Linux.nginx: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Root (Diskussion | Beiträge) |
Root (Diskussion | Beiträge) |
||
Zeile 98: | Zeile 98: | ||
chmod 777 build-nginx.sh | chmod 777 build-nginx.sh | ||
./build-nginx.sh | ./build-nginx.sh | ||
* Probier aus, ob wirklich openssl-1-1-1 verwendet wird | |||
nginx -V |
Version vom 3. September 2018, 17:27 Uhr
Überblick
- Ich verwendet nginx als HTTP/2 Server auf einem Raspberry Pi
- PHP soll in allen Stufen möglich sein
Authentifizierung
- System-Voraussetzung
apt-get install apache2-utils
- in der Host.conf
auth_basic "Administrator’s Area"; auth_basic_user_file /etc/apache2/.htpasswd;
- in der Kommandozeile
htpasswd -bc /srv/ngx/orgamon-2.dyndns.org/.htpasswd username ***pwd***
Stufe 1, :80 HTTP-Server
apt-get install nginx apt-get install php php-fpm
- orgamon-2.dyndns.org
server { listen 80 default_server; listen [::]:80 default_server; root /srv/ngx/orgamon-2.dyndns.org; index index.html index.htm index.nginx-debian.html; server_name orgamon-2.dyndns.org; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; } }
Stufe 2, :443 HTTPS-Server (TLS 1.2)
apt-get install certbot certbot certonly
- /etc/nginx/sites-enabled/orgamon-2.dyndns.org
server { listen 443 ssl default_server; ssl_protocols TLSv1.2; root /srv/ngx/orgamon-2.dyndns.org; index index.html index.htm index.nginx-debian.html; server_name orgamon-2.dyndns.org; ssl_certificate /etc/letsencrypt/live/orgamon-2.dyndns.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/orgamon-2.dyndns.org/privkey.pem; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; }
Stufe 3, :443 HTTP/2 Server mit TLS 1.2
server { listen 443 ssl http2; ...
Stufe 4, :443 HTTP/2 Server mit TLS 1.3 (only!)
wget https://github.com/MatthewVance/nginx-build/raw/master/build-nginx.sh
- Stelle im Build-Script sicher, dass openssl 1.1.1 verwendet wird:
# https://github.com/MatthewVance/nginx-build/pull/60/commits/a0454545a8b4129c021dc1fea43f098265bf0352
chmod 777 build-nginx.sh ./build-nginx.sh
- Probier aus, ob wirklich openssl-1-1-1 verwendet wird
nginx -V