fofanov.dmitry/configure_nginx_manager
1
0
Fork 0
Code Actions Releases Activity

Добавлены новые документы и инструкции по настройке, использованию и тестированию SSL сертификатов Let's Encrypt с использованием API reg.ru. Обновлены зависимости в requirements.txt для поддержки новых функций. Включены подробные шаги по автоматизации, созданию и продлению сертификатов, а также интеграции с Nginx Proxy Manager.

Browse Source
This commit is contained in:
Dmitriy Fofanov
2025-10-28 13:01:05 +03:00
parent 70c9932554
commit ed4531fa64
40 changed files with 4027 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

56
docs/en/Add_Lets_Encrypt_Certificate_for_regru_Provider_EN.md Normal file
View File

@@ -0,0 +1,56 @@
# Guide to Creating Let's Encrypt Certificate with DNS Challenge for reg.ru Provider in Nginx Proxy Manager
---
## Prerequisites
- Access to Nginx Proxy Manager (NPM)
- Access to reg.ru account with DNS management permissions
- API key for DNS management in reg.ru (if automatic integration is available)
- Need to obtain certificate for `*.dfv24.com` (wildcard certificate)
---
## Step 1. Getting API Key for reg.ru
1. Log in to reg.ru control panel
2. Navigate to API management section (if supported)
3. Create or find API key with DNS records editing permissions
4. Save API key and secret (Client ID and API Token)
---
## Step 2. Configuring Nginx Proxy Manager to Use DNS Challenge reg.ru
1. In NPM admin panel, go to **SSL Certificates → Add SSL Certificate**
2. Select **Let's Encrypt** -> **DNS Challenge**
3. In **Provider** field, select `reg_ru` or `custom` (if provider not available, script will be needed)
4. Fill in API fields with required parameters:
- Client ID
- API Token
5. In **Domain Names** field, specify:
`*.dfv24.com` (for wildcard certificate)
and main domain `dfv24.com`
6. Enable other options (Terms of Service, Email)
7. Click **Save** to request certificate
8. NPM will automatically add DNS TXT records for domain ownership verification through reg.ru API
---
## Step 3. Verification and Automatic Renewal
- After successful certificate creation, NPM will automatically renew it through DNS Challenge.
- For successful renewal, it's important that API key remains valid and NPM has access to DNS management.
---
## If NPM Doesn't Have Ready Integration with reg.ru
- Use external script to update DNS TXT records in reg.ru, configured in NPM through **Custom DNS Provider**.
- Configure curl requests to reg.ru API for adding/removing TXT records.
---
# Summary
For Let's Encrypt wildcard certificates with reg.ru, DNS Challenge must be used with provider's API for automatic DNS record management.
In Nginx Proxy Manager, configure DNS Challenge considering reg.ru specifics for seamless certificate obtaining and renewal.

455
docs/en/BUILD_GUIDE_EN.md Normal file
View File

@@ -0,0 +1,455 @@
# 🔨 Executable Build Guide
This guide describes the process of compiling the `letsencrypt_regru_api.py` Python script into executable files for Linux and Windows using PyInstaller.
## 📋 Table of Contents
- [Advantages of Executable Files](#advantages-of-executable-files)
- [Quick Start](#quick-start)
- [Detailed Instructions](#detailed-instructions)
- [Cross-Compilation](#cross-compilation)
- [Troubleshooting](#troubleshooting)
---
## ✅ Advantages of Executable Files
### Pros:
-**Single file** - easy to distribute and deploy
-**Standalone** - no Python installation required on target system
-**All dependencies included** - requests, cryptography, and certbot modules are bundled
-**Simple execution** - just download and run
### Cons:
-**Large size** - ~40-60 MB (including Python runtime and libraries)
-**Certbot dependency** - system certbot is still required
-**Slow first launch** - unpacking takes a few seconds
-**Rebuild required** - code changes require recompilation
---
## 🚀 Quick Start
### Build for current OS:
```bash
make build
```
### Build for all platforms:
```bash
make build-all
```
### Full release (build + packages):
```bash
make release
```
---
## 📖 Detailed Instructions
### 1. Install Dependencies
#### Option A: Automatic Installation
```bash
make install-pyinstaller
```
#### Option B: Manual Installation
```bash
pip install pyinstaller
pip install -r requirements.txt
```
### 2. Build for Linux
**On Linux system:**
```bash
make build-linux
```
**Result:**
- File: `dist/letsencrypt-regru`
- Size: ~45-55 MB
- Format: ELF 64-bit executable
**Testing:**
```bash
./dist/letsencrypt-regru --help
sudo ./dist/letsencrypt-regru --check -c /etc/letsencrypt-regru/config.json
```
### 3. Build for Windows
**On Windows system (PowerShell/CMD):**
```bash
make build-windows
```
**Result:**
- File: `dist/letsencrypt-regru.exe`
- Size: ~40-50 MB
- Format: PE32+ executable (Windows)
**Testing:**
```powershell
.\dist\letsencrypt-regru.exe --help
```
### 4. Create Distribution Packages
#### Linux package (tar.gz):
```bash
make package-linux
```
**Package contents:**
- `letsencrypt-regru` - executable file
- `README.md` - documentation
- `systemd/` - systemd unit files
- `config.json.example` - configuration example
**Result:** `dist/letsencrypt-regru-linux-x86_64.tar.gz`
#### Windows package (zip):
```bash
make package-windows
```
**Result:** `dist/letsencrypt-regru-windows-x86_64.zip`
### 5. Full Release Cycle
Create release with all artifacts:
```bash
make release
```
**What happens:**
1. Clean old artifacts (`clean-build`)
2. Install/update PyInstaller
3. Build for Linux (`build-linux`)
4. Build for Windows (`build-windows`)
5. Create Linux package (`package-linux`)
6. Create Windows package (`package-windows`)
7. Generate SHA256 checksums
**Result in `dist/`:**
```
letsencrypt-regru # Linux executable
letsencrypt-regru.exe # Windows executable
letsencrypt-regru-linux-x86_64.tar.gz
letsencrypt-regru-windows-x86_64.zip
```
---
## 🔄 Cross-Compilation
### ⚠️ Important Notes
**Not recommended:**
- Building Linux version on Windows
- Building Windows version on Linux
- Building macOS version on other OSes
**Reasons:**
- System library incompatibility
- Different executable formats
- Path and separator issues
### Recommendations
#### For Linux builds:
1. Use Ubuntu 20.04+ or Debian 10+
2. Install build-essential
3. Use Python virtual environment
```bash
sudo apt-get update
sudo apt-get install -y python3 python3-pip build-essential
make build-linux
```
#### For Windows builds:
1. Use Windows 10/11
2. Install Python 3.8+
3. Use PowerShell or CMD
```powershell
python -m pip install --upgrade pip
make build-windows
```
#### For both platforms:
Use CI/CD (GitHub Actions, GitLab CI):
```yaml
# .github/workflows/build.yml
name: Build Releases
on:
push:
tags:
- 'v*'
jobs:
build-linux:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Build Linux
run: make build-linux
build-windows:
runs-on: windows-latest
steps:
- uses: actions/checkout@v3
- name: Build Windows
run: make build-windows
```
---
## 🛠️ All Makefile Commands
### Main Commands:
| Command | Description |
|---------|-------------|
| `make build` | Build for current OS |
| `make build-linux` | Build for Linux |
| `make build-windows` | Build for Windows |
| `make build-all` | Build for all platforms |
| `make package-linux` | Create tar.gz package |
| `make package-windows` | Create zip package |
| `make release` | Full release cycle |
### Supporting Commands:
| Command | Description |
|---------|-------------|
| `make install-pyinstaller` | Install PyInstaller |
| `make test-build` | Test built file |
| `make clean-build` | Clean build artifacts |
| `make build-info` | Show environment info |
---
## 🐛 Troubleshooting
### Issue: PyInstaller not found
**Error:**
```
make: pyinstaller: Command not found
```
**Solution:**
```bash
make install-pyinstaller
# or
pip install pyinstaller
```
---
### Issue: Module imports not working
**Error:**
```
ModuleNotFoundError: No module named 'requests'
```
**Solution:**
```bash
pip install -r requirements.txt
# or add to PyInstaller command:
--hidden-import requests
--hidden-import certbot
--hidden-import cryptography
```
---
### Issue: Large file size
**Size ~100+ MB instead of 40-60 MB**
**Causes:**
- Extra modules included
- Not using `--onefile`
- Debug symbols included
**Solution:**
```bash
# Use optimization flags:
pyinstaller --onefile \
--strip \
--exclude-module tkinter \
--exclude-module matplotlib \
letsencrypt_regru_api.py
```
---
### Issue: Certbot not working in executable
**Error:**
```
certbot: command not found
```
**Solution:**
Certbot is called via `subprocess` and must be installed on the system:
**Linux:**
```bash
sudo apt-get install certbot
```
**Windows:**
- Not directly supported
- Use WSL or Docker
---
### Issue: File permission errors
**Error:**
```
Permission denied: /etc/letsencrypt/
```
**Solution:**
```bash
# Linux/macOS
sudo ./dist/letsencrypt-regru --check
# Or set proper permissions:
sudo chmod +x ./dist/letsencrypt-regru
sudo chown root:root ./dist/letsencrypt-regru
```
---
### Issue: Slow startup
**First launch takes 5-10 seconds**
**Reason:**
PyInstaller unpacks files to temporary directory on each run.
**Solution:**
- This is normal behavior for `--onefile`
- Use `--onedir` for faster startup (but many files)
- Temporary directory is cached automatically
---
### Issue: Antivirus blocking file
**Windows Defender marks .exe as virus**
**Reasons:**
- Self-extracting archive looks like malware
- No digital signature
- Unknown executable file
**Solution:**
1. **Add to exclusions:**
- Windows Defender → Settings → Exclusions
2. **Sign file with digital signature:**
```bash
# Requires Code Signing certificate
signtool sign /f cert.pfx /p password dist/letsencrypt-regru.exe
```
3. **Check on VirusTotal:**
- Upload file to virustotal.com
- Add results to README
---
## 📊 Comparison: Python vs Executable
| Feature | Python Script | Executable File |
|---------|---------------|-----------------|
| Size | ~50 KB | ~40-60 MB |
| Dependencies | Requires Python + pip | Standalone |
| Startup Speed | Fast (~1 sec) | Slow (~5-10 sec) |
| Updates | Just replace .py | Requires rebuild |
| Compatibility | Any OS with Python | Only target OS |
| Installation | Requires venv setup | Download and run |
| Certbot | Via subprocess | Via subprocess |
---
## 🎯 Recommendations
### Use Python script if:
- ✅ Python already installed on system
- ✅ Frequent code updates needed
- ✅ Using virtual environment
- ✅ Working on servers (production)
### Use executable file if:
- ✅ Python not installed
- ✅ Simple deployment needed
- ✅ Distributing to end users
- ✅ Testing on clean systems
---
## 📦 Using Built File Examples
### Linux:
```bash
# Download and extract
wget https://github.com/user/repo/releases/download/v1.0/letsencrypt-regru-linux-x86_64.tar.gz
tar -xzf letsencrypt-regru-linux-x86_64.tar.gz
# Install
sudo mv letsencrypt-regru /usr/local/bin/
sudo chmod +x /usr/local/bin/letsencrypt-regru
# Use
sudo letsencrypt-regru --help
sudo letsencrypt-regru --check -c /etc/letsencrypt-regru/config.json
```
### Windows:
```powershell
# Download and extract
Invoke-WebRequest -Uri "https://github.com/user/repo/releases/download/v1.0/letsencrypt-regru-windows-x86_64.zip" -OutFile "letsencrypt-regru.zip"
Expand-Archive -Path letsencrypt-regru.zip -DestinationPath "C:\Program Files\LetsEncrypt-RegRu"
# Use
cd "C:\Program Files\LetsEncrypt-RegRu"
.\letsencrypt-regru.exe --help
```
---
## 📝 Additional Resources
- [PyInstaller Documentation](https://pyinstaller.org/en/stable/)
- [PyInstaller FAQ](https://pyinstaller.org/en/stable/FAQ.html)
- [Building Cross-Platform Applications](https://pyinstaller.org/en/stable/operating-mode.html)
---
## 📄 License
This project uses the license as specified in the main README.md.
---
**Author:** Dmitry Fofanov
**Last Updated:** October 28, 2025

