Deploy HTTPS Web services on Amazon Linux 2

728x90

https://antlala.tistory.com/71

Running Golang Service on Amazon Linux 2

Download source code and build $ mkdir go $ cd go $ mkdir src $ cd src $ mkdir yourid $ cd yourid $ git clone https://github.com/yourid/sample-service.git $ cd sample-service $ go mod tidy $ go build Make a service file $ sudo vi /lib/systemd/system/new-se

antlala.tistory.com

Install Nginx

$ sudo amazon-linux-extras install nginx1 -y
$ nginx -v
nginx version: nginx/1.12.2

Configuration

$ sudo vi /etc/nginx/nginx.conf

Add server_names_hash_bucket_size, server_names_hash_max_size options.

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    server_names_hash_bucket_size 64;
    server_names_hash_max_size 8192;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2 default_server;
#        listen       [::]:443 ssl http2 default_server;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers HIGH:!aNULL:!MD5;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        location / {
#        }
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

Start Nginx

$ sudo fuser -k 80/tcp
$ sudo systemctl start nginx
$ systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
   Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
   Active: active (running) since Wed 2023-01-25 23:42:49 UTC; 4s ago
  Process: 31089 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
  Process: 31086 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
  Process: 31084 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
 Main PID: 31091 (nginx)
   CGroup: /system.slice/nginx.service
           ├─31091 nginx: master process /usr/sbin/nginx
           ├─31092 nginx: worker process
           ├─31093 nginx: worker process
           ├─31094 nginx: worker process
           └─31095 nginx: worker process

Install Certbot

$ sudo amazon-linux-extras install epel -y
$ sudo yum install certbot python-certbot-nginx -y
$ certbot --version
certbot 0.38.0

Issue a SSL certificate

$ sudo certbot --nginx -d your.domain.com

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/your.domain.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/your.domain.com/privkey.pem
   Your cert will expire on 2023-04-25. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Now you got a certificates in /etc/letsencrypt/live/your.domain.com/

Also you can check nginx configuration managed by Certbot. Add proxy_pass you want to link.

$ sudo vi /etc/nginx/nginx.conf

server {
    server_name your.domain.com; # managed by Certbot
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
        	proxy_pass http://127.0.0.1:12345; # your local web service
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }


    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/your.domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/your.domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

    server {
    if ($host = your.domain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen       80 ;
        listen       [::]:80 ;
    server_name your.domain.com;
    return 404; # managed by Certbot

Restart nginx

$ sudo systemctl restart nginx
$ systemctl status nginx

Auto renewal by cron

$ sudo vi /etc/crontab

Add below lines

39 1,13 * * * root certbot renew --no-self-upgrade

This means trying renewal of certificates 1:39 AM and PM everyday.

Then restart cron.

$ sudo systemctl restart crond

References

https://hudi.blog/https-with-nginx-and-lets-encrypt/

Nginx와 Let's Encrypt로 HTTPS 웹 서비스 배포하기 (feat. Certbot)

목표 우리의 목표 우리의 목표는 위 그림과 같다. 클라이언트와 WAS 사이에 리버스 프록시 서버를 둔다. 클라이언트는 웹서버처럼 리버스 프록시 서버에 요청하고, WAS는 리버스 프록시로부터 사

hudi.blog

https://devcoops.com/install-certbot-on-amazon-linux-2/

How to install Certbot on Amazon Linux 2

Using AWS amazon linux 2 template for your EC2 instance is always a preferred way as an AWS-optimized and proprietary template. So if your web application requires an SSL/TLS certificate you can use the AWS certificate manager or the easiest and the quicke

devcoops.com

https://dev-jwblog.tistory.com/57

Amazon Linux2에서 Certbot을 통해 HTTPS 적용하기 (With. Nginx)

AWS 프리티어 중 Amazon Linux2를 사용하는 서버에서 HTTPS를 서비스에 등록해보겠습니다. HTTPS가 없더라도 크게 문제는 없지만, 많은 회사들이 SSL을 사용하고 있기 때문에, 적용해보고자 하였습니다.

dev-jwblog.tistory.com

728x90

'프로그래밍 > DevOps' 카테고리의 다른 글

MySQL create a database and a user and grant all privileges/read only (0)	2023.02.17
Create Swap Memory on Amazon Linux (0)	2023.01.26
Generate crt and key on Amazon Linux (0)	2023.01.26
Amazon Linux2 MySQL 8 Setup (0)	2023.01.25

여의도 개미일상(재테크, 맛집 등등)

Deploy HTTPS Web services on Amazon Linux 2

Install Nginx

Configuration

Start Nginx

Install Certbot

Issue a SSL certificate

Restart nginx

Auto renewal by cron

References

'프로그래밍 > DevOps' 카테고리의 다른 글

댓글

티스토리툴바

Deploy HTTPS Web services on Amazon Linux 2

Install Nginx

Configuration

Start Nginx

Install Certbot

Issue a SSL certificate

Restart nginx

Auto renewal by cron

References

'프로그래밍 > DevOps' 카테고리의 다른 글

관련글

댓글

티스토리툴바