Configure TLS with Lets Encrypt (#4)

2025-10-09 22:19:16 +02:00
parent f9389f9eda
commit 27d3d1a7e7
4 changed files with 19 additions and 7 deletions
--- a/cert.renew
+++ b/cert.renew
@@ -0,0 +1,3 @@
+#!/bin/bash
+# https://habr.com/ru/articles/735712/
+certbot certonly --manual --preferred-challenges http -d "kornerr.ru"
--- a/cert.setup
+++ b/cert.setup
@@ -0,0 +1,3 @@
+#!/bin/bash
+# https://habr.com/ru/articles/735712/
+brew install certbot
--- a/nginx/cfg
+++ b/nginx/cfg
@@ -1,11 +1,17 @@
+# Redirect HTTP to HTTPS
 server {
-  listen 80 default_server;
-  listen [::]:80 default_server;
+  listen 80;
+  server_name kornerr.ru;
+  return 301 https://$server_name$request_uri;
+}
+
+server {
+  listen 443 ssl;
+  server_name kornerr.ru;
+
+  ssl_certificate /etc/encrypt/fullchain.pem;
+  ssl_certificate_key /etc/encrypt/privkey.pem;

-  # SSL configuration
-  #
-  # listen 443 ssl default_server;
-  # listen [::]:443 ssl default_server;
  #
  # Note: You should disable gzip for SSL traffic.
  # See: https://bugs.debian.org/773332
--- a/squid/cfg
+++ b/squid/cfg
@@ -1,4 +1,4 @@
-acl tul src 83.221.16.86
+acl tul src 83.221.16.80
 http_access allow tul
 http_access deny all
 http_port 3128