187
docs/en/CHANGELOG_EN.md Normal file
View File

@@ -0,0 +1,187 @@
# 📋 Changelog
## [2.1.0] - 2025-10-27
### 🆕 Added
#### Test SSL Certificate Generation
-**New `TestCertificateGenerator` class** - self-signed certificate generation
-**`--test-cert` command** in Python script for test certificate creation
-**`test_certificate.sh` script** - standalone creation via OpenSSL
-**`make test-cert` command** in Makefile for quick testing
#### Documentation
- 📘 **TESTING_GUIDE.md** (370+ lines) - complete testing guide
- Bypass Let's Encrypt limits (5 certificates per week)
- Certificate creation method comparison
- CI/CD and Docker examples
- Transition from test to production
- FAQ and solutions
- 📘 **TESTING_GUIDE_EN.md** - English version of testing guide
- 📘 **PROJECT_STRUCTURE.md** - project structure
- All files description
- Features list
- Technologies
- 📘 **PROJECT_STRUCTURE_EN.md** - English version
- 📘 **CHEATSHEET.md** - quick reference
- Main commands
- Use case scenarios
- Common errors and solutions
- Development workflow
- 📘 **CHEATSHEET_EN.md** - English version
- 📘 **DESCRIPTION.md** - project description in Russian and English
- 📘 **CHANGELOG_EN.md** - English changelog
- 📘 **GITEA_SYNC.md** - Gitea → GitHub synchronization
- 4 sync methods
- Step-by-step setup
- Troubleshooting
- 📘 **GITEA_SYNC_EN.md** - English version
- 📘 **README_EN.md** - Complete English main guide
#### Functionality
- ✨ Support for **unlimited** test certificates
-**Instant creation** (1-2 seconds) without DNS validation
-**Automatic upload** of test certificates to NPM
-**Full compatibility** of structure with Let's Encrypt
-**Wildcard support** for test certificates
#### Repository Synchronization
-**Automatic Gitea → GitHub sync** via Git Hooks
-**GitHub Actions workflow** for hourly sync check
-**Webhook integration** between Gitea and GitHub
-**Multiple sync methods** (Hooks, Actions, Mirror, Double Remote)
### 🔧 Improved
#### Python Script
- Added `cryptography` library import with installation check
- New command-line parameters:
- `--test-cert` - create test certificate
- `--auto` - explicit automatic mode
- Improved test certificate handling in NPM
- Detailed logging of generation process
#### Makefile
- Added `make test-cert` command with beautiful output
- Information messages about test certificate benefits
- Security warnings
#### README.md
- "Test Self-Signed Certificate Creation" section
- Updated table of contents with test certificates link
- Test certificate usage examples
- NPM integration for test certificates
- Links to additional documentation
- Gitea → GitHub sync section
### 🎯 Benefits
#### For Developers
-**No limits** - unlimited certificates
-**Fast** - creation in 1-2 seconds
-**Offline** - works without internet
-**Identical structure** - same files as Let's Encrypt
#### For Testing
-**CI/CD friendly** - quick creation in pipeline
-**Docker ready** - easily embeds in containers
-**Staging environments** - perfect for test servers
-**Local development** - HTTPS on localhost
#### For DevOps
-**Repository sync** - automatic Gitea → GitHub
-**Multiple methods** - choose what fits
-**Instant sync** - Git Hooks < 1 second
- **Reliable backup** - GitHub Actions hourly check
### 📊 Statistics
- **Lines of code**: 1,411 (Python script)
- **Makefile lines**: 415
- **Documentation lines**: 3,500+
- **Makefile commands**: 13
- **Operating modes**: 4 (obtain, renew, auto, test-cert)
- **Sync methods**: 4 (Hooks, Actions, Mirror, Remote)
- **Languages**: 2 (Russian, English)
---
## [2.0.0] - 2025-10-27
### 🆕 Added
- Nginx Proxy Manager (NPM) integration
- `NginxProxyManagerAPI` class for certificate management via API
- Automatic certificate upload to NPM
- Automatic certificate update in NPM
- Automatic expiration check
- Configurable renewal threshold (`renewal_days`)
- Makefile for installation/removal automation
- Systemd service + timer
- Cron automation
### 🔧 Improved
- Documentation consolidation into single README.md
- Detailed logging with operation statuses
- Configuration validation
- Improved error handling
### 📘 Documentation
- Complete NPM integration guide
- Quick start in 3 commands
- Automation examples
---
## [1.0.0] - 2025-10-26
### 🆕 First Release
- Python script for Let's Encrypt via reg.ru API
- Bash script with certbot-dns-regru
- PowerShell version for Windows
- DNS-01 validation
- Wildcard certificates
- Basic documentation
---
## Roadmap
### [2.2.0] - Planned
- [ ] Web interface for management
- [ ] Multiple domain support
- [ ] Notifications (email, telegram)
- [ ] Grafana dashboard for monitoring
- [ ] Certificate backups
### [3.0.0] - Future
- [ ] Other DNS provider support
- [ ] Cloudflare API
- [ ] Route53 (AWS)
- [ ] Google Cloud DNS
---
## Change Types
- `🆕 Added` - new functionality
- `🔧 Improved` - improvements to existing functionality
- `🐛 Fixed` - bug fixes
- `🗑️ Removed` - removed functionality
- `🔒 Security` - security changes
- `📘 Documentation` - documentation changes
---
**Versioning**: Semantic Versioning (MAJOR.MINOR.PATCH)
- **MAJOR**: Incompatible API changes
- **MINOR**: New functionality with backward compatibility
- **PATCH**: Bug fixes

263
docs/en/CHEATSHEET_EN.md Normal file
View File

@@ -0,0 +1,263 @@
# ⚡ SSL Certificate Cheatsheet
## 🚀 Quick Start
### Installation in 3 Commands
```bash
sudo make install
sudo nano /etc/letsencrypt/regru_config.json # Fill in data
sudo make test-cert # Test
```
---
## 🧪 Testing (NO Let's Encrypt Limits)
```bash
# Create test certificate (unlimited)
sudo make test-cert
# Check status
sudo make status
# View logs
sudo make logs
```
**When to use:**
- ⚠️ Let's Encrypt: max 5 certificates/week
- ✅ Test: UNLIMITED
- ⚡ Creation: 1-2 seconds vs 2-5 minutes
---
## 🔒 Production (Let's Encrypt)
```bash
# Get real certificate
sudo make obtain
# Automatic mode (check + renewal)
sudo make run
# Force renewal
sudo make renew
```
---
## 📋 Main Commands
| Command | Description | Limits |
|---------|-------------|--------|
| `make test-cert` | Test certificate | ✅ None |
| `make obtain` | New Let's Encrypt | ⚠️ 5/week |
| `make renew` | Renew existing | ⚠️ 5/week |
| `make run` | Auto mode | ⚠️ 5/week |
| `make status` | System status | - |
| `make logs` | Show logs | - |
| `make check-config` | Check configuration | - |
---
## 📝 Configuration
### Minimal (testing)
```json
{
"domain": "test.example.com",
"wildcard": true,
"cert_dir": "/etc/letsencrypt/live"
}
```
### Full (production + NPM)
```json
{
"regru_username": "myuser",
"regru_password": "mypassword",
"domain": "example.com",
"wildcard": true,
"email": "admin@example.com",
"renewal_days": 30,
"npm_enabled": true,
"npm_host": "https://npm.example.com",
"npm_email": "admin@example.com",
"npm_password": "npm_password"
}
```
---
## 🔄 Workflow
### Development → Production
```bash
# 1. Development (test certificates)
sudo make test-cert # Create test
# Test application...
# 2. Production (Let's Encrypt)
sudo rm -rf /etc/letsencrypt/live/example.com/ # Remove test
sudo make obtain # Create production
```
---
## 📁 Important Paths
```bash
# Configuration
/etc/letsencrypt/regru_config.json
# Certificates
/etc/letsencrypt/live/example.com/
├── privkey.pem # Private key
├── cert.pem # Certificate
├── fullchain.pem # Full chain (for nginx)
└── chain.pem # CA chain
# Scripts
/opt/letsencrypt-regru/letsencrypt_regru_api.py
# Logs
/var/log/letsencrypt_regru.log
```
---
## 🔍 Verification
```bash
# Check configuration
sudo make check-config
# Check certificate
openssl x509 -in /etc/letsencrypt/live/example.com/cert.pem -text -noout
# Check expiration date
openssl x509 -in /etc/letsencrypt/live/example.com/cert.pem -noout -dates
# Check systemd
sudo systemctl status letsencrypt-regru.timer
sudo systemctl list-timers letsencrypt-regru.timer
# Check cron
sudo crontab -l | grep letsencrypt
```
---
## 🐛 Debugging
```bash
# Detailed logs
sudo make logs
# Test run with details
sudo python3 /opt/letsencrypt-regru/letsencrypt_regru_api.py \
-c /etc/letsencrypt/regru_config.json --check -v
# Certbot logs
sudo tail -f /var/log/letsencrypt/letsencrypt.log
# Systemd logs
sudo journalctl -u letsencrypt-regru.service -f
```
---
## ⚠️ Common Errors
### Let's Encrypt: Rate limit exceeded
```bash
# SOLUTION: Use test certificates
sudo make test-cert
```
### NPM: Certificate not found
```bash
# SOLUTION: Check NPM settings
sudo make check-config
# Check connection
curl -k https://npm.example.com
```
### Permission denied
```bash
# SOLUTION: Run with sudo
sudo make test-cert
```
---
## 🎯 Use Case Scenarios
### Local Development
```bash
sudo make test-cert
# Open https://localhost (ignore warning)
```
### CI/CD Testing
```bash
# In pipeline
sudo make test-cert
# Run tests...
sudo make status
```
### Staging Environment
```bash
sudo make test-cert # Or
sudo make obtain # If domain available
```
### Production Environment
```bash
sudo make install
sudo make obtain
# Automatic renewal via cron/systemd
```
---
## 📚 Documentation
- **README.md** - Complete guide (1420+ lines)
- **TESTING_GUIDE.md** - Testing guide (370+ lines)
- **PROJECT_STRUCTURE.md** - Project structure
- **CHEATSHEET.md** - This cheatsheet
---
## 🆘 Quick Help
```bash
# Show all commands
make help
# Check installation
sudo make status
# Complete reinstall
sudo make uninstall
sudo make install
```
---
## 💡 Tips
1. **Always start with test certificates** - avoid limits
2. **Check configuration** - `make check-config`
3. **Monitor logs** - `make logs`
4. **Automate** - systemd/cron already configured
5. **Keep backups** of configuration
---
**Version**: 2.1
**Updated**: 27.10.2025

