Adding new nginx server block + installing SSL certificate for it
- HostBill
This guide is useful if you're using HostBill Multi-Brand module on HostBill Enterprise install. This guide assumes you're familiar with linux file editors (like vim or nano).
Info
Replace any occurrence of yourbrand.com below with hostname you're adding
Issuing CSR / private key for new certificate:
Lets first create dir to store certificate requests and private keys. Login to your HostBill server using ssh and issue following commands:mkdir /etc/ssl/certificates cd /etc/ssl/certificates/
Next, we'll issue CSR for new host, you will be prompted with a series of questions, answer them (when asked about passphrase you can leave it blank):
openssl req -new -newkey rsa:2048 -nodes -keyout yourbrand.com.key -out youtbrand.com.csr
Issue SSL certificate
Use generated CSR with your SSL Certificates reseller to generate certificate. Once ready, paste its contents to:/etc/ssl/certificates/yourbrand.com.crt
Placing your site certificate at top of said file, followed by Intermediate certificate (if any)Adding new vhost (server block) to nginx:
Make a copy /etc/nginx/conf.d/main.conf file:cp /etc/nginx/conf.d/main.conf /etc/nginx/conf.d/yourbrand.com.conf
Update ssl_certificate* and server_name blocks in /etc/nginx/conf.d/yourbrand.com.conf file:
Contents of /etc/nginx/conf.d/yourbrand.com.confinclude /etc/nginx/upstreams/*.conf; server { listen 80; server_tokens off; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name yourbrand.com www.yourbrand.com; server_tokens off; charset utf-8; sendfile on; tcp_nopush on; tcp_nodelay off; reset_timedout_connection on; location ~* ^.+\.(jpg|gif|png|css|js|swf|ico)$ { access_log off; log_not_found off; expires 1y; } include /etc/nginx/ssl.conf; include /etc/nginx/locations/*.conf; ssl_certificate /etc/ssl/certificates/yourbrand.com.crt; ssl_certificate_key /etc/ssl/certificates/yourbrand.com.key; }Reload nginx to apply new site block + ssl certificate:
systemctl reload nginx