snapインストール
dnf -y install epel-release
dnf --enablerepo=epel -y install snapd
ln -s /var/lib/snapd/snap /snap
echo 'export PATH=$PATH:/var/lib/snapd/snap/bin' > /etc/profile.d/snap.sh
systemctl enable --now snapd.service snapd.socket
certbotインストール
snap install certbot --classic
ln -s /snap/bin/certbot /usr/bin/certbot
nginx設定
nginx.conf
server {
listen 80;
server_name nextcloud.vamdemicsystem.net;
root /usr/share/nginx/html;
location / {
}
}
証明書取得
certbot certonly --webroot -w /usr/share/nginx/html/ -d nextcloud.vamdemicsystem.net
/etc/letsencrypt/live/nextcloud.vamdemicsystem.net/に保存されている
Nginx設定例
# NextCloud
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name nextcloud.vamdemic.net;
root /usr/share/nginx/html;
ssl_certificate "/etc/nginx/cert/nextcloud.vamdemic.net/fullchain.pem";
ssl_certificate_key "/etc/nginx/cert/nextcloud.vamdemic.net/privkey.pem";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers PROFILE=SYSTEM;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://192.168.99.5;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header HOST $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}