143
docs/en/DESCRIPTION_EN.md Normal file
View File

@@ -0,0 +1,143 @@
# 🔒 SSL Certificate Manager for Let's Encrypt + reg.ru
**Automated Let's Encrypt SSL certificate management with DNS validation via reg.ru API and Nginx Proxy Manager integration**
## 📖 Description
Comprehensive solution for automating the creation, renewal, and management of Let's Encrypt SSL certificates for domains registered with reg.ru. Supports DNS-01 validation, wildcard certificates, automatic upload to Nginx Proxy Manager, and test certificate generation for development.
### ✨ Key Features
- 🔐 **Automatic SSL certificate issuance** via Let's Encrypt
- 🌐 **DNS-01 validation** via reg.ru API (wildcard domain support)
- 🔄 **Automatic renewal** with configurable threshold
- 📦 **Nginx Proxy Manager integration** - automatic upload and update
- 🧪 **Test certificates** - bypass Let's Encrypt rate limits (5 per week)
- ⚙️ **Full automation** via systemd/cron
- 🔀 **Repository synchronization** - automatic Gitea → GitHub sync
### 🚀 Quick Start
```bash
# Install via Makefile
sudo make install
# Configure
sudo nano /etc/letsencrypt/regru_config.json
# Create test certificate (no rate limits)
sudo make test-cert
# Get production certificate
sudo make obtain
```
### 📋 Requirements
- **OS**: Linux (Ubuntu/Debian/CentOS)
- **Python**: 3.6+
- **Dependencies**: certbot, requests, cryptography
- **API**: reg.ru (DNS management access)
- **Optional**: Nginx Proxy Manager
### 🎯 Use Cases
- ✅ SSL certificate automation for web servers
- ✅ Centralized management via Nginx Proxy Manager
- ✅ Development and testing with self-signed certificates
- ✅ CI/CD integration
- ✅ Multi-domain configurations with wildcards
### 📚 Documentation
#### English Documentation
- [BUILD_GUIDE_EN.md](../en/BUILD_GUIDE_EN.md) - Complete build guide
- [QUICKSTART_BUILD_EN.md](../en/QUICKSTART_BUILD_EN.md) - Quick build start
- [RELEASE_GUIDE_EN.md](../en/RELEASE_GUIDE_EN.md) - Release creation guide
- [MAKEFILE_COMMANDS_EN.md](../en/MAKEFILE_COMMANDS_EN.md) - Makefile commands reference
- [TESTING_GUIDE_EN.md](../en/TESTING_GUIDE_EN.md) - Testing guide
- [CHEATSHEET_EN.md](../en/CHEATSHEET_EN.md) - Quick reference
- [GITEA_SYNC_EN.md](../en/GITEA_SYNC_EN.md) - Gitea → GitHub sync
- [PROJECT_STRUCTURE_EN.md](../en/PROJECT_STRUCTURE_EN.md) - Project structure
#### Russian Documentation / Русская документация
- [BUILD_GUIDE.md](../ru/BUILD_GUIDE.md) - Полное руководство по сборке
- [QUICKSTART_BUILD.md](../ru/QUICKSTART_BUILD.md) - Быстрый старт сборки
- [RELEASE_GUIDE.md](../ru/RELEASE_GUIDE.md) - Руководство по созданию релизов
- [MAKEFILE_COMMANDS.md](../ru/MAKEFILE_COMMANDS.md) - Справочник команд Makefile
- [TESTING_GUIDE.md](../ru/TESTING_GUIDE.md) - Руководство по тестированию
- [CHEATSHEET.md](../ru/CHEATSHEET.md) - Быстрая шпаргалка
- [GITEA_SYNC.md](../ru/GITEA_SYNC.md) - Синхронизация Gitea → GitHub
- [PROJECT_STRUCTURE.md](../ru/PROJECT_STRUCTURE.md) - Структура проекта
---
## 🔨 Building Executables
The project supports building standalone executables for Linux and Windows:
```bash
# Build for current OS
make build
# Build for all platforms
make build-all
# Create full release
make release
```
**Result:**
- Linux: `letsencrypt-regru` (~45-55 MB)
- Windows: `letsencrypt-regru.exe` (~40-50 MB)
See [BUILD_GUIDE_EN.md](../en/BUILD_GUIDE_EN.md) for details.
---
## 🎯 Automated Releases
### GitHub Actions
Create a tag to trigger automatic build and release:
```bash
git tag -a v1.0.0 -m "Release 1.0.0"
git push origin v1.0.0
```
### Gitea Actions
Same workflow available for self-hosted Gitea:
```bash
git tag -a v1.0.0 -m "Release 1.0.0"
git push origin v1.0.0
```
See [RELEASE_GUIDE_EN.md](../en/RELEASE_GUIDE_EN.md) for details.
---
## 👤 Author
**Dmitry Fofanov** @ 2025
## 📄 License
Open Source - Free to use
## 🤝 Contributing
Pull requests are welcome!
## 🔗 Links
- **reg.ru API Documentation**: https://www.reg.ru/support/api
- **Let's Encrypt**: https://letsencrypt.org/
- **Nginx Proxy Manager**: https://nginxproxymanager.com/
- **PyInstaller**: https://pyinstaller.org/
---
**Last Updated:** October 28, 2025

174
docs/en/DOCS_INDEX_EN.md Normal file
View File

@@ -0,0 +1,174 @@
# 📚 Documentation Index
## 🇬🇧 English Documentation
### Main Guides
- **[DESCRIPTION_EN.md](DESCRIPTION_EN.md)** - Project Description & Overview
- **[BUILD_GUIDE_EN.md](BUILD_GUIDE_EN.md)** - Complete Build Guide
- **[QUICKSTART_BUILD_EN.md](QUICKSTART_BUILD_EN.md)** - Quick Build Start (5 minutes)
- **[RELEASE_GUIDE_EN.md](RELEASE_GUIDE_EN.md)** - Automated Release Guide
- **[INSTALL_GUIDE_EN.md](INSTALL_GUIDE_EN.md)** - Installation Guide
- **[TESTING_GUIDE_EN.md](TESTING_GUIDE_EN.md)** - Testing Guide
### Reference Materials
- **[MAKEFILE_COMMANDS_EN.md](MAKEFILE_COMMANDS_EN.md)** - Makefile Commands Reference
- **[CHEATSHEET_EN.md](CHEATSHEET_EN.md)** - Quick Reference
- **[CHANGELOG_EN.md](CHANGELOG_EN.md)** - Change History
### Developer Guides
- **[PROJECT_STRUCTURE_EN.md](PROJECT_STRUCTURE_EN.md)** - Project Structure
- **[GITEA_SYNC_EN.md](GITEA_SYNC_EN.md)** - Gitea → GitHub Synchronization
### SSL & Certificates
- **[SSL_SCRIPTS_README_EN.md](SSL_SCRIPTS_README_EN.md)** - SSL Scripts Documentation
- **[SSL_Certificate_Creation_and_Renewal_EN.md](SSL_Certificate_Creation_and_Renewal_EN.md)** - SSL Certificate Guide
- **[Add_Lets_Encrypt_Certificate_for_regru_Provider_EN.md](Add_Lets_Encrypt_Certificate_for_regru_Provider_EN.md)** - Let's Encrypt + reg.ru
### Nginx Integration
- **[Nginx_Manager_SSL_Configuration_EN.md](Nginx_Manager_SSL_Configuration_EN.md)** - Nginx Manager SSL Setup
---
## 🇷🇺 Russian Documentation / Русская документация
### Основные руководства / Main Guides
- **[DESCRIPTION.md](../ru/DESCRIPTION.md)** - Описание проекта
- **[BUILD_GUIDE.md](../ru/BUILD_GUIDE.md)** - Полное руководство по сборке
- **[QUICKSTART_BUILD.md](../ru/QUICKSTART_BUILD.md)** - Быстрый старт сборки (5 минут)
- **[RELEASE_GUIDE.md](../ru/RELEASE_GUIDE.md)** - Руководство по автоматическим релизам
- **[INSTALL_GUIDE.md](../ru/INSTALL_GUIDE.md)** - Руководство по установке
- **[TESTING_GUIDE.md](../ru/TESTING_GUIDE.md)** - Руководство по тестированию
### Справочная информация / Reference Materials
- **[MAKEFILE_COMMANDS.md](../ru/MAKEFILE_COMMANDS.md)** - Справочник команд Makefile
- **[CHEATSHEET.md](../ru/CHEATSHEET.md)** - Быстрая шпаргалка
- **[CHANGELOG.md](../ru/CHANGELOG.md)** - История изменений
### Руководства для разработчиков / Developer Guides
- **[PROJECT_STRUCTURE.md](../ru/PROJECT_STRUCTURE.md)** - Структура проекта
- **[GITEA_SYNC.md](../ru/GITEA_SYNC.md)** - Синхронизация Gitea → GitHub
---
## 🚀 Quick Start / Быстрый старт
### For End Users / Для конечных пользователей
**English:**
1. Start here: [DESCRIPTION_EN.md](DESCRIPTION_EN.md)
2. Install: [INSTALL_GUIDE_EN.md](INSTALL_GUIDE_EN.md)
3. Test: [TESTING_GUIDE_EN.md](TESTING_GUIDE_EN.md)
4. Quick reference: [CHEATSHEET_EN.md](CHEATSHEET_EN.md)
**Russian / Русский:**
1. Начните здесь: [DESCRIPTION.md](../ru/DESCRIPTION.md)
2. Установка: [INSTALL_GUIDE.md](../ru/INSTALL_GUIDE.md)
3. Тестирование: [TESTING_GUIDE.md](../ru/TESTING_GUIDE.md)
4. Шпаргалка: [CHEATSHEET.md](../ru/CHEATSHEET.md)
### For Developers / Для разработчиков
**English:**
1. Build guide: [BUILD_GUIDE_EN.md](BUILD_GUIDE_EN.md)
2. Quick build: [QUICKSTART_BUILD_EN.md](QUICKSTART_BUILD_EN.md)
3. Create release: [RELEASE_GUIDE_EN.md](RELEASE_GUIDE_EN.md)
4. Commands: [MAKEFILE_COMMANDS_EN.md](MAKEFILE_COMMANDS_EN.md)
**Russian / Русский:**
1. Руководство по сборке: [BUILD_GUIDE.md](../ru/BUILD_GUIDE.md)
2. Быстрая сборка: [QUICKSTART_BUILD.md](../ru/QUICKSTART_BUILD.md)
3. Создание релиза: [RELEASE_GUIDE.md](../ru/RELEASE_GUIDE.md)
4. Команды: [MAKEFILE_COMMANDS.md](../ru/MAKEFILE_COMMANDS.md)
---
## 📖 Documentation by Topic / Документация по темам
### Installation / Установка
| Topic | English | Russian |
|-------|---------|---------|
| Installation Guide | [INSTALL_GUIDE_EN.md](INSTALL_GUIDE_EN.md) | [INSTALL_GUIDE.md](../ru/INSTALL_GUIDE.md) |
| Quick Start | [DESCRIPTION_EN.md](DESCRIPTION_EN.md) | [DESCRIPTION.md](../ru/DESCRIPTION.md) |
### Building / Сборка
| Topic | English | Russian |
|-------|---------|---------|
| Complete Build Guide | [BUILD_GUIDE_EN.md](BUILD_GUIDE_EN.md) | [BUILD_GUIDE.md](../ru/BUILD_GUIDE.md) |
| Quick Build (5 min) | [QUICKSTART_BUILD_EN.md](QUICKSTART_BUILD_EN.md) | [QUICKSTART_BUILD.md](../ru/QUICKSTART_BUILD.md) |
| Makefile Commands | [MAKEFILE_COMMANDS_EN.md](MAKEFILE_COMMANDS_EN.md) | [MAKEFILE_COMMANDS.md](../ru/MAKEFILE_COMMANDS.md) |
### Releases / Релизы
| Topic | English | Russian |
|-------|---------|---------|
| Automated Releases | [RELEASE_GUIDE_EN.md](RELEASE_GUIDE_EN.md) | [RELEASE_GUIDE.md](../ru/RELEASE_GUIDE.md) |
| Changelog | [CHANGELOG_EN.md](CHANGELOG_EN.md) | [CHANGELOG.md](../ru/CHANGELOG.md) |
### Testing / Тестирование
| Topic | English | Russian |
|-------|---------|---------|
| Testing Guide | [TESTING_GUIDE_EN.md](TESTING_GUIDE_EN.md) | [TESTING_GUIDE.md](../ru/TESTING_GUIDE.md) |
### Reference / Справка
| Topic | English | Russian |
|-------|---------|---------|
| Quick Reference | [CHEATSHEET_EN.md](CHEATSHEET_EN.md) | [CHEATSHEET.md](../ru/CHEATSHEET.md) |
| Project Structure | [PROJECT_STRUCTURE_EN.md](PROJECT_STRUCTURE_EN.md) | [PROJECT_STRUCTURE.md](../ru/PROJECT_STRUCTURE.md) |
---
## 📊 Documentation Status / Статус документации
| Document | English | Russian | Status |
|----------|---------|---------|--------|
| Description | ✅ | ✅ | Complete |
| Build Guide | ✅ | ✅ | Complete |
| Quick Build | ✅ | ✅ | Complete |
| Release Guide | ✅ | ✅ | Complete |
| Install Guide | ✅ | ✅ | Complete |
| Makefile Commands | ✅ | ✅ | Complete |
| Testing Guide | ✅ | ✅ | Complete |
| Cheatsheet | ✅ | ✅ | Complete |
| Project Structure | ✅ | ✅ | Complete |
| Gitea Sync | ✅ | ✅ | Complete |
| Changelog | ✅ | ✅ | Complete |
**Legend:**
- ✅ Complete / Готово
- 🔄 In Progress / В разработке
- ❌ Not Started / Не начато
---
## 🎯 Choose Your Language / Выберите язык
### 🇬🇧 Prefer English?
👉 Start with [DESCRIPTION_EN.md](DESCRIPTION_EN.md)
### 🇷🇺 Предпочитаете русский?
👉 Начните с [DESCRIPTION.md](../ru/DESCRIPTION.md)
---
## 💡 Contributing / Вклад
Help improve documentation / Помогите улучшить документацию:
- Report issues / Сообщайте об ошибках
- Suggest improvements / Предлагайте улучшения
- Fix typos / Исправляйте опечатки
- Translate / Переводите
---
## 🔗 External Resources / Внешние ресурсы
- **reg.ru API**: https://www.reg.ru/support/api
- **Let's Encrypt**: https://letsencrypt.org/
- **Nginx Proxy Manager**: https://nginxproxymanager.com/
- **PyInstaller**: https://pyinstaller.org/
- **GitHub Actions**: https://docs.github.com/actions
- **Gitea Actions**: https://docs.gitea.com/usage/actions/overview
---
**Last Updated / Обновлено**: October 28, 2025
**Maintained by / Поддерживает**: Dmitry Fofanov

