{"id":745,"date":"2019-07-18T16:43:28","date_gmt":"2019-07-18T22:43:28","guid":{"rendered":"https:\/\/ugit.siua.ac.cr\/?p=745"},"modified":"2019-09-25T14:01:57","modified_gmt":"2019-09-25T20:01:57","slug":"proxmox5-proxy-reverso-configuracion-faveo","status":"publish","type":"post","link":"https:\/\/sada.services\/?p=745","title":{"rendered":"PROXMOX5: Proxy Reverso configuraci\u00f3n Faveo"},"content":{"rendered":"\n<ul class=\"wp-block-list\"><li>Los primero que debemos hacer es configurar una IP fija como esta instalado en Ubuntu 17.10 utiliza netplan<\/li><li>Entonces abrimos el archivo<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code> nano \/etc\/netplan\/01-netcfg.yaml<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Y los modificamos de la siguiente forma:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># This file describes the network interfaces available on your system\n# For more information, see netplan(5).\nnetwork:\n  version: 2\n  renderer: networkd\n  ethernets:\n    ens18:\n      dhcp4: false\n      dhcp6: false\n      addresses: [10.20.200.11\/24]\n      gateway4: 10.20.200.1\n      nameservers:\n        addresses: [10.20.200.1]<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Aplicamos los cambios<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>netplan apply<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">SITUACI\u00d3N:<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Para comprender lo que vamos hacer el servidor \u00abPROXY-REVERSO\u00bb va ser el servidor que tiene una direcci\u00f3n p\u00fablica, por lo que la solicitud de los usuarios a dominio soporte.siua.ac.cr llegar\u00e1 a este servidor, ahora en este servidor (\u00abPROXY-REVERSO\u00bb) si la solicitud se hace por el puerto 80 (\u00abhttp:\/\/soporte.siua.ac.cr\u00bb) solo lo vamos a redireccionar a SSL (\u00abhttps:\/\/soporte.siua.ac.cr\u00bb).<\/li><li>Para esto lo vamos hacer con letsencrypt para que que nos genere los certificados, luego dentro del servidor interno (\u00abfaveo\u00bb) vamos incorporarle los certificados que nos genero letsencrypt para que internamente el sistema pueda se ingresado por SSL por lo que vamos a modificar el archivo de configuracion del nginx para esto<\/li><li>Finalmente vamos a crear un script que permita la renovaci\u00f3n de los certificados de forma autom\u00e1tica y los actualice en en el servidor interno (\u00abfaveo\u00bb).<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Host: Proxy- Reverso<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora para que letsencrypt pueda acceder a un sitio que esta dentro de una m\u00e1quina virtual, primero dentro dentro del servidor proxy creamos un host virtual con la siguiente informaci\u00f3n.<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/apache2\/sites-available\/soporte.siua.ac.cr.conf<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Agregamos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>NameVirtualHost 181.193.87.6:80\n\n&lt;VirtualHost 181.193.87.6:80>\n\n        #************************************************************************\n        #*********  DATOS DEL SITIO WEB  ********************************\n        #************************************************************************\n        ServerName soporte.siua.ac.cr\n        ServerAlias www.soporte.siua.ac.cr\n        ErrorLog \/var\/log\/apache2\/soporte80.siua.ac.cr-error.log\n        CustomLog \/var\/log\/apache2\/soporte80.siua.ac.cr-access.log common\n\n        #************************************************************************\n        #*********  DATOS DEL WEBMASTER  *****************************\n        #************************************************************************\n        ServerAdmin interuniversitariadealajuela@gmail.com\n        Header add Author \"Unidad de Gestion e Innovacion Tecnologica\"\n\n        #************************************************************************\n        #*********  DATOS DEL REDIRECCIONAMIENTO  ****************\n        #************************************************************************\n\n&lt;\/VirtualHost><\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Habilitamos el sitio<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>a2ensite soporte.siua.ac.cr<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Reiniciamos apache<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>systemctl reload apache2<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Mandamos a crear el certificado<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>certbot --installer apache<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Resultado:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>Saving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\n\nHow would you like to authenticate with the ACME CA?