fofanov.dmitry/configure_nginx_manager
1
0
Fork 0
Code Actions Releases Activity
Files
7619f986159a69ce5408416c1820c030da494378
configure_nginx_manager/CHEATSHEET_EN.md
Dmitriy Fofanov 2f89d9e169
Some checks failed
Sync from Gitea / sync (push) Has been cancelled
Details
Добавлено подробное руководство по тестированию SSL-сертификатов и скрипты автоматизации. 
- Добавлено подробное руководство по тестированию SSL-сертификатов с использованием самоподписанных сертификатов.
- Добавлены инструкции по созданию тестовых сертификатов с помощью Makefile, Python и Bash-скриптов.
- Добавлены сравнение методов и подробные инструкции по настройке, проверке и использованию в Nginx.
- Задокументированы этапы перехода от тестовых сертификатов к рабочим.
- Создано руководство по получению сертификатов Let's Encrypt с DNS-запросом для провайдера reg.ru.
- Разработано подробное руководство по настройке использования глобального SSL-сертификата в Nginx Proxy Manager.
- Предоставлены инструкции по созданию и обновлению wildcard-сертификатов в Nginx Proxy Manager.
- Добавлены скрипты автоматизации для создания и обновления SSL-сертификатов с помощью API reg.ru.
- Реализованы Git-хуки для Gitea для синхронизации изменений с GitHub после отправки.
- Улучшено логирование и обработка ошибок в Git-хуках для улучшения мониторинга и устранения неполадок.
2025-10-27 22:18:32 +03:00

4.6 KiB
Raw Blame History

SSL Certificate Cheatsheet

🚀 Quick Start

Installation in 3 Commands

sudo make install
sudo nano /etc/letsencrypt/regru_config.json  # Fill in data
sudo make test-cert                            # Test

🧪 Testing (NO Let's Encrypt Limits)

# Create test certificate (unlimited)
sudo make test-cert

# Check status
sudo make status

# View logs
sudo make logs

When to use:

  • ⚠️ Let's Encrypt: max 5 certificates/week
  • Test: UNLIMITED
  • Creation: 1-2 seconds vs 2-5 minutes

🔒 Production (Let's Encrypt)

# Get real certificate
sudo make obtain

# Automatic mode (check + renewal)
sudo make run

# Force renewal
sudo make renew

📋 Main Commands

Command Description Limits
make test-cert Test certificate None
make obtain New Let's Encrypt ⚠️ 5/week
make renew Renew existing ⚠️ 5/week
make run Auto mode ⚠️ 5/week
make status System status -
make logs Show logs -
make check-config Check configuration -

📝 Configuration

Minimal (testing)

{
    "domain": "test.example.com",
    "wildcard": true,
    "cert_dir": "/etc/letsencrypt/live"
}

Full (production + NPM)

{
    "regru_username": "myuser",
    "regru_password": "mypassword",
    "domain": "example.com",
    "wildcard": true,
    "email": "admin@example.com",
    "renewal_days": 30,
    "npm_enabled": true,
    "npm_host": "https://npm.example.com",
    "npm_email": "admin@example.com",
    "npm_password": "npm_password"
}

🔄 Workflow

Development → Production

# 1. Development (test certificates)
sudo make test-cert              # Create test
# Test application...

# 2. Production (Let's Encrypt)
sudo rm -rf /etc/letsencrypt/live/example.com/  # Remove test
sudo make obtain                 # Create production

📁 Important Paths

# Configuration
/etc/letsencrypt/regru_config.json

# Certificates
/etc/letsencrypt/live/example.com/
├── privkey.pem      # Private key
├── cert.pem         # Certificate
├── fullchain.pem    # Full chain (for nginx)
└── chain.pem        # CA chain

# Scripts
/opt/letsencrypt-regru/letsencrypt_regru_api.py

# Logs
/var/log/letsencrypt_regru.log

🔍 Verification

# Check configuration
sudo make check-config

# Check certificate
openssl x509 -in /etc/letsencrypt/live/example.com/cert.pem -text -noout

# Check expiration date
openssl x509 -in /etc/letsencrypt/live/example.com/cert.pem -noout -dates

# Check systemd
sudo systemctl status letsencrypt-regru.timer
sudo systemctl list-timers letsencrypt-regru.timer

# Check cron
sudo crontab -l | grep letsencrypt

🐛 Debugging

# Detailed logs
sudo make logs

# Test run with details
sudo python3 /opt/letsencrypt-regru/letsencrypt_regru_api.py \
    -c /etc/letsencrypt/regru_config.json --check -v

# Certbot logs
sudo tail -f /var/log/letsencrypt/letsencrypt.log

# Systemd logs
sudo journalctl -u letsencrypt-regru.service -f

⚠️ Common Errors

Let's Encrypt: Rate limit exceeded

# SOLUTION: Use test certificates
sudo make test-cert

NPM: Certificate not found

# SOLUTION: Check NPM settings
sudo make check-config

# Check connection
curl -k https://npm.example.com

Permission denied

# SOLUTION: Run with sudo
sudo make test-cert

🎯 Use Case Scenarios

Local Development

sudo make test-cert
# Open https://localhost (ignore warning)

CI/CD Testing

# In pipeline
sudo make test-cert
# Run tests...
sudo make status

Staging Environment

sudo make test-cert  # Or
sudo make obtain     # If domain available

Production Environment

sudo make install
sudo make obtain
# Automatic renewal via cron/systemd

📚 Documentation

  • README.md - Complete guide (1420+ lines)
  • TESTING_GUIDE.md - Testing guide (370+ lines)
  • PROJECT_STRUCTURE.md - Project structure
  • CHEATSHEET.md - This cheatsheet

🆘 Quick Help

# Show all commands
make help

# Check installation
sudo make status

# Complete reinstall
sudo make uninstall
sudo make install

💡 Tips

  1. Always start with test certificates - avoid limits
  2. Check configuration - make check-config
  3. Monitor logs - make logs
  4. Automate - systemd/cron already configured
  5. Keep backups of configuration

Version: 2.1
Updated: 27.10.2025