Überblick
- Ich verwendet nginx als HTTP/2 Server auf einem Raspberry Pi
- PHP soll in allen Stufen möglich sein
Authentifizierung
auth_basic "Administrator’s Area";
auth_basic_user_file /etc/apache2/.htpasswd;
Stufe 1, :80 HTTP-Server
apt-get install nginx
apt-get install php php-fpm
server {
listen 80 default_server;
listen [::]:80 default_server;
root /srv/ngx/orgamon-2.dyndns.org;
index index.html index.htm index.nginx-debian.html;
server_name orgamon-2.dyndns.org;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}
}
Stufe 2, :443 HTTPS-Server (TLS 1.2)
apt-get install certbot
certbot certonly
- /etc/nginx/sites-enabled/orgamon-2.dyndns.org
server {
listen 443 ssl default_server;
ssl_protocols TLSv1.2;
root /srv/ngx/orgamon-2.dyndns.org;
index index.html index.htm index.nginx-debian.html;
server_name orgamon-2.dyndns.org;
ssl_certificate /etc/letsencrypt/live/orgamon-2.dyndns.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/orgamon-2.dyndns.org/privkey.pem;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}
Stufe 3, :443 HTTP/2 Server mit TLS 1.2
server {
listen 443 ssl http2;
...
Stufe 4, :443 HTTP/2 Server mit TLS 1.3 (only!)