438
docs/en/GITEA_SYNC_EN.md Normal file
View File

@@ -0,0 +1,438 @@
# 🔄 Gitea → GitHub Synchronization
Automatic repository synchronization from Gitea to GitHub after each push.
---
## 📋 Available Methods
| Method | Complexity | Speed | Reliability | Recommendation |
|--------|------------|-------|-------------|----------------|
| **1. Git Hooks** | ⭐⭐ | ⚡ Instant | ✅ High | Recommended |
| **2. GitHub Actions** | ⭐⭐⭐ | ⏱️ 1-5 min | ✅ High | Complex scenarios |
| **3. Gitea Mirror** | ⭐ | ⏱️ Scheduled | ⭐⭐ Medium | Simplest |
| **4. Double Remote** | ⭐ | ⚡ Instant | ⭐⭐ Medium | Local work |
---
## 🚀 Method 1: Git Hooks (Recommended)
### Installation
**1. On Gitea server, find repository path:**
```bash
# Usually:
/var/lib/gitea/data/gitea-repositories/username/configure_nginx_manager.git
# Or
/home/git/gitea-repositories/username/configure_nginx_manager.git
```
**2. Create post-receive hook:**
```bash
cd /path/to/gitea/repos/username/configure_nginx_manager.git/hooks/
nano post-receive
```
**3. Insert content** from `gitea-hooks/post-receive` file (in this repository)
**4. Configure parameters:**
```bash
# In post-receive file, change:
GITHUB_REPO="git@github.com:YOUR_USERNAME/configure_nginx_manager.git"
# Or for HTTPS with token:
GITHUB_REPO="https://YOUR_TOKEN@github.com/YOUR_USERNAME/configure_nginx_manager.git"
```
**5. Make script executable:**
```bash
chmod +x post-receive
```
**6. Create log directory:**
```bash
mkdir -p /var/log/gitea
chown git:git /var/log/gitea
```
### SSH Key Setup (for git@github.com)
**On Gitea server:**
**Step 1: Identify Gitea user**
```bash
# Check which user runs Gitea
ps aux | grep gitea | grep -v grep
# Usually one of:
# - git (standard installation)
# - gitea (Docker/LXC installation)
```
**Step 2: Switch to that user**
```bash
# Try git:
sudo su - git
# If that doesn't work, try gitea:
sudo su - gitea
# Verify current user
whoami # Should be: git or gitea
```
**Step 3: Create SSH key**
```bash
# Create SSH key (if not exists)
ssh-keygen -t ed25519 -C "gitea-to-github-sync" -f ~/.ssh/id_ed25519 -N ""
# Copy public key
cat ~/.ssh/id_ed25519.pub
```
**On GitHub:**
1. Settings → SSH and GPG keys
2. New SSH key
3. Paste public key
4. Save
**⚠️ IMPORTANT: Add GitHub to known_hosts:**
```bash
# From the same user (git or gitea)
ssh-keyscan -H github.com >> ~/.ssh/known_hosts
# Verify key was added
cat ~/.ssh/known_hosts | grep github.com
```
**Verify connection:**
```bash
ssh -T git@github.com
# Should output: Hi username! You've successfully authenticated...
```
### Token Setup (for HTTPS)
**On GitHub:**
1. Settings → Developer settings → Personal access tokens → Tokens (classic)
2. Generate new token
3. Select scope: `repo` (full repository access)
4. Copy token
**In hook file:**
```bash
GITHUB_REPO="https://ghp_YOUR_TOKEN_HERE@github.com/username/configure_nginx_manager.git"
```
### Testing
```bash
# Make test commit in Gitea
cd /tmp
git clone http://gitea.example.com/username/configure_nginx_manager.git
cd configure_nginx_manager
echo "test" >> README.md
git add README.md
git commit -m "Test sync to GitHub"
git push
# Check log
tail -f /var/log/gitea/github-sync.log
# Check GitHub - changes should appear
```
---
## 🔄 Method 2: GitHub Actions
### Installation
**1. Create workflow in GitHub repository:**
File already created: `.github/workflows/sync-from-gitea.yml`
**2. Configure secrets in GitHub:**
GitHub Repository → Settings → Secrets and variables → Actions → New repository secret
Add:
- **Name**: `GITEA_URL`
- **Value**: `https://gitea.example.com/username/configure_nginx_manager.git`
- **Name**: `GITEA_TOKEN`
- **Value**: Gitea access token
### Getting Gitea Token
**In Gitea:**
1. Settings → Applications → Generate New Token
2. Token Name: "GitHub Sync"
3. Select permissions: `read:repository`
4. Generate Token
5. Copy token
### Running Sync
**Automatically (scheduled):**
- Checks for changes every hour
**Manually:**
1. GitHub → Actions
2. Select workflow "Sync from Gitea"
3. Run workflow
**Via Gitea webhook:**
In Gitea repository:
1. Settings → Webhooks → Add Webhook → Gitea
2. Target URL: `https://api.github.com/repos/USERNAME/configure_nginx_manager/dispatches`
3. HTTP Method: `POST`
4. POST Content Type: `application/json`
5. Trigger On: `Push events`
6. Body:
```json
{
"event_type": "gitea-push"
}
```
---
## 🪞 Method 3: Gitea Mirror (Built-in)
### Setup
**In Gitea repository:**
1. Settings → Repository
2. Scroll to "Mirror Settings"
3. Click "Add Push Mirror"
4. Fill in:
- **Git Remote Repository URL**: `https://github.com/username/configure_nginx_manager.git`
- **Username**: your GitHub username
- **Password**: GitHub Personal Access Token
- **Sync Interval**: `8h` (every 8 hours) or `0` (manual only)
5. Save
### Manual Sync
Settings → Repository → Mirror Settings → Sync Now
### Advantages
- ✅ Built-in feature
- ✅ No scripts required
- ✅ Web interface management
### Disadvantages
- ⚠️ Works on schedule (not instant)
- ⚠️ Not available in all Gitea versions
---
## 🔀 Method 4: Double Remote
### For Local Work
**Setup:**
```bash
# In your local repository
cd configure_nginx_manager
# Add GitHub as second remote
git remote add github git@github.com:username/configure_nginx_manager.git
# Or configure push to both repositories simultaneously
git remote set-url --add --push origin git@github.com:username/configure_nginx_manager.git
# Verify
git remote -v
```
**Usage:**
```bash
# Normal push (Gitea only)
git push origin main
# Push to GitHub
git push github main
# Push to both repositories
git push origin main
git push github main
# Or create alias
git config alias.pushall '!git push origin main && git push github main'
git pushall
```
---
## 🔍 Sync Verification
### Check via Git
```bash
# Compare commits
git ls-remote git@gitea.example.com:username/configure_nginx_manager.git
git ls-remote git@github.com:username/configure_nginx_manager.git
# Should have identical SHA
```
### Check Logs (Method 1 - Hooks)
```bash
# On Gitea server
tail -f /var/log/gitea/github-sync.log
```
### Check GitHub Actions (Method 2)
1. GitHub Repository → Actions
2. View recent runs
3. Check execution logs
---
## ⚙️ Recommended Configuration
For maximum reliability, use **combination of methods**:
1. **Git Hook** (primary) - instant sync
2. **GitHub Actions** (backup) - hourly check in case of hook failure
### Installing Both Methods
```bash
# 1. Install Git Hook on Gitea server
# (see Method 1)
# 2. Configure GitHub Actions
# (see Method 2)
# 3. GitHub Actions will catch missed changes
```
---
## 🐛 Troubleshooting
### Problem: Hook not firing
**Check:**
```bash
# On Gitea server
ls -la /path/to/repo.git/hooks/post-receive
# Should be -rwxr-xr-x
# Check permissions
chmod +x /path/to/repo.git/hooks/post-receive
chown git:git /path/to/repo.git/hooks/post-receive
# Check Gitea error log
tail -f /var/log/gitea/gitea.log
```
### Problem: Permission denied (SSH)
**Solution:**
```bash
# Ensure SSH key is added to GitHub
ssh -T git@github.com
# Check .ssh permissions
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_ed25519
```
### Problem: Authentication failed (HTTPS)
**Solution:**
- Check GitHub token (should have `repo` scope)
- Token not expired
- Correct URL format: `https://TOKEN@github.com/user/repo.git`
### Problem: GitHub Actions not triggering
**Solution:**
1. Check secrets in Settings → Secrets
2. Verify webhook format from Gitea
3. Run manually for test
---
## 📊 Method Comparison
### Sync Speed
- **Git Hooks**: ⚡ < 1 second
- **GitHub Actions (webhook)**: 10-30 seconds
- **GitHub Actions (schedule)**: up to 1 hour
- **Gitea Mirror**: scheduled
### Reliability
- **Git Hooks**: ⭐⭐⭐⭐⭐ (when properly configured)
- **GitHub Actions**: ⭐⭐⭐⭐⭐ (very reliable)
- **Gitea Mirror**: ⭐⭐⭐ (depends on Gitea version)
- **Double Remote**: ⭐⭐ (requires manual action)
---
## 🎯 Final Recommendation
For `configure_nginx_manager` project:
**1. Primary method: Git Hook**
- Fast
- Reliable
- Automatic
**2. Backup method: GitHub Actions**
- Hourly check
- Catches missed changes
- Can run manually
**3. Monitoring:**
```bash
# Weekly verification
git ls-remote origin | head -1
git ls-remote github | head -1
# SHA should match
```
---
## 📝 Quick Setup
```bash
# On Gitea server
sudo su - git
cd /path/to/gitea-repositories/username/configure_nginx_manager.git/hooks/
# Download hook
wget https://raw.githubusercontent.com/username/configure_nginx_manager/main/gitea-hooks/post-receive
# Configure
nano post-receive
# Change GITHUB_REPO
# Permissions
chmod +x post-receive
# Test
echo "test" | ./post-receive
```
Done! 🎉
---
## 📚 Additional Resources
- [Git Hooks Documentation](https://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks)
- [GitHub Actions Documentation](https://docs.github.com/en/actions)
- [Gitea Documentation](https://docs.gitea.io/)
---
**Version**: 1.0
**Author**: Фофанов Дмитрий
**Date**: October 27, 2025

