彬哥的機房重地

$ mkdir /etc/nginx/conf.d
$ nano /etc/nginx/nginx.conf
  加上 #含括其他conf設定檔
        include /etc/nginx/conf.d/*.conf;
       #上傳檔案無限制
        client_max_body_size 0;
       #asp.net core 需要
         map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;

建立dehydrated設定檔
$ echo "WELLKNOWN=/var/www/dehydrated" > /etc/dehydrated/config 
$ mkdir -p /var/www/dehydrated

$ nano /etc/nginx/conf.d/http.conf
server {
  listen 80;

  #Dehydrated 取得憑證
  location /.well-known/acme-challenge/ {
        alias /var/www/dehydrated/;
  }

  location / {
            proxy_pass http://192.168.70.60:80;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
        }

  # listen on the www host
  #server_name simon.ice.com.tw;

  #and redirect to the non-www host (declared below)
  #return 301 https://old.ice.com.tw$request_uri;
}檢查並套用nginx設定生效
$ nginx -t
$ nginx -s reload

接下來編輯
$ nano /etc/dehydrated/domains.txt

第一次使用要先同意聲明，先輸入
$ dehydrated --register --accept-terms
記得先關掉 nat
$ dehydrated -c

設定proxmox 反向代理
$ nano /etc/nginx/conf.d/proxmox.conf
server {
        listen 8006 ssl;
        server_name 64.ice.com.tw;

        ssl_certificate /etc/dehydrated/certs/64.ice.com.tw/cert.pem;
        ssl_certificate_key /etc/dehydrated/certs/64.ice.com.tw/privkey.pem;

        location / {
          proxy_pass https://192.168.1.95:8006;
          proxy_buffering off;
          client_max_body_size 0;
          proxy_connect_timeout 3600s;
          proxy_read_timeout 3600s;
          proxy_send_timeout 3600s;
          send_timeout 3600s;

        # Important for WebSocket/Console access
          proxy_http_version 1.1;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection "upgrade";
          proxy_set_header Host $host;
          proxy_set_header X-Forwarded-Proto $scheme;
        }
}

Dehydrate + Nginx 憑證申請及反向代理
Nginx HTTPS 設定