cd /opt cd certbot && ./certbot-auto
cd /opt cd certbot && ./certbot-auto
# this section is needed to proxy web-socket connections
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# HTTP
server {
listen 80;
server_name classified.officialstupid.com;
location = /favicon.ico {
access_log off;
}
# pass requests to Meteor
location / {
proxy_pass http://127.0.0.1:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; #for websockets
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
}
}
server {
server_name example.com *.example.com ;
access_log /var/log/nginx/example.com.access.log;
error_log /var/log/nginx/example.com.error.log;
root /var/www/example.com/htdocs;
index index.php;
if (!-e $request_filename) {
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
rewrite ^(/[^/]+)?(/wp-.*) $2 last;
rewrite ^(/[^/]+)?(/.*\.php) $2 last;
}
location / {
try_files $uri $uri/ /index.php?$args ;
}
location ~ \.php$ {
try_files $uri /index.php;
include fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
location = /robots.txt { access_log off; log_not_found off; }
location ~ /\. { deny all; access_log off; log_not_found off; }
}
sudo shutdown -h now
sudo fuser -k 80/tcp ; sudo /etc/init.d/nginx restart
cd /opt/letsencrypt
./letsencrypt-auto certonly -a webroot --webroot-path=/usr/share/nginx/html -d example.com -d www.example.com
sudo ls -l /etc/letsencrypt/live/your_domain_name
sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
sudo ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/example.com.conf
Set Up Auto Renewal
/opt/letsencrypt/letsencrypt-auto renew
Create /etc/nginx/cloudflare-allow.conf
# https://www.cloudflare.com/ips
# IPv4
allow 199.27.128.0/21;
allow 173.245.48.0/20;
allow 103.21.244.0/22;
allow 103.22.200.0/22;
allow 103.31.4.0/22;
allow 141.101.64.0/18;
allow 108.162.192.0/18;
allow 190.93.240.0/20;
allow 188.114.96.0/20;
allow 197.234.240.0/22;
allow 198.41.128.0/17;
allow 162.158.0.0/15;
# IPv6
allow 2400:cb00::/32;
allow 2606:4700::/32;
allow 2803:f800::/32;
allow 2405:b500::/32;
allow 2405:8100::/32;
Then in your /etc/nginx/sites-available/site.com add:
server {
listen 80; ## listen for ipv4; this line is default and implied
listen [::]:80 default ipv6only=on; ## listen for ipv6
include /etc/nginx/cloudflare-allow.conf;
deny all;
server_name direct.site.com www.site.com site.com;
#...the rest of your config here...
}
To change max file upload size to 100MB
Edit…
vim /etc/php5/fpm/php.ini
Set…
upload_max_filesize = 100M post_max_size = 100M
Add following line to http{..} block in nginx config: /etc/nginx/nginx.conf
http { #... client_max_body_size 100m; #... }
service php5-fpm reload service nginx reload