• Stars
    star
    218
  • Rank 181,805 (Top 4 %)
  • Language
    Shell
  • License
    MIT License
  • Created about 9 years ago
  • Updated 4 months ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

BASH: Better SSL in Nginx in 10 minutes. Configuration files and setup scripts for Certbot.

Bubbly

For configuring Certbot with Nginx as quickly and securely as possible.

Normal Code Climate

If you want an instant A+ score on Qualys SSL Labs and A score on SecurityHeaders.io, then this is what you'll need to do. You won't need any familiarity with Certbot, Let's Encrypt, the ACME spec, or SSL in general, just basic Nginx configuration.

1. Install Certbot and Clone Bubbly

We'll start off by cloning the project into the home folder with git.

cd &&
sudo apt install git certbot &&
git clone https://github.com/eustasy/bubbly

2. Generate Statics

Generate the static keys once per server.

~/bubbly/bubbly_generate-statics.sh

As it will warn, this will take a while.

Have a seat.

3. Copy config blocks

When you've gone and made something in the 15 minutes that could well take, or you've just set up a new SSH session, copy the Nginx configuration over to the Nginx area.

~/bubbly/bubbly_copy-configs.sh

4. Configure & Enable Verification

Copy the verification site template and replace the instances of example.com in the file with your actual domain name.

sudo cp /etc/nginx/sites-available/bubbly_verify.conf /etc/nginx/sites-available/example.com.conf
sudo nano /etc/nginx/sites-available/example.com.conf

Use Ctrl and \ to initiate a search and replace for example.com with your domain.

sudo ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/example.com.conf
sudo nginx -t && sudo service nginx reload

Alternatively, you can simply add include location/bubbly_well-known-passthrough.conf; to an existing site you want to continue working while we upgrade.

5. Fetch Certificates

Fetch your certificates like this:

~/bubbly/bubbly_renew-ssl.sh -d example.com -d www.example.com

It will ask for the root password, and an email address, so hang around, it shouldn't take more than a few seconds.

6. Start using the Certificates

Remove the verification config you just made, and replace it with a live version of the site. You'll need to more carefully review the [OPTION]s in this file, as you'll also need to change the certificate location to match the domain name you requested. Consider taking a look at the [OPTION]s and [WARNING]s in other linked config files.

sudo rm /etc/nginx/sites-available/example.com.conf
sudo cp /etc/nginx/sites-available/bubbly_live.conf /etc/nginx/sites-available/example.com.conf
sudo nano /etc/nginx/sites-available/example.com.conf

Use Ctrl and \ to initiate a search and replace for example.com with your domain.

sudo nginx -t && sudo service nginx reload

7. Automate Renewal

Edit crontab.conf and append it to your existing cron jobs for automatic renewal. This is important, since Let's Encrypt certificates expire in three months.

nano ~/bubbly/crontab.conf
cat ~/bubbly/crontab.conf > /tmp/bubbly-crontab
crontab -l >> /tmp/bubbly-crontab
crontab /tmp/bubbly-crontab

Screenshot of SSLLabs.com

Screenshot of SecurityHeaders.io

More Repositories

1

Phoenix

A lightweight BitTorrent Tracker written in PHP with an SQL backend.
PHP
17
star
2

authenticatron

PHP-LIB: HOTP / TOTP secrets with corresponding QR links and code verification from a simple PHP script.
PHP
11
star
3

Colors.css

CSS-LIB: A colors stylesheet for backgrounds and fonts with the colors from various sources.
CSS
8
star
4

jQuery.equalize

DEPRECATED / JQ-LIB: A small jQuery plugin to equalize the height of elements within groups, or the entire page.
HTML
7
star
5

jQuery.leanModal2

JQ-LIB: A pure solution to putting your own HTML and CSS to work as a modal dialogue.
HTML
4
star
6

puff-server

ALPHA: Server to centralize sign-on, access control, and unified billing for multiple organisations.
PHP
3
star
7

jQuery.downBoy

DEPRECATED / JQ-LIB: A jQuery library to push your footer to the bottom of your responsive dynamic height page.
JavaScript
3
star
8

browning

PHP-LIB: Browning is a tiny PHP function to send emails with Mailgun, that uses CURL instead of Mailgun's (slightly porky) library.
PHP
3
star
9

here-miss

DEPRECATED / JS-LIB / PHP-LIB: Do Not Track in a handy set of variables, disabled for IE 10+ users by default (configurable).
HTML
2
star
10

elementary-theme-for-google-chrome

CHROME-THEME: elementary Theme for Chrome
2
star
11

puff-serverless

ALPHA: Serverless sign-up, sign-on, and account management.
JavaScript
1
star
12

elementaryos-archive

STATIC-SITE: Index of historical images of elementary OS.
HTML
1
star
13

cdns

SITE: A CDN Advisory Site
PHP
1
star
14

labs.eustasy.org

SITE: eustasy Labs
PHP
1
star
15

Monopoly

WIP: Configuration items for full Microsoft integration with online services from a hybrid domain system.
1
star
16

extensions.eustasy.org

EOL / STATIC-SITE: eustasy Extensions
HTML
1
star
17

.ui

Open, accessible, customizable web components written as vanilla as possible.
HTML
1
star
18

.normal

META: Normalized checks for syntax for eustasy applications. Checks PHP, CSS, JS, JSON, MD, and XML.
PHP
1
star