Lets Encrypt on Arch Linux with Nginx and automatic renewals

Standard

This is a very quick guide for setting up Let’s Encrypt on Arch Linux, so you can get free, browser-trusted SSL certificates for all your (sub)domains. Start by installing simp_le-git from AUR:

$ wget https://aur.archlinux.org/cgit/aur.git/snapshot/simp_le-git.tar.gz
$ tar -xzvf simp_le-git.tar.gz
$ cd simp_le-git && makepkg -si

We used simp_le here because the official Let’s Encrypt client tries to automatically alter your webserver configuration and as any self-respecting sysadmin would tell you, that’s a big no-no.

Now, let’s create a certificate for our domain, in this case le.example.com. First, you need to choose a directory where you can store your certificate like this:

# mkdir -p /srv/certs/le.example.com

You can obviously choose a different directory. Now that everything is set, let’s create the certificates!

# cd /srv/certs/le.example.com
# /usr/bin/simp_le -d le.example.com:/path/to/my/webroot -f key.pem -f cert.pem -f fullchain.pem

Your directory should now contain three pem files. Now, let’s add these certificates to nginx. Open your virtualhost configuration and edit the “server” definition like this:

server {
    listen 443;
    ssl on;
    ssl_certificate /srv/certs/le.example.com/fullchain.pem;
    ssl_certificate_key /srv/certs/le.example.com/key.pem;
    server_name le.examle.com;

    // rest of your config
}

If you’d also like to redirect all HTTP traffic to SSL, add the following server definition:

server {
    listen 80;
    server_name le.example.com;
    return 301 https://$server_name$request_uri;
}

Make sure you didn’t make any syntax errors:

# nginx -t

If all went well, just restart nginx:

# systemctl restart nginx

And that’s it! You should now be able to open https://le.example.com and http://example.com should redirect to the former.

Finally, let’s set a cronjob to automatically update our certificate when needed. Open up root’s crontab with:

# crontab -e

and add the following lines:

# Update lets encrypt certs for le.example.com
00 1 * * * cd /srv/certs/le.example.com && /usr/bin/simp_le -d le.example.com:/path/to/my/webroot -f key.pem -f cert.pem -f fullchain.pem && systemctl reload nginx

This will check your certificates once every day and, if necessary, update them and reload nginx (It won’t be reloaded if no update is required).

I hope this guide is useful to someone willing to try out Let’s Encrypt. If you have any question, do let me know in the comments.

Ayın Xfce Masaüstü!

Standard

Uzunca bir aradan sonra, ayın Xfce masaüstü görüntülerine devam etmek istedim. Hatta o kadar çok zaman geçmiş ki, bu ay iki tane göstererek telafi etmeye çalışayım 🙂

Xfwm: Ambiance
Gtk+: Modifiye Ambiance (s/turuncu/mor)
Simgeler: Faenza Dark
Conky: Özel, gerçek transparanlık destekli! (conky >= 1.8 gerekiyor).

 

Xfwm: Elementary
Gtk+: Elementary
Simgeler: Elementary Icons
Conky: Özel, gerçek transparanlık destekli! (conky >= 1.8 gerekiyor).

LVM için Türkçe dokümantasyon!

Standard

Bugün Arch Linux wikisinde bulunan LVM (Logical Volume Manager) makalesinin Türkçe çevirisini nihayet tamamladım! Makalenin neredeyse tamamı dağıtımdan bağımsız, o yüzden talimatları istediğiniz dağıtımda rahatça kullanabilirsiniz. Kısaca tanımlarsak:

LVM, Linux çekirdeği için bir Mantıksal Hacim Yöneticisi’dir. LVM kullanarak depolama alanınızı soyut hale getirebilir, düzenlemesi daha kolay olan “sanal disk bölümleri” oluşturabilirsiniz.

Çeviriye buradan erişebilirsiniz. Umarım ilgilenenlere faydalı olur 🙂