Lab7 - HackMD

# Lab7 ## Step 1 > Create a simple site on AWS (or any other VPS provider) with several pages. The home page should contain links to other pages. Use nginx as http-server. Create an Elastic IP, as you did in the first lab. Check that you can access your site using an ip address. 1. ssh connect to new AWS instance 2. Run following commands: ```bash sudo apt-get update sudo apt install nginx cd /var/www/ sudo mkdir site sudo chmod 777 site cd ./site vim index.html vim left.html vim right.html ``` 3. Code for pages: - index ```html <!DOCTYPE html> <html> <head> <title>Lab7</title> </head> <style> ul { list-style-type: none; } li { width: 50%; padding: 2rem 0; text-align: center; } .left { background-color: #77ffff; float: left; } .right { background-color: #ffff55; float: right; } </style> <body> <h1>Welcome!</h1> <h2>This are lab7 tasks</h2> <p>This site should have mmultiple pages, so I have made only 2 extra:</p> <ul><a href="./left.html"> <li class="left"> Left </li> </a> <a href="./right.html"> <li class="right"> Right </li> </a> </ul> Bogdanova Alina BS18-SE02 </body> </html> ``` - right/left ```html <!DOCTYPE html> <html> <head> <title>Lab7</title> </head> <body> <h1>Left</h1> <a href="./index.html">Go back</a> </body> </html> ``` 4. Set some nginx settings: ``` cd /etc/nginx/sites-enabled/ sudo vim default ``` Change line ``` root /var/www/html; ``` to ``` root /var/www/site; ``` Restart nginx: ```bash sudo service nginx restart ``` Result: ![](https://i.imgur.com/foDIJnR.png) ## Step 2 > Register a domain. You can use free domain like tk, ml, ga, cf, gp. They are available on www.freenom.com. Enter public ip to create an A record. You are also allowed to use CloudFlare as a DNS hosting if you wish. 1. Select domain name (in my case it is `mefaldemisov-lab7.ml`) 2. Register 3. Confirm mail 4. Configure DNS ![](https://i.imgur.com/dDku8Lv.png) 5. Be happy (the site is accessible by the domain name) **Note** site is also available by ```www.mefaldemisov-lab7.ml``` ![](https://i.imgur.com/fwr1EuR.png) ## Step 3 > In freenom after signing in you might add new DNS records by selecting Services -> My Domains -> Manage Domain -> Manage Freenom DNS -> Add Records. Create CNAME-record for www subdomain. Configure nginx to automatically redirect all requests from youdomain.tk to www.youdomain.tk. Make sure it works correctly for requests with path eg: youdomain.tk/contacts redirect to www.youdomain.tk/contacts. The first part of this step is already done. The only thing to do - redirection. To complete redirection part, insert the following lines into `default` file in `/etc/nginx/sites-enabled` folder: ``` if ( $host !~ ^www\. ) { return 301 $scheme://www.$host$request_uri; } ``` Aftrerwards, restart nginx: ```bash sudo service nginx restart ``` (Checks are made at this step) ## Step 4 > Setup email for your domain. You can use biz.mail.ru/mail, yandex.com/support/domain/usecase.html or any other service you want. We suggest creating mail.yourdomain.tk subdomain and making a CNAME record to login page (eg: for mail.ru you need to make CNAME to biz.mail.ru). 1. Search for yandex mail for domain 2. Select the free version of yandex for buisness 3. Connect the domain (i've done it using html modifications): ![](https://i.imgur.com/bocOGZQ.png) The result will be ready in a miute 4. MX record Create: ![](https://i.imgur.com/cdUtWua.png) Wait: ![](https://i.imgur.com/lj65wgJ.png) 5-10mis: ![](https://i.imgur.com/2sXJQ6e.png) ## Step 5 > Use letsencrypt to obtain an SSL certificate for the domain and www subdomain. Configure nginx to use this certificate. Also, configure it to redirect from http to https. Again, don’t forget about the path part of the URL. https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04 For ubunru 20.04 the fllowing [link](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04) is valid ```bash sudo apt install certbot python3-certbot-nginx cd /etc/nginx/sites-available/ # sudo mv default mefaldemisov-lab7.ml sudo systemctl reload nginx ``` ![](https://i.imgur.com/hYuVSDH.png) ![](https://i.imgur.com/1JbRPbC.png) ![](https://i.imgur.com/PlYbjuR.png) Result: (not as good) ![](https://i.imgur.com/zijLWRA.png) ![](https://i.imgur.com/DapOFtD.png) Whait's the roblem?! - AWS security groups: ![](https://i.imgur.com/Jdcw4wB.png) Now everything works fine! ## Step 6 > Put nginx config to the home page of your site along with a screenshot from dns hosting (Freenom DNS or cloudflare) page with dns records. ![](https://i.imgur.com/gYOzQ3o.png) Config: ``` ## # You should look at the following URL's in order to grasp a solid understanding # of Nginx configuration files in order to fully unleash the power of Nginx. # https://www.nginx.com/resources/wiki/start/ # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ # https://wiki.debian.org/Nginx/DirectoryStructure # # In most cases, administrators will remove this file from sites-enabled/ and # leave it as reference inside of sites-available where it will continue to be # updated by the nginx packaging team. # # This file will automatically load configuration files provided by other # applications, such as Drupal or Wordpress. These applications will be made # available underneath a path with that package name, such as /drupal8. # # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. ## # Default server configuration # server { # SSL configuration # # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf; root /var/www/site; # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; server_name mefaldemisov-lab7.ml www.mefaldemisov-lab7.com; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } # pass PHP scripts to FastCGI server # #location ~ \.php$ { # include snippets/fastcgi-php.conf; # # # With php-fpm (or other unix sockets): # fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; # # With php-cgi (or other tcp sockets): # fastcgi_pass 127.0.0.1:9000; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} listen [::]:443 ssl ipv6only=on; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/mefaldemisov-lab7.ml/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/mefaldemisov-lab7.ml/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } # Virtual Host configuration for example.com # # You can move that to a different file under sites-available/ and symlink that # to sites-enabled/ to enable it. # #server { # listen 80; # listen [::]:80; # # server_name example.com; # # root /var/www/example.com; # index index.html; # # location / { # try_files $uri $uri/ =404; # } #} server { # SSL configuration # # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf; root /var/www/site; # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; server_name www.mefaldemisov-lab7.ml; # managed by Certbot location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } # pass PHP scripts to FastCGI server # #location ~ \.php$ { # include snippets/fastcgi-php.conf; # # # With php-fpm (or other unix sockets): # fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; # # With php-cgi (or other tcp sockets): # fastcgi_pass 127.0.0.1:9000; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} listen [::]:443 ssl ; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/mefaldemisov-lab7.ml/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/mefaldemisov-lab7.ml/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = mefaldemisov-lab7.ml) { return 301 https://www.$host$request_uri; } # managed by Certbot listen 80 default_server; listen [::]:80 default_server; server_name mefaldemisov-lab7.ml www.mefaldemisov-lab7.com; return 404; # managed by Certbot } server { if ($host = www.mefaldemisov-lab7.ml) { return 301 https://$host$request_uri; } # managed by Certbot listen 80 ; listen [::]:80 ; server_name www.mefaldemisov-lab7.ml; return 404; # managed by Certbot } ``` ## Step 7 > Send email from your new mailbox (eg: mail@youdomain.tk) with link to the site and your name in moodle r.gafarov@innopolis.ru Note: don’t use cloudflare proxy. Otherwise we can’t check your letsencrypt certificate and you will lose points. 1. Add new user and register him ![](https://i.imgur.com/GAzOTbe.png) 2. Sign in and send message: ![](https://i.imgur.com/OxXruHf.png)