Guide NGINX & Lets Encrypt - noodlemctwoodle/Hassio GitHub Wiki
!! Port '80' and Port '443' are forwarded on you firewall to the IP address of you NGINX host !!
- {config-name} used in this guide should be replaced by the NGINX configuration you are using such as 'hassio' or 'containers'
sudo apt-get install nginx
sudo update-rc.d nginx defaults
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt/
./letsencrypt-auto --server \ https://acme-v01.api.letsencrypt.org/directory --help
Once downloaded, you will need to get your certificate, run the following command and follow the on screen prompts
./letsencrypt-auto certonly --standalone
If NGINX is running you can use this command to STOP NGINX, generate the cert and then START NGINX
./letsencrypt-auto certonly --standalone --pre-hook "service nginx stop" --post-hook "service nginx start" --expand -d <url1>,<url2>....
Once letsencrypt-auto has completed it will display the location of the newly created .pem files. Make a note of this location as you will need it later for the proxy configuration
Example:
/etc/letsencrypt/live/YOUR_DOMAIN/hassio.mysmarthome.co.uk
Change the permissions on the YOUR_DOMAIN folder and it's content by default they can't only be accessed by root
sudo chmod -R 744 /etc/letsencrypt/live/hassio.mysmarthome.co.uk/
cd /etc/ssl/certs
sudo openssl dhparam -out dhparam.pem 4096
Create a proxy file for NGINX
sudo nano /etc/nginx/sites-available/{config-name}
- If you are setting up NGINX for Hassio reverse proxy copy this config file, replace the details to reflect your network configuration and rename the file to a name of your choice without an extension.
- If you are setting up NGINX for additional containers copy this config file, replace the details to reflect your network configuration and rename the file to a name of your choice without an extension. You can comment out or remove any 'proxy_pass' script blocks you are not going to use
Here are some of the examples you will need to change
Change Domain Name Example:
server {
listen 80;
listen [::]:80;
server_name hassio.mysmarthome.co.uk; # Change the domain name here
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name hassio.mysmarthome.co.uk; # Change the domain name here
Change the certificate example:
ssl_certificate /etc/letsencrypt/live/hassio.mysmarthome.co.uk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/hassio.mysmarthome.co.uk/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/hassio.mysmarthome.co.uk/chain.pem;
Change IP Detials Example:
location ^~ /tautulli {
proxy_pass http://10.20.30.199:8181/tautulli;
include proxy_params;
}
Comment Out Example:
# location ^~ /tautulli {
# proxy_pass http://192.168.0.10:8181/tautulli;
# include proxy_params;
# }
sudo nano /etc/nginx/nginx.conf
Copy the configuration from nginx.conf into the config file replacing all config
sudo ln -s /etc/nginx/sites-available/{config-name}/etc/nginx/sites-enabled/
sudo systemctl start nginx.service
sudo rm /etc/nginx/sites-enabled/{config-name}