\n-------------------------------------------------------------------------------\n1: Apache Web Server plugin - Beta (apache)\n2: Spin up a temporary webserver (standalone)\n3: Place files in webroot directory (webroot)\n-------------------------------------------------------------------------------\nSelect the appropriate number [1-3] then [enter] (press 'c' to cancel): 1\n\nPlugins selected: Authenticator apache, Installer apache\n\nWhich names would you like to activate HTTPS for?\n-------------------------------------------------------------------------------\n1: soporte.siua.ac.cr\n2: www.soporte.siua.ac.cr\n-------------------------------------------------------------------------------\nSelect the appropriate numbers separated by commas and\/or spaces, or leave input\nblank to select all options shown (Enter 'c' to cancel): 1 2\n\n\nSaving debug log to \/var\/log\/letsencrypt\/letsencrypt.log\n\nEnter email address (used for urgent renewal and security notices) (Enter 'c' to\ncancel):interuniversitariadealajuela@gmail.com\n\n-------------------------------------------------------------------------------\nPlease read the Terms of Service at\nhttps:\/\/letsencrypt.org\/documents\/LE-SA-v1.2-November-15-2017.pdf. You must\nagree in order to register with the ACME server at\nhttps:\/\/acme-v01.api.letsencrypt.org\/directory\n-------------------------------------------------------------------------------\n(A)gree\/(C)ancel: A\n\nSelect the appropriate numbers separated by commas and\/or spaces, or leave input\nblank to select all options shown (Enter 'c' to cancel): 1 2\nObtaining a new certificate\nPerforming the following challenges:\nhttp-01 challenge for soporte.siua.ac.cr\nhttp-01 challenge for www.soporte.siua.ac.cr\nWaiting for verification...\nCleaning up challenges\nCreated an SSL vhost at \/etc\/apache2\/sites-available\/soporte.siua.ac.cr-le-ssl.conf\nDeploying Certificate for soporte.siua.ac.cr to VirtualHost \/etc\/apache2\/sites-available\/soporte.siua.ac.cr-le-ssl.conf\nEnabling available site: \/etc\/apache2\/sites-available\/soporte.siua.ac.cr-le-ssl.conf\nDeploying Certificate for www.soporte.siua.ac.cr to VirtualHost \/etc\/apache2\/sites-available\/soporte.siua.ac.cr-le-ssl.conf\n\nPlease choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.\n-------------------------------------------------------------------------------\n1: No redirect - Make no further changes to the webserver configuration.\n2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for\nnew sites, or if you're confident your site works on HTTPS. You can undo this\nchange by editing your web server's configuration.\n-------------------------------------------------------------------------------\nSelect the appropriate number [1-2] then [enter] (press 'c' to cancel): 2<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Como le indicamos que queremos que todas las solicitudes las redirija al puerto 443 me modifica el archivo del puerto 80 quedando as\u00ed:<\/li><li>Lo abrimos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/apache2\/sites-available\/soporte.siua.ac.cr.conf<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>NameVirtualHost 181.193.87.6:80\n\n&lt;VirtualHost 181.193.87.6:80>\n\n        #**********************************************************\n        #*********  DATOS DEL SITIO WEB  **************************\n        #**********************************************************\n        ServerName soporte.siua.ac.cr\n        ServerAlias www.soporte.siua.ac.cr\n        ErrorLog \/var\/log\/apache2\/soporte80.siua.ac.cr-error.log\n        CustomLog \/var\/log\/apache2\/soporte80.siua.ac.cr-access.log common\n\n        #*********************************************************\n        #********  DATOS DEL WEBMASTER  **************************\n        #*********************************************************\n        ServerAdmin interuniversitariadealajuela@gmail.com\n        Header add Author \"Unidad de Gestion e Innovacion Tecnologica\"\n\n        #*********************************************************\n        #*********  DATOS DEL REDIRECCIONAMIENTO  ****************\n        #*********************************************************\n\n       RewriteEngine on\n        RewriteCond %{SERVER_NAME} =www.soporte.siua.ac.cr [OR]\n        RewriteCond %{SERVER_NAME} =soporte.siua.ac.cr\n        RewriteRule ^ https:\/\/%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]\n\n&lt;\/VirtualHost><\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Y me crea el archivo<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/apache2\/sites-available\/soporte.siua.ac.cr-le-ssl.conf<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;IfModule mod_ssl.c>\n&lt;VirtualHost 181.193.87.6:443>\n\n        #**********************************************************\n        #*********  DATOS DEL SITIO WEB  **************************\n        #**********************************************************\n        ServerName soporte.siua.ac.cr\n        