sudo yum update
sudo yum install -y docker nginx certbot python3-certbot-nginx git
sudo systemctl start docker
sudo systemctl enable docker
sudo usermod -a -G docker ec2-user
sudo systemctl start nginx
sudo systemctl enable nginx
# setup auto updates
# see https://serverfault.com/questions/1145773/how-to-setup-automatic-security-updates-on-aws-linux-al2023
echo -e '!/bin/bash\n
readonly V=$(/usr/bin/dnf check-release-update --latest-only --version-only 2>&1)\n
[ -n "$V" ] && /usr/bin/dnf upgrade --security --assumeyes --releasever=$V\n' | sudo tee /etc/cron.daily/dnf-updates
# symlink in your nginx config, and tweak the default in /etc/nginx/nginx.conf
sudo certbot --nginx -d example.com
sudo systemctl restart nginx
# examine the state of the auto renewal
ls /lib/systemd/system/certbot-renew.timer
sudo systemctl status certbot-renew.timer
sudo systemctl enable certbot-renew.timer
sudo systemctl start certbot-renew.timer
systemctl list-timers --all | grep certbot
sudo certbot --nginx -d example.com
fails with "Could not automatically find a matching server block."
Trim the default nginx config to not have a server block or change its name.
Dump something useful in the /etc/nginx/conf.d/ folder, if that is included in the default one.
See what script nginx is configured for with
$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Consider setting up a proxy server to a modern app similar to what is on here:
or here
https://github.com/peteristhegreat/flask-docker-nginx-certbot/blob/main/ReadMe.md
Put that file in /etc/nginx/conf.d/www.example.com.conf
Also you may need /etc/nginx/proxy_params (included on debian, not on centos based nginx)
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;