
|
Enabled Apache socache_shmcb module
|
||||||
|
Enabled Apache ssl module
|
||||||
|
Deploying Certificate to VirtualHost /etc/apache2/sites-available/000-default-le-ssl.conf
|
||||||
|
Enabling available site: /etc/apache2/sites-available/000-default-le-ssl.conf
|
||||||
|
Enabled Apache rewrite module
|
||||||
|
Redirecting vhost in /etc/apache2/sites-enabled/000-default.conf to ssl vhost in /etc/apache2/sites-available/000-default-le-ssl.conf
|
||||||
|
|
||||||
|
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||||
|
Congratulations! You have successfully enabled https://www.mychestserver.org
|
||||||
|
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
|
||||||
|
|
||||||
|
IMPORTANT NOTES:
|
||||||
|
- Congratulations! Your certificate and chain have been saved at:
|
||||||
|
/etc/letsencrypt/live/www.mychestserver.org/fullchain.pem
|
||||||
|
Your key file has been saved at:
|
||||||
|
/etc/letsencrypt/live/www.mychestserver.org/privkey.pem
|
||||||
|
Your certificate will expire on 2022-03-22. To obtain a new or
|
||||||
|
tweaked version of this certificate in the future, simply run
|
||||||
|
certbot again with the "certonly" option. To non-interactively
|
||||||
|
renew *all* of your certificates, run "certbot renew"
|
||||||
|
- If you like Certbot, please consider supporting our work by:
|
||||||
|
|
||||||
|
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
|
||||||
|
Donating to EFF: https://eff.org/donate-le
|
||||||
|
```
|
||||||
|
|
||||||
|
Then restart your web server:
|
||||||
|
|
||||||
|
```
|
||||||
|
sudo systemctl restart apache2
|
||||||
|
```
|
||||||
|
|
||||||
|
Now go to your website, and you should see that `https` encrypted
|
||||||
|
SSL is now working and you can view the certificate in your
|
||||||
|
workstation's web browser:
|
||||||
|
|
||||||
|
* https://www.mychestserver.org/
|
||||||
|
|
||||||
|
|
||||||
|
Lets also enable some Apache modules we'll need later.
|
||||||
|
|
||||||
|
```
|
||||||
|
# Enable Apache modules
|
||||||
|
sudo a2enmod headers http2 proxy proxy_http proxy_http2 proxy_wstunnel
|
||||||
|
|
||||||
|
# Restart Apache
|
||||||
|
sudo systemctl restart apache2
|
||||||
|
|
||||||
|
# Enable Apache to start on boot
|
||||||
|
sudo systemctl enable apache2
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
## Install Lila
|
## Install Lila
|
||||||
|
Now we can actually install lila! See here:
|
||||||
|
|
||||||
* https://github.com/ornicar/lila
|
* https://github.com/ornicar/lila
|
||||||
|
|
||||||
|
Install thusly:
|
||||||
|
|
||||||
|
```
|
||||||
|
git clone --recursive https://github.com/ornicar/lila.git
|
||||||
|
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
## Install lila-ws
|
## Install lila-ws
|
||||||
* https://github.com/ornicar/lila-ws
|
* https://github.com/ornicar/lila-ws
|
||||||
|
|
Loading…
Reference in New Issue