365
docs/en/INSTALL_GUIDE_EN.md Normal file
View File

@@ -0,0 +1,365 @@
# Installation Guide for letsencrypt_regru.sh
**Author:** Dmitry Fofanov
**Date:** October 28, 2025
## Description
`letsencrypt_regru.sh` is an automated installer for Let's Encrypt Manager with reg.ru and Nginx Proxy Manager integration.
The script automates:
- Installation of all system dependencies
- Python virtual environment creation
- Python library installation (requests, cryptography, certbot)
- Interactive configuration setup
- Creating and configuring systemd services
- Automatic certificate renewal setup
## Requirements
- Linux (Debian/Ubuntu, CentOS/RHEL/Fedora)
- Root access (sudo)
- Minimum 512MB RAM
- Minimum 1GB free disk space
- Internet connection
## Quick Installation
**Method 1: Automatic Installation (Recommended)**
The fastest way - run installation directly from GitHub:
```bash
sudo bash -c "$(curl -fsSL https://github.com/DFofanov/configure_nginx_manager/raw/refs/heads/master/letsencrypt_regru.sh)"
```
This command will:
- Automatically download the installation script
- Run it with root privileges
- Guide you through interactive setup
**Method 2: Clone Repository**
If you want to review the code before installation:
```bash
# 1. Download repository
git clone https://github.com/DFofanov/configure_nginx_manager.git
cd configure_nginx_manager
# 2. Make executable
chmod +x letsencrypt_regru.sh
# 3. Run installation
sudo ./letsencrypt_regru.sh
```
## Interactive Setup
During installation, the script will ask for:
1. **Domain** - your main domain (e.g., `example.com`)
2. **Email** - for Let's Encrypt notifications
3. **reg.ru credentials:**
- Username
- Password
4. **Wildcard certificate** - create `*.example.com` (recommended: Yes)
5. **NPM integration** (optional):
- NPM address (e.g., `http://10.10.10.14:81`)
- NPM login email
- NPM password
## Structure After Installation
```
/opt/letsencrypt-regru/ # Application
├── letsencrypt_regru_api.py # Main script
├── venv/ # Python virtual environment
└── docs/ # Documentation
/etc/letsencrypt-regru/ # Configuration
└── config.json # Settings (credentials, domain, NPM)
/var/log/letsencrypt-regru/ # Logs
└── letsencrypt_regru.log
/etc/letsencrypt/live/ # Let's Encrypt certificates
└── example.com/
├── privkey.pem
├── cert.pem
├── chain.pem
└── fullchain.pem
/etc/systemd/system/ # Systemd services
├── letsencrypt-regru.service # Renewal service
└── letsencrypt-regru.timer # Timer (every 12 hours)
/usr/local/bin/
└── letsencrypt-regru # Global command
```
## Using letsencrypt-regru Command
After installation, a convenient command is available:
```bash
# Check current certificate expiration
letsencrypt-regru --check
# Obtain new Let's Encrypt certificate
letsencrypt-regru --obtain
# Renew existing certificate
letsencrypt-regru --renew
# Automatically check and renew if needed
letsencrypt-regru --auto
# Create test self-signed certificate
letsencrypt-regru --test-cert
# Show help
letsencrypt-regru --help
```
## Automatic Renewal
The installer configures a systemd timer for automatic checks:
```bash
# Check timer status
systemctl status letsencrypt-regru.timer
# When is next run
systemctl list-timers letsencrypt-regru.timer
# View run history
journalctl -u letsencrypt-regru
# Follow logs in real-time
journalctl -u letsencrypt-regru -f
```
### Timer Settings
Default settings:
- First run: 15 minutes after system boot
- Frequency: every 12 hours
- Random delay: up to 1 hour (to avoid creating load)
Can be modified in `/etc/systemd/system/letsencrypt-regru.timer`.
## Editing Configuration
```bash
# Open configuration in editor
sudo nano /etc/letsencrypt-regru/config.json
# After changes, restart timer
sudo systemctl restart letsencrypt-regru.timer
```
### Example config.json
```json
{
"regru_username": "your_username",
"regru_password": "your_password",
"domain": "example.com",
"wildcard": true,
"email": "admin@example.com",
"cert_dir": "/etc/letsencrypt/live",
"log_file": "/var/log/letsencrypt-regru/letsencrypt_regru.log",
"dns_propagation_wait": 60,
"dns_check_attempts": 10,
"dns_check_interval": 10,
"renewal_days": 30,
"npm_enabled": true,
"npm_host": "http://10.10.10.14:81",
"npm_email": "admin@npm.local",
"npm_password": "secure_password"
}
```
## Updating Application
```bash
# Download latest version
cd configure_nginx_manager
git pull
# Run update
sudo ./letsencrypt_regru.sh update
```
Update will:
- Stop timer
- Update script
- Update Python dependencies
- Restart timer
## Uninstallation
```bash
# Complete application removal
sudo ./letsencrypt_regru.sh uninstall
```
Script will remove:
- Application from `/opt/letsencrypt-regru/`
- Systemd services
- Global command
Certificates in `/etc/letsencrypt/live/` are preserved!
Optionally you can remove:
- Configuration `/etc/letsencrypt-regru/`
- Logs `/var/log/letsencrypt-regru/`
## Viewing Logs
```bash
# Systemd logs (recommended)
journalctl -u letsencrypt-regru -f
# Log file
tail -f /var/log/letsencrypt-regru/letsencrypt_regru.log
# Last 100 lines
tail -n 100 /var/log/letsencrypt-regru/letsencrypt_regru.log
```
## Troubleshooting
### Installation Check
```bash
# Check command availability
which letsencrypt-regru
# Check Python environment
ls -la /opt/letsencrypt-regru/venv/
# Check systemd services
systemctl list-unit-files | grep letsencrypt-regru
```
### Installation Errors
**Error: "Permission denied"**
```bash
# Run with sudo
sudo ./letsencrypt_regru.sh
```
**Error: "Package not found"**
```bash
# Update package lists
sudo apt-get update # Debian/Ubuntu
sudo yum update # CentOS/RHEL
```
**Error: "Python module not found"**
```bash
# Reinstall virtual environment
sudo rm -rf /opt/letsencrypt-regru/venv
sudo ./letsencrypt_regru.sh
```
### Certificate Issues
**Certificate not created**
```bash
# Check logs
tail -n 50 /var/log/letsencrypt-regru/letsencrypt_regru.log
# Check configuration
cat /etc/letsencrypt-regru/config.json
# Try manually
letsencrypt-regru --obtain -v
```
**DNS not updating**
```bash
# Increase wait time in config.json
"dns_propagation_wait": 120,
"dns_check_attempts": 20
```
### NPM Issues
**Not uploading to NPM**
```bash
# Check NPM availability
curl http://192.168.10.14:81
# Check credentials in config.json
# Try manually
letsencrypt-regru --test-cert -v
```
## Supported OS
✅ Debian 10, 11, 12
✅ Ubuntu 20.04, 22.04, 24.04
✅ CentOS 7, 8
✅ RHEL 7, 8, 9
✅ Fedora 35+
## Additional Features
### Test Certificate
For testing without Let's Encrypt rate limits:
```bash
letsencrypt-regru --test-cert
```
Creates self-signed certificate valid for 90 days.
### Manual Renewal Run
```bash
# Start service manually
sudo systemctl start letsencrypt-regru.service
# Check status
systemctl status letsencrypt-regru.service
```
### Change Check Frequency
Edit `/etc/systemd/system/letsencrypt-regru.timer`:
```ini
[Timer]
# Every 6 hours instead of 12
OnUnitActiveSec=6h
```
Then:
```bash
sudo systemctl daemon-reload
sudo systemctl restart letsencrypt-regru.timer
```
## Security
- Configuration with passwords has `600` permissions (root only)
- Certificate private keys have `600` permissions
- All operations run as root
- Logs accessible only to root
## Support
- GitHub Issues: https://github.com/DFofanov/configure_nginx_manager/issues
- Documentation: `/opt/letsencrypt-regru/docs/`
- Email: admin@dfv24.com
---
**Developed by:** Dmitry Fofanov
**Date:** October 28, 2025
**Version:** 2.0

159
docs/en/MAKEFILE_COMMANDS_EN.md Normal file
View File

@@ -0,0 +1,159 @@
# Makefile Commands - Quick Reference
## 📋 Command Categories
### 🛠️ Installation and Deployment
```bash
make install # Full application installation
make uninstall # Remove application
make status # Check installation status
make check-config # Verify configuration
```
### 🔨 Building Executables
```bash
make build # Build for current OS
make build-linux # Build for Linux
make build-windows # Build for Windows
make build-all # Build for all platforms
```
### 📦 Creating Packages
```bash
make package-linux # Create tar.gz for Linux
make package-windows # Create zip for Windows
make release # Full release cycle
```
### 🧪 Testing
```bash
make test-run # Test script run
make test-cert # Create test certificate
make test-build # Test built file
```
### 🚀 Running Operations
```bash
make run # Automatic check and renewal
make obtain # Obtain new certificate
make renew # Renew existing certificate
```
### 📊 Monitoring
```bash
make logs # Show logs
make status # Service status
```
### 🧹 Cleanup
```bash
make clean # Clean Python temporary files
make clean-build # Clean build artifacts
```
### Information
```bash
make help # Show help
make build-info # Build environment information
```
---
## 🎯 Common Scenarios
### Initial Installation
```bash
sudo make install
sudo make check-config
sudo make test-run
```
### Building Release for GitHub
```bash
make clean-build
make release
# Files will be in dist/
```
### Creating Test Environment
```bash
sudo make install
sudo make test-cert
sudo make status
```
### Manual Certificate Renewal
```bash
sudo make run
sudo make logs
```
### Removing Application
```bash
sudo make uninstall
```
---
## 📝 Environment Variables
Main variables defined in Makefile:
```makefile
INSTALL_DIR = /opt/letsencrypt-regru
CONFIG_FILE = /etc/letsencrypt/regru_config.json
LOG_FILE = /var/log/letsencrypt_regru.log
SERVICE_NAME = letsencrypt-regru
PYTHON = python3
```
---
## 🔐 Required Permissions
**Require sudo:**
- `make install`
- `make uninstall`
- `make run`
- `make obtain`
- `make renew`
- `make test-run`
- `make test-cert`
**Don't require sudo:**
- `make build*`
- `make package*`
- `make clean*`
- `make help`
- `make build-info`
---
## 💡 Useful Combinations
```bash
# Full reinstallation
sudo make uninstall && sudo make install
# Build and test
make build && make test-build
# Clean and release
make clean-build && make release
# Post-installation check
sudo make status && sudo make test-run && sudo make logs
```
---
**Author:** Dmitry Fofanov
**Last Updated:** October 28, 2025

