2023-01-04 01:51:06 +00:00
parent b2934649f1
commit 687424391a
1 changed files with 196 additions and 31 deletions
--- a/docs/docs/howto.md
+++ b/docs/docs/howto.md
@@ -22,10 +22,175 @@ The same format can be used to expand the set of domains a certificate contains,
 certbot certonly --cert-name example.com -d example.org,www.example.org
 ```

-SO FOR EXAMPLE for HelloAyaNova.com
+SO FOR EXAMPLE for a test adding sockeye to onayanova.com on devops
+
+- Added subdomain sockeye.onayanova.com to onayanova.com domain record and pointed to Devops server.
+- Edited /etc/nginx/sites-available/default file and added sockeye.onayanova.com to server block only, didn't add it to any other part:
+
+i.e. went from this:
+
+```yml
+server {
+    server_name   test.onayanova.com;
+    location / {
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+        add_header X-XSS-Protection "1; mode=block" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header Referrer-Policy "strict-origin" always;
+        gzip on;
+        gzip_vary on;
+        gzip_min_length 10240;
+        gzip_proxied expired no-cache no-store private auth;
+        gzip_http_version 1.1;
+        gzip_types  application/javascript text/css application/json text/plain;
+
+        proxy_pass         http://127.0.0.1:7575;
+        proxy_http_version 1.1;
+        proxy_set_header   Upgrade $http_upgrade;
+        proxy_set_header   Connection keep-alive;
+        proxy_set_header   Host $host;
+        proxy_cache_bypass $http_upgrade;
+        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto $scheme;
+        proxy_connect_timeout       3600;
+        proxy_send_timeout          3600;
+        proxy_read_timeout          3600;
+        send_timeout                3600;
+        # Note: the client_max_body_size setting controls the maximum upload size for attachments in AyaNova
+        # it is a good security precaution to set this value only as high as absolutely needed by your staff for
+        # file attachment uploads
+        # AyaNova can handle up to 10GB maximum so the highest setting allowed here would be:
+        # client_max_body_size 10GB;
+        client_max_body_size 25M;
+    }
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/test.onayanova.com/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/test.onayanova.com/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+}
+server {
+    if ($host = test.onayanova.com) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    listen        80;
+    server_name   test.onayanova.com;
+    return 404; # managed by Certbot
+
+
+}
+```
+
+to this:
+
+```yml
+server {
+    server_name   test.onayanova.com sockeye.onayanova.com;
+    location / {
+        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
+        add_header X-XSS-Protection "1; mode=block" always;
+        add_header X-Content-Type-Options "nosniff" always;
+        add_header X-Frame-Options "SAMEORIGIN" always;
+        add_header Referrer-Policy "strict-origin" always;
+        gzip on;
+        gzip_vary on;
+        gzip_min_length 10240;
+        gzip_proxied expired no-cache no-store private auth;
+        gzip_http_version 1.1;
+        gzip_types  application/javascript text/css application/json text/plain;
+
+        proxy_pass         http://127.0.0.1:7575;
+        proxy_http_version 1.1;
+        proxy_set_header   Upgrade $http_upgrade;
+        proxy_set_header   Connection keep-alive;
+        proxy_set_header   Host $host;
+        proxy_cache_bypass $http_upgrade;
+        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header   X-Forwarded-Proto $scheme;
+        proxy_connect_timeout       3600;
+        proxy_send_timeout          3600;
+        proxy_read_timeout          3600;
+        send_timeout                3600;
+        # Note: the client_max_body_size setting controls the maximum upload size for attachments in AyaNova
+        # it is a good security precaution to set this value only as high as absolutely needed by your staff for
+        # file attachment uploads
+        # AyaNova can handle up to 10GB maximum so the highest setting allowed here would be:
+        # client_max_body_size 10GB;
+        client_max_body_size 25M;
+    }
+
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/test.onayanova.com/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/test.onayanova.com/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+
+
+
+
+
+}
+server {
+    if ($host = test.onayanova.com) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    listen        80;
+    server_name   test.onayanova.com;
+    return 404; # managed by Certbot
+
+
+}
+
+```
+
+Test and reload nginx the request new certificate:
+(note no spaces in subdomain names or it balks)

 ```bash
-certbot --nginx --cert-name helloayanova.com -d test.helloayanova.com,helloayanova.com,www.helloayanova.com,1665.helloayanova.com,7331.helloayanova.com,8888.helloayanova.com,a261.helloayanova.com
+
+root@devops:/etc/nginx/sites-available# nginx -t
+nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
+nginx: configuration file /etc/nginx/nginx.conf test is successful
+
+root@devops:/etc/nginx/sites-available# nginx -s reload
+root@devops:/etc/nginx/sites-available# certbot --nginx --cert-name test.onayanova.com -d test.onayanova.com,sockeye.onayanova.com
+Saving debug log to /var/log/letsencrypt/letsencrypt.log
+
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+You are updating certificate test.onayanova.com to include new domain(s):
+ sockeye.onayanova.com
+
+You are also removing previously included domain(s):
+(None)
+
+Did you intend to make this change?
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+(U)pdate certificate/(C)ancel: u
+Renewing an existing certificate for test.onayanova.com and 1 more domains
+
+Successfully received certificate.
+Certificate is saved at: /etc/letsencrypt/live/test.onayanova.com/fullchain.pem
+Key is saved at:         /etc/letsencrypt/live/test.onayanova.com/privkey.pem
+This certificate expires on 2023-04-04.
+These files will be updated when the certificate renews.
+Certbot has set up a scheduled task to automatically renew this certificate in the background.
+
+Deploying certificate
+Successfully deployed certificate for test.onayanova.com to /etc/nginx/sites-enabled/default
+Successfully deployed certificate for sockeye.onayanova.com to /etc/nginx/sites-enabled/default
+Your existing certificate has been successfully renewed, and the new certificate has been installed.
+
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+
 ```

 ## NGINX