| Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision |
| projets:fuz:spaceapi [2021-09-10 12:20] – [Resources] metrics.spaceapi.io -> .community Lomanic | projets:fuz:spaceapi [2021-12-05 19:56] – [Deployment] Lomanic |
|---|
| WantedBy=multi-user.target | WantedBy=multi-user.target |
| EOF | EOF |
| sudo systemctl enable spaceapi.service | sudo systemctl enable --now spaceapi.service |
| sudo systemctl start spaceapi.service | |
| curl localhost:3001 | curl localhost:3001 |
| sudo mkdir -p /var/www/fuz.re/spaceapi/site | sudo mkdir -p /var/www/fuz.re/spaceapi/site |
| sudo certbot certonly --webroot -w /var/www/fuz.re/spaceapi/site -d spaceapi.fuz.re --deploy-hook 'cat "$RENEWED_LINEAGE/privkey.pem" "$RENEWED_LINEAGE/cert.pem" > "$RENEWED_LINEAGE/combined.pem"' --post-hook '/usr/sbin/lighttpd -t -f /etc/lighttpd/lighttpd.conf && service lighttpd reload' | sudo certbot certonly --webroot -w /var/www/fuz.re/spaceapi/site -d spaceapi.fuz.re --deploy-hook '/usr/sbin/lighttpd -t -f /etc/lighttpd/lighttpd.conf && service lighttpd reload' |
| </code> | </code> |
| No need to mess with anything else, certbot is already called every ~12 hours as it was installed from Debian repos https://certbot.eff.org/docs/using.html#automated-renewals and lighttpd is reloaded after successful renewal. This config is persistent in ''/etc/letsencrypt/renewal/spaceapi.fuz.re.conf'' (automatically created by the previous certbot command), [[https://certbot.eff.org/docs/using.html#renewal-config-file|see its doc here]]. | No need to mess with anything else, certbot is already called every ~12 hours (see ''/etc/cron.d/certbot'') as it was installed from Debian repos https://certbot.eff.org/docs/using.html#automated-renewals and lighttpd is reloaded after successful renewal. This config is persistent in ''/etc/letsencrypt/renewal/spaceapi.fuz.re.conf'' (automatically created by the previous certbot command), [[https://certbot.eff.org/docs/using.html#renewal-config-file|see its doc here]]. |
| | |
| | (To note: the certbot command was originally ''<nowiki>sudo certbot certonly --webroot -w /var/www/fuz.re/spaceapi/site -d spaceapi.fuz.re --deploy-hook 'cat "$RENEWED_LINEAGE/privkey.pem" "$RENEWED_LINEAGE/cert.pem" > "$RENEWED_LINEAGE/combined.pem"' --post-hook '/usr/sbin/lighttpd -t -f /etc/lighttpd/lighttpd.conf && service lighttpd reload'</nowiki>'' but combining certs is not useful anymore in lighttpd, see [[https://github.com/certbot/certbot/issues/94#issuecomment-658217459|certbot/certbot#94]]) |
| |
| Corresponding lighttpd vhost config | Corresponding lighttpd vhost config |
| ssl.engine = "enable" | ssl.engine = "enable" |
| proxy.server = ( "" => (("host" => "127.0.0.1", "port" => 3001)) ) | proxy.server = ( "" => (("host" => "127.0.0.1", "port" => 3001)) ) |
| ssl.ca-file = "/etc/letsencrypt/live/spaceapi.fuz.re/chain.pem" | ssl.pemfile = "/etc/letsencrypt/live/spaceapi.fuz.re/fullchain.pem" |
| ssl.pemfile = "/etc/letsencrypt/live/spaceapi.fuz.re/combined.pem" | ssl.privkey = "/etc/letsencrypt/live/spaceapi.fuz.re/privkey.pem" |
| } | } |
| } | } |
