彬哥的機房重地

$ mkdir /etc/nginx/conf.d
$ nano /etc/nginx/nginx.conf
  加上 #含括其他conf設定檔
        include /etc/nginx/conf.d/*.conf;




建立dehydrated設定檔
$ echo "WELLKNOWN=/var/www/dehydrated" > /etc/dehydrated/config 
$ mkdir -p /var/www/dehydrated

$ nano /etc/nginx/conf.d/http.conf
server {
  listen 80;

  #Dehydrated 取得憑證
  location /.well-known/acme-challenge/ {
        alias /var/www/dehydrated/;
  }

  location / {
            proxy_pass http://192.168.70.60:80;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
        }

  # listen on the www host
  #server_name simon.ice.com.tw;

  #and redirect to the non-www host (declared below)
  #return 301 https://old.ice.com.tw$request_uri;
}檢查並套用nginx設定生效
$ nginx -t
$ nginx -s reload

接下來編輯
$ nano /etc/dehydrated/domains.txt

第一次使用要先同意聲明，先輸入
$ dehydrated --register --accept-terms
$ dehydrated -c

設定proxmox 反向代理
$ nano /etc/nginx/conf.d/proxmox.conf
server {
        listen 8006 ssl;
        server_name 95.ice.com.tw;

        ssl_certificate /etc/dehydrated/certs/95.ice.com.tw/cert.pem;
        ssl_certificate_key /etc/dehydrated/certs/95.ice.com.tw/privkey.pem;

        location / {
            proxy_pass https://192.168.70.90:8006;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
        }
}



Dehydrate + Nginx 憑證申請及反向代理