79
docs/en/Nginx_Manager_SSL_Configuration_EN.md Normal file
View File

@@ -0,0 +1,79 @@
# Detailed Guide to Configuring Nginx Proxy Manager with One Global SSL Certificate for All dfv24.com Domains
## Prerequisites
- [Nginx Proxy Manager](http://192.168.10.14:81/) is installed and running
- Main domain: dfv24.com
- Domain hosting and DNS records are on reg.ru
- Need to use one SSL certificate (e.g., wildcard) for all dfv24.com subdomains
---
## Step 1. Purchasing and Obtaining SSL Wildcard Certificate for dfv24.com
1. On reg.ru or any other Certificate Authority (CA), order wildcard certificate for domain `*.dfv24.com`.
2. Obtain certificate files:
- Main certificate (CRT)
- Intermediate certificates (CA Bundle)
- Private key (KEY)
---
## Step 2. Importing Your SSL Certificate to Nginx Proxy Manager
1. Log in to Nginx Proxy Manager at http://192.168.10.14:81/
2. Go to **SSL Certificates** section → **Add SSL Certificate** button
3. Select **Custom** (custom certificate)
4. Paste into fields:
- **Certificate** — main CRT + CA Bundle (if CA Bundle is separate, concatenate into one file or paste sequentially)
- **Key** — private key content
- Name certificate, e.g., `dfv24_wildcard`
5. Save
---
## Step 3. Configuring Proxy Hosts Using Global Certificate
1. Go to **Proxy Hosts****Add Proxy Host**
2. Fill in fields:
- **Domain Names**: For example, `sub1.dfv24.com` (for first subdomain)
- **Scheme**: http or https, depending on backend
- **Forward Hostname / IP**: IP or DNS address of your internal service
- **Forward Port**: service port (e.g., 80 or 443)
3. Enable **SSL** → Check **Use a shared SSL certificate** (if such option is available) or select previously imported certificate from list
4. Activate: **Block Common Exploits**, **Websockets Support**, set Redirect HTTP to HTTPS if required
5. Save proxy host
6. Repeat for all subdomains, specifying needed domains and selecting same wildcard SSL certificate
---
## Step 4. Configuring DNS Records on reg.ru
1. Log in to domain management panel on reg.ru
2. Create or edit DNS A records:
- `dfv24.com` → IP of your Nginx Proxy Manager (e.g., 192.168.10.14)
- `*.dfv24.com` → same IP or specific subdomains if there are special ones
3. Save changes
4. Wait for DNS update (from few minutes to 24 hours)
---
## Step 5. Testing and Verification
1. In browser, open any subdomain `https://sub1.dfv24.com`
2. Certificate should be valid, issued for wildcard `*.dfv24.com`
3. Check proxy functionality and correct certificate assignment
4. If necessary, check Nginx Proxy Manager logs and fix errors
---
## Additional Information
- If Nginx Proxy Manager doesn't have GUI option to select shared certificate, you can manually configure configs through `/data/nginx/proxy_host` directory and specify SSL certificate for all hosts.
- When updating certificate — re-import it to Nginx Proxy Manager.
- You can use Let's Encrypt for automatic wildcard certificate obtaining using DNS validation (if supported by your DNS provider).
---
# Summary
Use one wildcard certificate for all subdomains, import it as custom certificate in Nginx Proxy Manager, when creating proxy hosts select it in SSL settings. Manage DNS records on reg.ru, directing domain to Nginx Proxy Manager IP.
This allows legitimate use of single certificate for all services with different subdomains under your dfv24.com domain.

287
docs/en/PROJECT_STRUCTURE_EN.md Normal file
View File

@@ -0,0 +1,287 @@
# 📁 configure_nginx_manager Project Structure
## Main Scripts
### Python (Recommended)
- **letsencrypt_regru_api.py** (1,411 lines)
- Full-featured Python script
- Direct reg.ru API integration
- Nginx Proxy Manager integration
- Automatic certificate check and renewal
- Test self-signed certificate generation
- Wildcard domain support
### Bash
- **letsencrypt_regru_dns.sh**
- Bash script with certbot-dns-regru plugin
- Easy to use
- Minimal dependencies
### PowerShell
- **letsencrypt_regru.ps1**
- Windows version
- Similar to Bash script
### Testing
- **test_certificate.sh**
- Quick test certificate creation via OpenSSL
- Standalone operation without Python
- Wildcard domain support
## Automation
### Makefile
- **Makefile** (415 lines)
- `make install` - Complete installation and setup
- `make uninstall` - Clean removal
- `make status` - Check status
- `make test-cert` - Create test certificate
- `make obtain` - Get Let's Encrypt certificate
- `make renew` - Renew certificate
- `make logs` - View logs
- `make check-config` - Validate configuration
## Configuration
### config.json.example
Example configuration with all parameters:
- reg.ru API credentials
- Domain and email settings
- Renewal parameters (renewal_days)
- Nginx Proxy Manager settings
- Directory and log paths
## Documentation
### README.md (1,420+ lines)
Main documentation:
- Introduction and features
- Quick start
- Makefile installation
- Test certificate creation
- Requirements and dependencies
- Configuration and usage
- NPM integration
- Automatic check and renewal
- Automation via cron/systemd
- Troubleshooting
### README_EN.md (English version)
Complete English translation of main guide
### TESTING_GUIDE.md (370+ lines)
Testing guide:
- Why test certificates are needed
- Bypass Let's Encrypt limits (5 per week)
- Quick start with test certificates
- Method comparison
- Development usage
- Test automation
- Transition from test to production
- FAQ
- CI/CD and Docker examples
### TESTING_GUIDE_EN.md (English version)
Complete English translation of testing guide
### GITEA_SYNC.md
Gitea → GitHub synchronization:
- 4 sync methods (Git Hooks, GitHub Actions, Gitea Mirror, Double Remote)
- Step-by-step installation
- SSH and token setup
- Webhook integration
- Troubleshooting
- Method comparison
### GITEA_SYNC_EN.md (English version)
Complete English translation of sync guide
### CHEATSHEET.md
Quick reference:
- Main commands
- Development workflow
- Use case scenarios
- Common errors and solutions
- Checking and debugging
### CHEATSHEET_EN.md (English version)
Complete English translation of cheatsheet
### PROJECT_STRUCTURE.md (this file)
- All project files description
- Component overview
### PROJECT_STRUCTURE_EN.md (English version)
Complete English translation of structure
### DESCRIPTION.md
Project description:
- Russian description
- English description
- Quick start
- Features overview
### CHANGELOG.md
Change history:
- Versions and updates
- New features
- Bug fixes
- Roadmap
### CHANGELOG_EN.md (English version)
Complete English translation of changelog
## Git Integration
### .github/workflows/sync-from-gitea.yml
GitHub Actions for synchronization:
- Automatic check every hour
- Webhook trigger from Gitea
- Manual run
- Merge changes from Gitea
- Push to GitHub
### gitea-hooks/
Git hooks for Gitea server:
**post-receive**
- Automatic push to GitHub after commit
- Instant sync (< 1 second)
- Operation logging
- Tag synchronization
- SSH and HTTPS support
**README.md**
- Hook installation instructions
- Authentication setup
- Troubleshooting
**README_EN.md** (English version)
Complete English translation
## Additional Files
### Markdown Documents
- **Add Let's Encrypt Certificate для провайдера reg.ru.md**
- Initial instructions (Russian)
- **Создание и продление SSL сертификата.md**
- Additional process information (Russian)
## Features
### ✅ Core Features
- [x] Let's Encrypt certificates via reg.ru DNS API
- [x] Wildcard certificates (*.domain.com)
- [x] Automatic certificate renewal
- [x] DNS-01 validation
- [x] Nginx Proxy Manager integration
- [x] Automatic upload/update to NPM
### ✅ Advanced Features
- [x] Automatic expiration check
- [x] Configurable renewal threshold (renewal_days)
- [x] Systemd service + timer
- [x] Cron automation
- [x] Detailed logging
- [x] Configuration validation
### 🆕 Testing
- [x] Self-signed test certificate generation
- [x] Bypass Let's Encrypt limits (5/week)
- [x] Instant creation without DNS
- [x] Test certificate NPM integration
- [x] Full structure compatibility with Let's Encrypt
### 🔄 Repository Sync
- [x] Automatic Gitea GitHub sync
- [x] Git Hooks (instant sync)
- [x] GitHub Actions (hourly check)
- [x] Webhook integration
- [x] SSH and HTTPS authentication
## Installation
### Quick Install
```bash
sudo make install
sudo nano /etc/letsencrypt/regru_config.json
sudo make test-cert # For testing
sudo make obtain # For production
```
### Post-Install Structure
```
/opt/letsencrypt-regru/
├── letsencrypt_regru_api.py
/etc/letsencrypt/
├── regru_config.json
└── live/
└── example.com/
├── privkey.pem
├── cert.pem
├── fullchain.pem
└── chain.pem
/etc/systemd/system/
├── letsencrypt-regru.service
└── letsencrypt-regru.timer
/var/log/letsencrypt/
└── letsencrypt_regru.log
```
## Usage
### Testing (no limits)
```bash
sudo make test-cert # Create test certificate
sudo make status # Check status
```
### Production
```bash
sudo make obtain # Get Let's Encrypt certificate
sudo make renew # Renew certificate
sudo make run # Automatic mode
```
### Monitoring
```bash
sudo make logs # View logs
sudo make status # Service status
sudo make check-config # Check configuration
```
## Technologies
- **Python 3.6+** - Main language
- **Certbot** - Let's Encrypt client
- **requests** - HTTP API requests
- **cryptography** - Test certificate generation
- **systemd** - Launch automation
- **cron** - Alternative automation
- **Make** - Installation management
- **OpenSSL** - Alternative certificate generation
## License
Open Source - Free to use
## Author
Фофанов Дмитрий @ 2025
## Support
See documentation:
- [README.md](README.md) / [README_EN.md](README_EN.md) - Main guide
- [TESTING_GUIDE.md](TESTING_GUIDE.md) / [TESTING_GUIDE_EN.md](TESTING_GUIDE_EN.md) - Testing guide
- [GITEA_SYNC.md](GITEA_SYNC.md) / [GITEA_SYNC_EN.md](GITEA_SYNC_EN.md) - Repository sync
---
**Version**: 2.1
**Date**: October 27, 2025
**Status**: Production Ready