ServerAlias www.soporte.siua.ac.cr\n        ErrorLog \/var\/log\/apache2\/soporte80.siua.ac.cr-error.log\n        CustomLog \/var\/log\/apache2\/soporte80.siua.ac.cr-access.log common\n\n        #*********************************************************\n        #********  DATOS DEL WEBMASTER  **************************\n        #*********************************************************\n        ServerAdmin interuniversitariadealajuela@gmail.com\n        Header add Author \"Unidad de Gestion e Innovacion Tecnologica\"\n\n        #*********************************************************\n        #*********  DATOS DEL REDIRECCIONAMIENTO  ****************\n        #*********************************************************\n        Include \/etc\/letsencrypt\/options-ssl-apache.conf\n        SSLCertificateFile \/etc\/letsencrypt\/live\/soporte.siua.ac.cr\/fullchain.pem\n        SSLCertificateKeyFile \/etc\/letsencrypt\/live\/soporte.siua.ac.cr\/privkey.pem\n&lt;\/VirtualHost>\n&lt;\/IfModule>\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora vamos a modificarlo en 2 aspectos:<ul><li>Que las solicitudes 443 tengan su propio error_log separado a puerto 80, para identificar los errores de forma separada<\/li><li>y vamos activar el proxy reverso para que solicite la informaci\u00f3n del servidor interno (\u00abfaveo\u00bb) as\u00ed como la funcionalidad de SSL para que podamos dirigir la solitude forma directa a \u00abhttps:\/\/10.20.200.11\u00bb<\/li><\/ul><\/li><li>Quedando as\u00ed:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;IfModule mod_ssl.c>\n&lt;VirtualHost 181.193.87.6:443>\n\n        #**********************************************************\n        #*********  DATOS DEL SITIO WEB  **************************\n        #**********************************************************\n        ServerName soporte.siua.ac.cr\n        ServerAlias www.soporte.siua.ac.cr\n        ErrorLog \/var\/log\/apache2\/soporte443.siua.ac.cr-error.log\n        CustomLog \/var\/log\/apache2\/soporte443.siua.ac.cr-access.log common\n\n        #*********************************************************\n        #********  DATOS DEL WEBMASTER  **************************\n        #*********************************************************\n        ServerAdmin interuniversitariadealajuela@gmail.com\n        Header add Author \"Unidad de Gestion e Innovacion Tecnologica\"\n\n        #*********************************************************\n        #*********  DATOS DEL REDIRECCIONAMIENTO  ****************\n        #*********************************************************\n        ProxyPreserveHost On\n        ProxyRequests off\n        SSLProxyEngine on\n        ProxyPass \/ https:\/\/10.20.200.11\/\n        ProxyPassReverse \/ https:\/\/10.20.200.11\/\n\n        Include \/etc\/letsencrypt\/options-ssl-apache.conf\n        SSLCertificateFile \/etc\/letsencrypt\/live\/soporte.siua.ac.cr\/fullchain.pem\n        SSLCertificateKeyFile \/etc\/letsencrypt\/live\/soporte.siua.ac.cr\/privkey.pem\n&lt;\/VirtualHost>\n&lt;\/IfModule>\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Reiniciamos el servidor:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>service apache2 reload<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Host:&nbsp;Servidor Interno&nbsp;faveo<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Vamos a crear una carpeta para almacenar&nbsp; los certificados generados por letsencrypt<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir \/etc\/nginx\/ssl\/<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Y dentro de esta creamos otra carpeta para que contenga los certificados del dominio soporte.siua.ac.cr<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>mkdir \/etc\/nginx\/ssl\/soporte.siua.ac.cr<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Le damos permisos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>chmod 777 -R \/etc\/nginx\/ssl<\/code><\/pre>\n\n\n\n<h1 class=\"wp-block-heading\"><strong>Crear llaves SSH de confianza&nbsp;entre los servidores<\/strong><\/h1>\n\n\n\n<h2 class=\"wp-block-heading\">Host: Faveo<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Como el servidor esta en Ubuntu 17.10 debemos habilitar la cuenta de root para poder ingresar por ssh as\u00ed como otras caracter\u00edsticas para permitir el ingreso por llaves ssh<\/li><li>Ingresamos como root<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo su\no \nsudo -i<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Establecemos una contrase\u00f1a para root<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>passwd root<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Resultado:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>Introduzca la nueva contrase\u00f1a de UNIX: CA3\nVuelva a escribir la nueva contrase\u00f1a de UNIX: CA3\npasswd: password updated successfully<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora abrimos el archivo<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/etc\/ssh\/sshd_config<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Modificamos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>PermitRootLogin yes\nPubkeyAuthentication yes\nAuthorizedKeysFile      .ssh\/authorized_keys .ssh\/authorized_keys2\nPasswordAuthentication yes<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Reiniciamos el servicio<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>service sshd restart<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Y con esto ya podemos ingresar con el usuario root por ssh<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ssh -l root 10.20.200.11<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Host: Proxy<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Ingresamos a la carpeta .ssh del usuario root<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>cd \/root\/.ssh\/<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Creamos las llaves para el cliente CON CONTRASE\u00d1A EN BLANCO<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ssh-keygen -t rsa<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Resultado:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>Generating public\/private rsa key pair.\nEnter file in which to save the key (\/root\/.ssh\/id_rsa):\nEnter passphrase (empty for no passphrase):\nEnter same passphrase again:\nYour identification has been saved in llave_proxy_rev_ext.\nYour public key has been saved in llave_proxy_rev_ext.pub.\nThe key fingerprint is:\nSHA256:Eao0rOXn89R8pg3FjvPKsYUwBlAXaBxHBMZrHt06u78 root@proxy-reverso-ex\nThe key's randomart image is:\n+---[RSA 2048]----+\n| .+=*B. |\n| . o=+ . |\n| =.oo.. |\n| = o+..... |\n| . oo..S. o |\n| o..o= = |\n| o .oO = |\n| +.. % |\n| ooEoo |\n+----[SHA256]-----+<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Ya podemos listar los archivos para ver las llaves<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ls<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Resultado:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>id_rsa id_rsa.pub known_hosts<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora vamos a publicar nuestra llave \u00abp\u00fablica en el servidor remoto\u00bb<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ssh-copy-id root@10.20.200.11<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Resultado:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>\/usr\/bin\/ssh-copy-id: INFO: Source of key(s) to be installed: \"\/root\/.ssh\/id_rsa.pub\"\n\/usr\/bin\/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed\n\/usr\/bin\/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys\nroot@10.20.200.11's password: \n\nNumber of key(s) added: 1\n\nNow try logging into the machine, with: \"ssh 'root@10.20.200.11'\"\nand check to make sure that only the key(s) you wanted were added.<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Podemos probar&nbsp;<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>ssh root@10.20.200.11<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Host: Servidor POXY-Reverso<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Vamos a copiar los&nbsp;certificados al servidor interno<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>scp -r \/etc\/letsencrypt\/archive\/soporte.siua.ac.cr\/fullchain1.pem root@10.20.200.11:\/etc\/nginx\/ssl\/soporte.siua.ac.cr\/fullchain.pem\n<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>scp -r \/etc\/letsencrypt\/archive\/soporte.siua.ac.cr\/privkey1.pem root@10.20.200.11:\/etc\/nginx\/ssl\/soporte.siua.ac.cr\/privkey.pem<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Host: Servidor Interno faveo<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Ahora vamos a modificar el archivo de configuraci\u00f3n de nginx-faveo para que redirija todas las solicitudes 80 a 443&nbsp;<\/li><li>Abrimos el archivo<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># Faveo Helpdesk - Basic, Quick-Start NGINX Server Block\n# 16.06.18 Author: Mathieu Aubin\n\nupstream faveo_php {\nserver unix:\/\/opt\/faveo\/run\/faveo_php.socket;\n}\n\n\nserver {\nlisten 80;\nlisten 127.0.0.1:80;\n\n# Edit the following line with the correct information.\nserver_name soporte.siua.ac.cr;\n\nerror_log \/opt\/faveo\/log\/faveo_error_log;\naccess_log \/opt\/faveo\/log\/faveo_access_log;\nroot \/opt\/faveo\/faveo-helpdesk\/public;\nindex index.php index.html index.htm;\n\nerror_page 403 404 405 500 501 502 503 504 @error;\n\ntry_files $uri $uri\/ \/index.php?$args;\n\nlocation @error {\nrewrite ^\/(.*)$ \/index.php?$1;\n}\n\nlocation ~ \/\\. {\ndeny all;\n}\n\nlocation ~ \/(artisan|composer.json|composer.lock|gulpfile.js|LICENSE|package.json|phpspec.yml|phpunit.xml|README.md|readme.txt|release-notes.txt|server.php) {\ndeny all;\n}\n\nlocation ~ [^\/]\\.php(\/|$) {\nfastcgi_split_path_info ^(.+?\\.php)(\/.*)$;\nif (!