Site updated at 2017-05-30 10:30:40 UTC

docs/ecosystem/nginx/index.html

@@ -83,6 +83,7 @@
 <h4><a class="title-link" name="using-openssl" href="#using-openssl"></a> Using openssl</h4>
 <p>If you do not own your own domain, you may generate a self-signed certificate. This will not work with IFTTT, but it will encrypt all of your Home Assistant traffic.</p>
 <div class="highlighter-rouge"><pre class="highlight"><code>openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 9999
+openssl rsa -in key.pem -out key.pem
 sudo cp key.pem cert.pem /etc/nginx/ssl
 sudo chmod 600 /etc/nginx/ssl/key.pem /etc/nginx/ssl/cert.pem
 sudo chown root:root /etc/nginx/ssl/key.pem /etc/nginx/ssl/cert.pem
@@ -96,6 +97,9 @@ sudo openssl dhparam -out dhparams.pem 2048
 </div>
 <h3><a class="title-link" name="5-install-configuration-file-in-nginx" href="#5-install-configuration-file-in-nginx"></a> 5. Install configuration file in nginx.</h3>
 <p>Create a new file <code class="highlighter-rouge">/etc/nginx/sites-available/hass</code> and copy the configuration file at the bottom of the page into it.</p>
+<p class="note">
+Some Linux distributions (including CentOS and Fedora) will not have the <code class="highlighter-rouge">/etc/nginx/sites-available/</code> directory. In this case, remove the default server {} block from the <code class="highlighter-rouge">/etc/nginx/nginx.conf</code> file and paste the contents from the bottom of the page in its place. If doing this, proceed to step 7.
+</p>
 <h3><a class="title-link" name="6-enable-the-home-assistant-configuration" href="#6-enable-the-home-assistant-configuration"></a> 6. Enable the Home Assistant configuration.</h3>
 <div class="highlighter-rouge"><pre class="highlight"><code>cd /etc/nginx/sites-enabled
 sudo unlink default
@@ -107,56 +111,54 @@ sudo ln ../sites-available/hass default
 <h3><a class="title-link" name="8-port-forwarding" href="#8-port-forwarding"></a> 8. Port forwarding.</h3>
 <p>Forward ports 443 and 80 to your server on your router. Do not forward port 8123.</p>
 <h3><a class="title-link" name="nginx-config" href="#nginx-config"></a> NGINX Config</h3>
-<div class="highlighter-rouge"><pre class="highlight"><code>http {
-    map $http_upgrade $connection_upgrade {
-        default upgrade;
-        ''      close;
-    }
+<div class="highlighter-rouge"><pre class="highlight"><code>map $http_upgrade $connection_upgrade {
+    default upgrade;
+    ''      close;
+}
 
-    server {
-        # Update this line to be your domain
-        server_name example.com;
+server {
+    # Update this line to be your domain
+    server_name example.com;
 
-        # These shouldn't need to be changed
-        listen [::]:80 default_server ipv6only=off;
-        return 301 https://$host$request_uri;
-    }
+    # These shouldn't need to be changed
+    listen [::]:80 default_server ipv6only=off;
+    return 301 https://$host$request_uri;
+}
 
-    server {
-        # Update this line to be your domain
-        server_name example.com;
+server {
+    # Update this line to be your domain
+    server_name example.com;
 
-        # Ensure these lines point to your SSL certificate and key
-        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
-        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
-        # Use these lines instead if you created a self-signed certificate
-        # ssl_certificate /etc/nginx/ssl/cert.pem;
-        # ssl_certificate_key /etc/nginx/ssl/key.pem;
+    # Ensure these lines point to your SSL certificate and key
+    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
+    # Use these lines instead if you created a self-signed certificate
+    # ssl_certificate /etc/nginx/ssl/cert.pem;
+    # ssl_certificate_key /etc/nginx/ssl/key.pem;
 
-        # Ensure this line points to your dhparams file
-        ssl_dhparam /etc/nginx/ssl/dhparams.pem;
+    # Ensure this line points to your dhparams file
+    ssl_dhparam /etc/nginx/ssl/dhparams.pem;
 
 
-        # These shouldn't need to be changed
-        listen [::]:443 default_server ipv6only=off; # if your nginx version is &gt;= 1.9.5 you can also add the "http2" flag here
-        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
-        ssl on;
-        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
-        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
-        ssl_prefer_server_ciphers on;
-        ssl_session_cache shared:SSL:10m;
+    # These shouldn't need to be changed
+    listen [::]:443 default_server ipv6only=off; # if your nginx version is &gt;= 1.9.5 you can also add the "http2" flag here
+    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
+    ssl on;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
+    ssl_prefer_server_ciphers on;
+    ssl_session_cache shared:SSL:10m;
 
-        proxy_buffering off;
+    proxy_buffering off;
 
-        location / {
-            proxy_pass http://localhost:8123;
-            proxy_set_header Host $host;
-            proxy_redirect http:// https://;
-            proxy_http_version 1.1;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection $connection_upgrade;
-        }
+    location / {
+        proxy_pass http://localhost:8123;
+        proxy_set_header Host $host;
+        proxy_redirect http:// https://;
+        proxy_http_version 1.1;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection $connection_upgrade;
     }
 }
 </code></pre>