111
docs/en/QUICKSTART_BUILD_EN.md Normal file
View File

@@ -0,0 +1,111 @@
# 🎯 Quick Start - Building Executables
This is a quick guide for those who want to build an executable file fast.
## For Linux
### 1. Install dependencies
```bash
sudo apt-get update
sudo apt-get install -y python3 python3-pip git make
```
### 2. Clone repository
```bash
git clone https://github.com/DFofanov/configure_nginx_manager.git
cd configure_nginx_manager
```
### 3. Build
```bash
make build-linux
```
### 4. Result
```bash
ls -lh dist/letsencrypt-regru
# Executable file is ready!
```
### 5. Install (optional)
```bash
sudo cp dist/letsencrypt-regru /usr/local/bin/
sudo chmod +x /usr/local/bin/letsencrypt-regru
```
### 6. Use
```bash
letsencrypt-regru --help
```
---
## For Windows
### 1. Install Python
Download from [python.org](https://www.python.org/downloads/) and install
### 2. Clone repository
```powershell
git clone https://github.com/DFofanov/configure_nginx_manager.git
cd configure_nginx_manager
```
### 3. Build
```powershell
make build-windows
```
### 4. Result
```powershell
dir dist\letsencrypt-regru.exe
# Executable file is ready!
```
### 5. Use
```powershell
.\dist\letsencrypt-regru.exe --help
```
---
## Creating Release for Both Platforms
```bash
# This will create packages for Linux and Windows
make release
```
**Result in `dist/`:**
- `letsencrypt-regru-linux-x86_64.tar.gz`
- `letsencrypt-regru-windows-x86_64.zip`
---
## Useful Commands
```bash
# Show help for all commands
make help
# Build environment information
make build-info
# Test built file
make test-build
# Clean artifacts
make clean-build
```
---
## ❓ Problems?
See [BUILD_GUIDE_EN.md](BUILD_GUIDE_EN.md) for detailed instructions and troubleshooting.
---
**File size:** ~40-60 MB (including Python runtime)
**Build time:** ~2-5 minutes
**Requirements:** Python 3.8+, PyInstaller

178
docs/en/RELEASE_GUIDE_EN.md Normal file
View File

@@ -0,0 +1,178 @@
# 🎯 Quick Guide: Automatic Releases
## For GitHub
### 1. Creating a Release
```bash
# Create tag
git tag -a v1.0.0 -m "Release version 1.0.0"
# Push tag
git push origin v1.0.0
```
### 2. What Happens Automatically
GitHub Actions will run `.github/workflows/build-release.yml`:
1. ✅ Build Linux version (Ubuntu runner)
2. ✅ Build Windows version (Windows runner)
3. ✅ Create packages
4. ✅ Generate SHA256 checksums
5. ✅ Create GitHub Release
6. ✅ Upload artifacts
### 3. Result
Release will appear at: `https://github.com/USER/REPO/releases/tag/v1.0.0`
**Files:**
- `letsencrypt-regru-linux-x86_64.tar.gz`
- `letsencrypt-regru-linux-x86_64.tar.gz.sha256`
- `letsencrypt-regru-windows-x86_64.zip`
- `letsencrypt-regru-windows-x86_64.zip.sha256`
---
## For Gitea
### 1. Setup (one time)
#### Enable Actions in Gitea:
Edit `app.ini`:
```ini
[actions]
ENABLED = true
DEFAULT_ACTIONS_URL = https://gitea.com
```
#### Install Gitea Runner:
```bash
# Download
wget https://dl.gitea.com/act_runner/latest/act_runner-linux-amd64 -O act_runner
chmod +x act_runner
# Register
./act_runner register --no-interactive \
--instance https://your-gitea.com \
--token YOUR_RUNNER_TOKEN
# Run
./act_runner daemon
```
### 2. Creating a Release
```bash
# Create tag
git tag -a v1.0.0 -m "Release version 1.0.0"
# Push tag
git push origin v1.0.0
```
### 3. What Happens
Gitea Actions will run `.gitea/workflows/release.yml`:
1. ✅ Build Linux version
2. ✅ Build Windows version
3. ✅ Create packages
4. ✅ Generate SHA256 + MD5 checksums
5. ✅ Create Gitea Release
6. ✅ Detailed release notes
### 4. Result
Release will appear at: `https://your-gitea.com/USER/REPO/releases/tag/v1.0.0`
---
## 🔧 Pre-Release Checklist
```bash
# 1. Local build
make clean-build
make release
# 2. Testing
make test-build
# 3. Check files
ls -lh dist/
# 4. If all OK - create tag
git tag -a v1.0.0 -m "Release 1.0.0"
git push origin v1.0.0
```
---
## 📊 Monitoring
### GitHub:
`https://github.com/USER/REPO/actions`
### Gitea:
`https://your-gitea.com/USER/REPO/actions`
---
## 🐛 If Something Goes Wrong
### Delete tag and release:
```bash
# Delete local tag
git tag -d v1.0.0
# Delete remote tag
git push --delete origin v1.0.0
# Delete release manually via web interface
```
### Recreate release:
```bash
# Fix the issue
git commit -am "Fix build"
# Recreate tag
git tag -a v1.0.0 -m "Release 1.0.0" --force
git push origin v1.0.0 --force
```
---
## 📝 Semantic Versioning
```bash
# Major (breaking changes)
git tag v2.0.0
# Minor (new features)
git tag v1.1.0
# Patch (bug fixes)
git tag v1.0.1
# Pre-release
git tag v1.0.0-beta.1
git tag v1.0.0-rc.1
```
---
**See also:**
- [.gitea/README.md](../../.gitea/README.md) - Full Gitea Actions documentation
- [BUILD_GUIDE_EN.md](BUILD_GUIDE_EN.md) - Build guide
---
**Author:** Dmitry Fofanov
**Last Updated:** October 28, 2025

86
docs/en/SSL_Certificate_Creation_and_Renewal_EN.md Normal file
View File

@@ -0,0 +1,86 @@
# Guide to Creating Wildcard Certificate *.dfv24.com in Nginx Proxy Manager and Configuring Automatic SSL Renewal
---
## Step 1. Preparation
- Ensure Nginx Proxy Manager (NPM) is installed and accessible at http://192.168.10.14:81/
- You have access to DNS records for dfv24.com domain in reg.ru control panel or another registrar
---
## Step 2. Creating Wildcard SSL Certificate in Nginx Proxy Manager
1. Log in to Nginx Proxy Manager admin panel at http://192.168.10.14:81/
2. Navigate to **SSL Certificates** → click **Add SSL Certificate** button
3. Select **Let's Encrypt**
4. Fill in the fields:
- **Domain Names:**
Enter `*.dfv24.com` — for wildcard certificate
Also recommended to add main domain `dfv24.com` (comma-separated or in new field)
- **Email Address:**
Specify your Email for Let's Encrypt notifications (required)
- **HTTP Challenge:**
Leave HTTP verification if NPM is accessible from internet on ports 80 and 443, or configure DNS Challenge if supported by your DNS
5. Check "Agree to the Let's Encrypt Terms of Service"
6. Click **Save**
- NPM will begin certificate obtaining process with domain verification.
- Upon successful certificate request, you'll see new certificate in the list.
---
## Step 3. Configuring Automatic Renewal
- Nginx Proxy Manager automatically handles Let's Encrypt certificate renewal.
- For this, server must be accessible from internet on ports 80 and 443, and DNS records must correctly point to your server.
- NPM periodically (usually 30 days before expiration) requests certificate renewal.
- When using DNS Challenge, NPM must have DNS provider integration configured (if supported).
---
## Step 4. Using Wildcard Certificate in Proxy Hosts
1. Go to **Proxy Hosts** → Create or edit proxy entry
2. In **Domain Names** field, specify needed subdomain from dfv24.com, for example:
`api.dfv24.com` or `www.dfv24.com`
3. In **SSL** section, select your wildcard certificate `*.dfv24.com` that you obtained in Step 2
4. Enable options:
- Use SSL
- Force SSL
- HSTS (if needed)
5. Save changes.
---
## Step 5. Verification
1. Verify that all subdomains use the same certificate
2. Visit https://api.dfv24.com or other subdomains from browser
3. Ensure certificate is valid, not expired, and issued for *.dfv24.com
4. Check certificate renewal status in SSL Certificates section
---
## Additional Information
- If Let's Encrypt cannot perform HTTP Challenge due to closed port, configure DNS Challenge (may require DNS provider API key)
- For security and notifications, keep Email up to date
- Check Nginx Proxy Manager logs to identify renewal errors
---
# Summary
Nginx Proxy Manager allows easy obtaining and automatic renewal of wildcard SSL certificates for *.dfv24.com domain using Let's Encrypt.
Main requirements — properly configured DNS records and internet access on HTTP/HTTPS ports.
Then use one global certificate for all your subdomains through Proxy Hosts settings.