-f $document_root$fastcgi_script_name) {\nreturn 404;\n}\ninclude \/etc\/nginx\/fastcgi_params;\nfastcgi_index index.php;\nfastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\nfastcgi_pass faveo_php;\nfastcgi_read_timeout 240;\n}\n}<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Y lo modificamos a&nbsp;<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code># Faveo Helpdesk - Basic, Quick-Start NGINX Server Block\n# 16.06.18 Author: Mathieu Aubin \n\nupstream faveo_php {\n server unix:\/\/opt\/faveo\/run\/faveo_php.socket;\n}\n\nserver {\n listen 80;\n server_name soporte.siua.ac.cr;\n\n return 301 https:\/\/$host$request_uri;\n}\n\nserver {\n\n listen 443 ssl;\n\n # Edit the following line with the correct information.\n server_name soporte.siua.ac.cr;\n\n\n ssl on;\n ssl_certificate \/etc\/nginx\/ssl\/soporte.siua.ac.cr\/fullchain.pem;\n ssl_certificate_key \/etc\/nginx\/ssl\/soporte.siua.ac.cr\/privkey.pem;\n\n\n ssl_session_timeout 5m;\n ssl_protocols SSLv2 SSLv3 TLSv1;\n ssl_ciphers HIGH:!aNULL:!MD5;\n ssl_prefer_server_ciphers on;\n\n error_log \/opt\/faveo\/log\/faveo_error_log;\n access_log \/opt\/faveo\/log\/faveo_access_log;\n root \/opt\/faveo\/faveo-helpdesk\/public;\n index index.php index.html index.htm;\n\n error_page 403 404 405 500 501 502 503 504 @error;\n\n try_files $uri $uri\/ \/index.php?$args;\n\n location @error {\n rewrite ^\/(.*)$ \/index.php?$1;\n }\n\n location ~ \/\\. {\n deny all;\n }\n\n\n location ~ \n\/(artisan|composer.json|composer.lock|gulpfile.js|LICENSE|package.json|phpspec.yml|phpunit.xml|README.md|readme.txt|release-notes.txt|server.php)\n {\n deny all;\n }\n\n location ~ [^\/]\\.php(\/|$) {\n fastcgi_split_path_info ^(.+?\\.php)(\/.*)$;\n if (!-f $document_root$fastcgi_script_name) {\n return 404;\n }\n include \/etc\/nginx\/fastcgi_params;\n fastcgi_index index.php;\n fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\n fastcgi_pass faveo_php;\n fastcgi_read_timeout 240;\n }\n}\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>&nbsp;Reiniciamos el servicio<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nginx -t &amp;&amp; sudo nginx -s reload<\/code><\/pre>\n\n\n\n<h1 class=\"wp-block-heading\">Crear Autorenovaci\u00f3n<\/h1>\n\n\n\n<h3 class=\"wp-block-heading\">Host: PROXY<\/h3>\n\n\n\n<ul class=\"wp-block-list\"><li>&nbsp;Creamos un archivo de renovaci\u00f3n&nbsp;<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>nano \/root\/ssh-renew.sh<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>&nbsp;Agregamos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>#Indicamos que renueve todos los certificados\ncertbot renew --dry-run\n\n#Servidor soporte (FAVEO)\nscp -r \/etc\/letsencrypt\/archive\/soporte.siua.ac.cr\/fullchain1.pem root@10.20.200.11:\/etc\/nginx\/ssl\/soporte.siua.ac.cr\/fullchain.pem\nscp -r \/etc\/letsencrypt\/archive\/soporte.siua.ac.cr\/privkey1.pem root@10.20.200.11:\/etc\/nginx\/ssl\/soporte.siua.ac.cr\/privkey.pem<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>&nbsp;Le damos permisos de ejecuci\u00f3n<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>chmod 755 \/root\/ssh-renew.sh<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>&nbsp;Abrir crontab para ejecutarlo cada 30 d\u00edas<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>crontab -e<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Resultado:<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>no crontab for root - using an empty one Select an editor. To change later, run 'select-editor'. 1. \/bin\/nano &lt;---- easiest 2. \/usr\/bin\/vim.tiny Choose 1-2 [1]: 1 <\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\"><li>Agregamos<\/li><\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>@monthly \/root\/ssl-renew.sh<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Proxy reverso Faveo<\/p>\n","protected":false},"author":2,"featured_media":2063,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[169,12,29],"class_list":["post-745","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-proxmox","tag-faveo","tag-proxmox","tag-proxy"],"blocksy_meta":{"styles_descriptor":{"styles":{"desktop":"","tablet":"","mobile":""},"google_fonts":[],"version":6}},"_links":{"self":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/745","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=745"}],"version-history":[{"count":3,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/745\/revisions"}],"predecessor-version":[{"id":2064,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/posts\/745\/revisions\/2064"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=\/wp\/v2\/media\/2063"}],"wp:attachment":[{"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=745"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=745"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sada.services\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=745"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}