Time to enable https–letsencrypt

It’s almost at the end of Year 2017, now it’s time to enable https for my website, after some search, I choose to use letsencrypt, it’s free and community support widely. So it’s easy for me to find the tutorials.

So now you can visit my wiki, and it will be force redirect to the https link

How to install

Solution #1

sudo apt-get install letsencrypt
sudo service nginx stop
sudo letsencrypt certonly --standalone
sudo service nginx restart

Solution #2

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx

Refer
https://bitmingw.com/2017/02/02/letsencrypt-tutorial/
https://github.com/certbot/certbot
https://certbot.eff.org/#ubuntuxenial-nginx

nginx config

server {
listen 80;
server_name ef.pjq.me;
return 301 https://$server_name$request_uri;
}

server {
listen 80;
server_name wiki.pjq.me;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
server_name ef.pjq.me;
ssl on;
ssl_certificate /etc/letsencrypt/live/ef.pjq.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ef.pjq.me/privkey.pem;
ssl_session_timeout 5m;
root /var/www/ef/;
index index.html index.htm index.php;
location / {
try_files $uri $uri/ =404;
autoindex on;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;

}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
}
server {
listen 443;
root /var/www/dokuwiki/wiki/;
index index.html index.htm index.php;
server_name wiki.pjq.me;
ssl on;
ssl_certificate /etc/letsencrypt/live/ef.pjq.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ef.pjq.me/privkey.pem;
ssl_session_timeout 5m;
location / {
try_files $uri $uri/ =404;
}
location ~ /(data|conf|bin|inc)/ {
deny all;
}
location ~ \.php$ {
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}