250
docs/en/SSL_SCRIPTS_README_EN.md Normal file
View File

@@ -0,0 +1,250 @@
# SSL Certificate Automation Scripts
**Author:** Фофанов Дмитрий
## 📖 Overview
This project contains scripts for automating the creation and renewal of Let's Encrypt SSL certificates using DNS-01 Challenge via the reg.ru API.
## 🎯 Quick Start
### Linux (Bash)
```bash
# 1. Install dependencies
sudo apt-get install certbot jq
# 2. Configure credentials
nano ~/.regru_credentials
# Add:
# export REGRU_USERNAME="your_login"
# export REGRU_PASSWORD="your_password"
# 3. Set permissions
chmod 600 ~/.regru_credentials
# 4. Run the script
./letsencrypt_regru.sh \
-d "*.dfv24.com" \
-e "dfofanov@dfv24.com"
```
### Linux (Python)
```bash
# 1. Install dependencies
pip install requests dnspython certbot
# 2. Configure
cp config.example.yml config.yml
nano config.yml
# 3. Run
python letsencrypt_regru.py
# 4. Setup auto-renewal (cron)
crontab -e
# Add:
# 0 3 * * 1 /usr/bin/python3 /path/to/letsencrypt_regru.py
```
### Windows (PowerShell)
```powershell
# 1. Run as Administrator
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
# 2. Configure credentials
$env:REGRU_USERNAME = "your_login"
$env:REGRU_PASSWORD = "your_password"
# 3. Run
.\letsencrypt_regru.ps1 `
-Domain "*.dfv24.com" `
-Email "dfofanov@dfv24.com"
# 4. Setup auto-renewal (Task Scheduler)
# Import-Module .\ScheduledTask.psm1
# Create-CertRenewalTask
```
## ⚙️ Configuration
### Bash Script (`letsencrypt_regru.sh`)
```bash
#!/bin/bash
# Required parameters
DOMAIN="*.dfv24.com" # Your domain
EMAIL="dfofanov@dfv24.com" # Contact email
REGRU_USERNAME="your_login" # reg.ru login
REGRU_PASSWORD="your_password" # reg.ru password
# Optional parameters
DNS_PROPAGATION_WAIT=60 # Wait time for DNS propagation (seconds)
LOG_FILE="/var/log/letsencrypt_regru.log"
WEBSERVER="nginx" # nginx or apache2
```
### Python Script (`letsencrypt_regru.py`)
Create `config.yml`:
```yaml
# reg.ru credentials
regru:
username: "your_login"
password: "your_password"
# Certificate settings
certificate:
domain: "*.dfv24.com"
email: "dfofanov@dfv24.com"
dns_propagation_wait: 60
# Logging
logging:
file: "/var/log/letsencrypt_regru.log"
level: "INFO"
# Web server
webserver:
type: "nginx" # nginx, apache2, or null
reload_command: "systemctl reload nginx"
```
### PowerShell Script (`letsencrypt_regru.ps1`)
```powershell
# Configuration
$Config = @{
Domain = "*.dfv24.com"
Email = "dfofanov@dfv24.com"
RegRuUsername = $env:REGRU_USERNAME
RegRuPassword = $env:REGRU_PASSWORD
DnsPropagationWait = 60
LogFile = ".\letsencrypt_regru.log"
}
```
## 📋 Requirements
### Bash Script
- **certbot** - Let's Encrypt client
- **jq** - JSON processor
- **curl** - HTTP requests
- **dig** (optional) - DNS queries
### Python Script
- **Python 3.6+**
- **requests** - HTTP library
- **dnspython** - DNS operations
- **certbot** - Let's Encrypt client
- **PyYAML** - YAML configuration
### PowerShell Script
- **PowerShell 5.1+** or **PowerShell Core 7+**
- **certbot** (via Chocolatey or manual installation)
## 🔄 Automatic Renewal
### Linux (cron)
```bash
# Edit crontab
crontab -e
# Add (runs every Monday at 3 AM):
0 3 * * 1 /path/to/letsencrypt_regru.sh >> /var/log/cert_renewal.log 2>&1
# Or for Python:
0 3 * * 1 /usr/bin/python3 /path/to/letsencrypt_regru.py
```
### Windows (Task Scheduler)
```powershell
# Create scheduled task
$Action = New-ScheduledTaskAction -Execute "PowerShell.exe" `
-Argument "-File C:\path\to\letsencrypt_regru.ps1"
$Trigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Monday -At 3am
Register-ScheduledTask -TaskName "SSL Certificate Renewal" `
-Action $Action -Trigger $Trigger -RunLevel Highest
```
## ✨ Features
✅ Automatic DNS validation via reg.ru API
✅ Certificate expiration check
✅ Automatic renewal before expiration
✅ Web server reload after renewal
✅ Detailed logging of all operations
## 🔧 Using with Nginx Proxy Manager
After obtaining the certificate:
1. Log in to NPM: http://192.168.10.14:81/
2. SSL Certificates → Add SSL Certificate → Custom
3. Paste the content:
- Certificate Key: `/etc/letsencrypt/live/domain.com/privkey.pem`
- Certificate: `/etc/letsencrypt/live/domain.com/fullchain.pem`
## 📝 Logs
- Bash: `/var/log/letsencrypt_regru.log`
- Python: `/var/log/letsencrypt_regru.log`
- PowerShell: `.\letsencrypt_regru.log`
- Certbot: `/var/log/letsencrypt/letsencrypt.log`
## 🆘 Troubleshooting
### API Authentication Error
- Check your reg.ru credentials
- Ensure the domain is under your control
### DNS Record Not Propagating
- Increase `dns_propagation_wait` to 120 seconds
- Check DNS: `nslookup -type=TXT _acme-challenge.domain.com`
### Certbot Not Found
```bash
# Ubuntu/Debian
sudo apt-get install certbot
# Or via snap
sudo snap install --classic certbot
```
## 📚 Documentation
Detailed documentation in [USAGE.md](USAGE.md)
## 🔐 Security
- Keep credentials secure
- Use `chmod 600` for configuration files
- Regularly update passwords
## ⚠️ Important
- Let's Encrypt certificates are valid for 90 days
- Automatic renewal setup is recommended
- Wildcard certificates require DNS validation
## 📞 Support
- [reg.ru API Documentation](https://www.reg.ru/support/api)
- [Let's Encrypt Documentation](https://letsencrypt.org/docs/)
- [Certbot Documentation](https://certbot.eff.org/docs/)
## 📄 License
Scripts are provided "as is" for free use.
---
**Happy Automation! 🔒**

379
docs/en/TESTING_GUIDE_EN.md Normal file
View File

@@ -0,0 +1,379 @@
# 🧪 SSL Certificate Testing Guide
## Why do you need test certificates?
Let's Encrypt has **strict limits**:
- ⚠️ Maximum **5 certificates per week** per domain
- ⚠️ Maximum **50 certificates per week** per account
- ⚠️ **1 week ban** if limits exceeded
**Solution**: Use self-signed test certificates for development!
---
## Quick Start
### Option 1: Via Makefile (Recommended)
```bash
# After script installation (make install)
sudo make test-cert
```
**Result**: Certificate created in `/etc/letsencrypt/live/your-domain/`
### Option 2: Via Python Script
```bash
sudo python3 letsencrypt_regru_api.py \
--config /etc/letsencrypt/regru_config.json \
--test-cert -v
```
### Option 3: Via Bash Script (Standalone)
```bash
# Simple domain
sudo ./test_certificate.sh example.com no
# With wildcard
sudo ./test_certificate.sh example.com yes
```
---
## Method Comparison
| Method | Speed | Requirements | NPM Integration | Limits |
|--------|-------|--------------|-----------------|--------|
| **Let's Encrypt** | 2-5 min | Internet, DNS | ✅ Yes | ⚠️ 5/week |
| **Test (Python)** | 1-2 sec | Python only | ✅ Yes | ✅ None |
| **Test (Bash)** | 1-2 sec | OpenSSL only | ❌ Manual | ✅ None |
---
## Detailed Instructions
### 1. Configuration Setup
```bash
# Create configuration
sudo nano /etc/letsencrypt/regru_config.json
```
```json
{
"domain": "test.example.com",
"wildcard": true,
"cert_dir": "/etc/letsencrypt/live",
"npm_enabled": true,
"npm_host": "https://npm.example.com",
"npm_email": "admin@example.com",
"npm_password": "your_password"
}
```
### 2. Create Test Certificate
```bash
sudo make test-cert
```
### 3. Verify Created Files
```bash
ls -la /etc/letsencrypt/live/test.example.com/
# Should contain:
# - privkey.pem (private key)
# - cert.pem (certificate)
# - fullchain.pem (full chain)
# - chain.pem (CA chain)
```
### 4. View Certificate Information
```bash
openssl x509 -in /etc/letsencrypt/live/test.example.com/cert.pem -text -noout
```
---
## Using in Nginx
### Direct Usage
```nginx
server {
listen 443 ssl;
server_name test.example.com;
ssl_certificate /etc/letsencrypt/live/test.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/test.example.com/privkey.pem;
# ... rest of configuration
}
```
### Via Nginx Proxy Manager
If `npm_enabled: true` in configuration, certificate will automatically upload to NPM.
**Check in NPM:**
1. Open NPM web interface
2. Go to **SSL Certificates**
3. Find your domain in the list
4. ⚠️ Will be marked as "Custom" (not Let's Encrypt)
---
## Test Automation
### CI/CD Script
```bash
#!/bin/bash
# test_ssl_integration.sh
set -e
echo "🧪 Testing SSL integration..."
# 1. Create test certificate
sudo python3 letsencrypt_regru_api.py \
--config test_config.json \
--test-cert
# 2. Verify files
if [ ! -f "/etc/letsencrypt/live/test.example.com/fullchain.pem" ]; then
echo "❌ Certificate not created"
exit 1
fi
# 3. Check validity
openssl x509 -in /etc/letsencrypt/live/test.example.com/cert.pem -noout -checkend 0
if [ $? -eq 0 ]; then
echo "✅ Certificate is valid"
else
echo "❌ Certificate is invalid"
exit 1
fi
echo "✅ All tests passed"
```
### Makefile for Testing
```makefile
.PHONY: test-ssl test-npm test-all
test-ssl:
@echo "Creating test certificate..."
sudo make test-cert
@echo "Verifying files..."
test -f /etc/letsencrypt/live/$(DOMAIN)/fullchain.pem
@echo "✅ SSL test passed"
test-npm:
@echo "Checking NPM integration..."
# Your NPM API checks
@echo "✅ NPM test passed"
test-all: test-ssl test-npm
@echo "✅ All tests passed"
```
---
## Transition to Production
### Step 1: Testing
```bash
# 1. Create test certificate
sudo make test-cert
# 2. Verify with NPM
# Open https://your-domain and check
# 3. Ensure everything works
```
### Step 2: Switch to Let's Encrypt
```bash
# 1. Remove test certificate
sudo rm -rf /etc/letsencrypt/live/your-domain/
# 2. Get real certificate
sudo make obtain
# 3. Verify update in NPM
sudo make status
```
---
## FAQ
### Q: Why does browser show warning?
**A:** Self-signed certificates are not trusted by browsers. This is normal for testing.
To avoid browser warning (local testing only):
1. Chrome: `chrome://flags/#allow-insecure-localhost`
2. Firefox: Click "Advanced" → "Accept the Risk"
### Q: Can I use in production?
**A:****NO!** Test certificates are for development and testing only.
### Q: How often can I create test certificates?
**A:** ✅ Unlimited! No limits whatsoever.
### Q: Do they upload to NPM automatically?
**A:** ✅ Yes, if `npm_enabled: true` in configuration.
### Q: Do they work with wildcard domains?
**A:** ✅ Yes! Just set `"wildcard": true` in configuration.
### Q: How to check expiration date?
```bash
openssl x509 -in /etc/letsencrypt/live/your-domain/cert.pem -noout -dates
```
### Q: How to change validity period?
Edit `validity_days` in `generate_self_signed_certificate()` function:
```python
validity_days: int = 365 # Change to desired number of days
```
---
## Troubleshooting
### Error: Permission denied
```bash
# Run with sudo
sudo make test-cert
```
### Error: Module 'cryptography' not found
```bash
# Install dependencies
sudo pip3 install cryptography
```
### NPM doesn't show certificate
1. Check NPM settings in configuration
2. Check logs: `sudo make logs`
3. Try uploading manually via NPM web interface
### Certificate not created
```bash
# Check permissions
ls -la /etc/letsencrypt/live/
# Create directory manually
sudo mkdir -p /etc/letsencrypt/live/
# Check configuration
sudo make check-config
```
---
## Usage Examples
### Docker Development
```dockerfile
FROM nginx:alpine
# Copy test certificate
COPY test-certs/ /etc/nginx/ssl/
# Nginx configuration
COPY nginx.conf /etc/nginx/nginx.conf
EXPOSE 443
```
### Local Testing
```bash
# Create certificate for localhost
sudo python3 letsencrypt_regru_api.py --test-cert
# Add to /etc/hosts
echo "127.0.0.1 test.example.com" | sudo tee -a /etc/hosts
# Start nginx
sudo nginx -t && sudo nginx -s reload
# Open in browser
open https://test.example.com
```
### Automated Testing Before Deployment
```bash
#!/bin/bash
# pre-deploy.sh
# Test SSL check
sudo make test-cert
if [ $? -eq 0 ]; then
echo "✅ Test certificate created successfully"
echo "✅ Ready for production certificate"
sudo make obtain
else
echo "❌ Error creating test certificate"
exit 1
fi
```
---
## Additional Resources
- 📘 [Let's Encrypt Rate Limits](https://letsencrypt.org/docs/rate-limits/)
- 📘 [OpenSSL Documentation](https://www.openssl.org/docs/)
- 📘 [Nginx Proxy Manager Docs](https://nginxproxymanager.com/guide/)
---
## Quick Reference
```bash
# Installation
sudo make install
# Configuration
sudo nano /etc/letsencrypt/regru_config.json
# Create test certificate
sudo make test-cert
# Verify
sudo make check-config
sudo make status
# Switch to production
sudo rm -rf /etc/letsencrypt/live/domain/
sudo make obtain
# Automatic renewal
sudo make run
```
**Done!** 🎉 Now you can test SSL certificates without limits!