diff --git a/remna.md b/remna.md index c30bbe5..cb89fe3 100644 --- a/remna.md +++ b/remna.md @@ -54,3 +54,115 @@ curl https://get.acme.sh | sh -s email=EMAIL && source ~/.bashrc ``` acme.sh --issue --standalone -d 'DOMAIN' --key-file /opt/remnawave/nginx/privkey.key --fullchain-file /opt/remnawave/nginx/fullchain.pem --alpn --tlsport 8443 ``` +Тут, вообще, я-бы даже рекомендовал вам попробовать сделать это через Nginx proxy manager (на случай если вы будете разворачивать другие сервисы на сервере) +Так или иначе, конфигурим nginx +``` +cd /opt/remnawave/nginx && nano nginx.conf +``` +И суём туда следующий конфиг +``` +upstream remnawave { + server remnawave:3000; +} + +server { + server_name REPLACE_WITH_YOUR_DOMAIN; + + listen 443 ssl reuseport; + listen [::]:443 ssl reuseport; + http2 on; + + location / { + proxy_http_version 1.1; + proxy_pass http://remnawave; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # SSL Configuration (Mozilla Intermediate Guidelines) + ssl_protocols TLSv1.2 TLSv1.3; + ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305; + + ssl_session_timeout 1d; + ssl_session_cache shared:MozSSL:10m; + ssl_session_tickets off; + ssl_certificate "/etc/nginx/ssl/fullchain.pem"; + ssl_certificate_key "/etc/nginx/ssl/privkey.key"; + ssl_trusted_certificate "/etc/nginx/ssl/fullchain.pem"; + + ssl_stapling on; + ssl_stapling_verify on; + resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s; + resolver_timeout 2s; + + # Gzip Compression + gzip on; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; + gzip_http_version 1.1; + gzip_min_length 256; + gzip_types + application/atom+xml + application/geo+json + application/javascript + application/x-javascript + application/json + application/ld+json + application/manifest+json + application/rdf+xml + application/rss+xml + application/xhtml+xml + application/xml + font/eot + font/otf + font/ttf + image/svg+xml + text/css + text/javascript + text/plain + text/xml; +} + +server { + listen 443 ssl default_server; + listen [::]:443 ssl default_server; + server_name _; + + ssl_reject_handshake on; +} +``` +После чего создаём docker-compose файл +``` +cd /opt/remnawave/nginx && nano docker-compose.yml +``` +И пихаем туда следующее +``` +services: + remnawave-nginx: + image: nginx:1.28 + container_name: remnawave-nginx + hostname: remnawave-nginx + volumes: + - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro + - ./fullchain.pem:/etc/nginx/ssl/fullchain.pem:ro + - ./privkey.key:/etc/nginx/ssl/privkey.key:ro + restart: always + ports: + - '0.0.0.0:443:443' + networks: + - remnawave-network + +networks: + remnawave-network: + name: remnawave-network + driver: bridge + external: true +``` +Запускаем контейнеры и идём на наш домен в браузере +``` +docker compose up -d && docker compose logs -f -t +``` \ No newline at end of file