Skip to content

Latest commit

 

History

History
105 lines (73 loc) · 3.59 KB

install_nginx_wsgi.md

File metadata and controls

105 lines (73 loc) · 3.59 KB
Raw

Installation on NGINX runnig on CentOS

I barely know NGINX. Main input has been taken from here. If you see room for improvement let me know.

Setup is done in a way that uWSGI will serve acme2certifier while NGINX will act as reverse proxy to provide better connection handling.

  1. setup your project directory
[root@srv ~]# mkdir /opt/acme2certifier
  1. download the archive and unpack it into /opt/acme2certifier.
  2. create a configuration file acme_srv.cfg in /opt/acme2certifier/acme_srv/ or use the example stored in the examples directory
  3. modify the configuration file according to you needs
  4. set the handler_file parameter in acme_srv.cfg or copy the correct ca handler from /opt/acme2certifier/examples/ca_handler directory to /opt/acme2certifier/acme_srv/ca_handler.py
  5. configure the connection to your ca server. Example for Insta Certifier
  6. activate the wsgi database handler
root@rlh:~# cp /opt/acme2certifier/examples/db_handler/wsgi_handler.py /opt/acme2certifier/acme_srv/db_handler.py
  1. copy the application file "acme2certifer_wsgi.py" from examples directory
root@rlh:~# cp /opt/acme2certifier/examples/acme2certifier_wsgi.py /opt/acme2certifier/
  1. set the correct permissions to the acme_srv-subdirectory
[root@srv ~]# chmod a+x /opt/acme2certifier/acme_srv
  1. set the ownership of the acme_srv subdirectory to the user running nginx
[root@srv ~]# chown -R nginx /opt/acme2certifier/acme_srv
  1. install the missing python modules
[root@srv ~]# pip install -r requirements.txt
  1. Install uswgi by using pip
[root@srv ~]# pip install uwsgi
  1. Test acme2certifier by starting the application
[root@srv ~]# uwsgi --socket 0.0.0.0:8000 --protocol=http -w acme2certifier_wsgi
  1. Check access to directory resource in a parallel session to verify that everything works so far
[root@srv ~]# curl http://127.0.0.1:8000/directory
{"newAccount": "http://127.0.0.1:8000/acme_srv/newaccount", "fa8b347d3849421ebc4b234205418805": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417", "keyChange": "http://127.0.0.1:8000/acme_srv/key-change", "newNonce": "http://127.0.0.1:8000/acme_srv/newnonce", "meta": {"home": "https://github.com/grindsa/acme2certifier", "author": "grindsa <[email protected]>"}, "newOrder": "http://127.0.0.1:8000/acme_srv/neworders", "revokeCert": "http://127.0.0.1:8000/acme_srv/revokecert"}[root@srv ~]#
  1. create an uWSGI config file or use the one stored in examples/nginx directory
[root@srv ~]# cp examples/nginx/acme2certifier.ini /opt/acme2certifier
  1. Create a Systemd Unit File for uWSGI or use the one stored in excample/nginx directory
[root@srv ~]# cp examples/nginx/uwsgi.service /etc/systemd/system/
[root@srv ~]# systemctl enable uwsgi.service
  1. start uWSGI as service
[root@srv ~]# systemctl start uwsgi
  1. configure NGINX as reverse proxy or use example stored in examples/nginx directory and modify it according to your needs
[root@srv ~]# cp examples/nginx/nginx_acme.conf /etc/nginx/conf.d/acme.conf
  1. restart nginx
[root@srv ~]# systemctl restart nginx
  1. test the server by accessing the directory resource
[root@srv ~]# curl http://<your server name>/directory
you should get your resource overview now