SSL para SERVERPILOT

Sergio Reina Deja un comentario

https://blog.rehmat.works/lets-encrypt-ssl-certificate-on-serverpilot-free-servers-cmcrv

ServerPilot’s free plan doesn’t let you enable SSL on your apps using their web-based interface but if you need to install SSL certs on your apps in a ServerPilot free server, then I’ve brought you a useful Python package (available via PIP) that will automate the SSL installation for you.

Getting Started
Sign into your server as root using an SSH client and then install the package using PIP. If PIP isn’t installed on your system, first install it:

apt install python-pip
And then install rwssl package:

pip install rwssl
Once installed, you will have a new command rwssl available in your SSH client.

Installing SSLs
To install SSL certs on all apps automatically, run:

rwssl -a
The above command will instruct rwssl to find all apps, parse their domains by analyzing vhost files and then it will obtain SSL certs for all of the domains listed in the vhost file.

If you want to ignore some apps and install SSL certs on the remaining ones, that’s an easy task. Just run:

rwssl -i ‘app1,app2,app3,app4’
Above command will make rwssl ignore app1, app2, app3 and app4 and install SSL certificates on all remaining apps.

In some scenarios, you will need to install SSL certificates for the newly added apps only. This can be achived easily as well. Simply do:

rwssl -f
This command will obtain and install SSL certs on the fresh apps only that don’t have any SSL certificate installed on them yet.

Sometimes you might encounter issues with old SSL vhost files either added manually or using my old script. There is a command available to refresh all SSL websites:

rwssl -re
Please note that above command will delete all SSL vhost files, will obtain new SSL certs and then it will rewrite the SSL vhosts. If any orphaned vhost files are there (i.e. without any active domains on them), they will get deleted and they will not be created again.

Obviously you aren’t bound to run the SSL installation command on some bulk apps only and SSL certs can be installed on an individual app as well:

rwssl -n appname
Renewing SSLs
To enable auto-renewal of SSLs, enable rwssl CRON job:

rwssl -ic
And to attempt the renewal manually, run:

rwssl -r
Enabling Auto-Pilot Mode
This is yet another CRON job that runs every few minutes, finds newly added apps and then it obtains SSL certs for those apps automatically. When enabled, you don’t need to SSH into your server again and again. Simply add your app using ServerPilot control panel, wait for a few minutes and SSL cert will be available on your app automatically:

rwssl -ap
And to disable auto-pilot mode, do:

rwssl -na
Forcing HTTPS (301)
You don’t need to force HTTPS using .htaccess file as this option is packaged with rwssl already. To force HTTPS, simply run:

rwssl -redir all
or

rwssl -redir appname
The first command will force HTTPS on all apps and the second one will force HTTPS on a single app.

To disable the HTTPS redirect:

rwssl -noredir all
or

rwssl -noredir appname
Upgrading
If you are using my old script, then you need to first delete it and then follow the Getting Started section in this guide:

rm /usr/local/bin/rwssl && pip install rwssl
Upgrading to a newer version is super-easy:

pip install –upgrade rwssl
Uninstall
To uninstall rwssl, simply do:

pip uninstall rwssl
And then delete the added CRON jobs:

# Delete SSL renewal cron
rm /etc/cron.d/rwsslrenew
# Also delete auto-pilot cron
rm /etc/cron.d/rwssl
The package is hosted at GitHub and PyPi. If you have any issue with rwssl, then you can either leave a comment below or open an issue at GitHub page.

Instalar cerbot para nginx letsencrypt

Sergio Reina Deja un comentario

Now that LEMP is installed, continue below to get Let’s Encrypt installed and configured. Let’s Encrypt now provides a Nginx client to automate this process. To get the client installed on Ubuntu, run the commands below

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx

After that run the commands below to obtain your free Let’s Encrypt SSL/TLS certificate for the domain example.com

sudo certbot --nginx -d example.com -d www.example.com

After running the above commands, you should get prompted to enter your email and accept the licensing terms. If everything is checked, the client should automatically install the free SSL/TLS certificate and configure the Nginx site to use the certs.

Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory
-------------------------------------------------------------------------------
(A)gree/(C)ancel: A

Choose Yes ( Y ) to share your email address

Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: Y

This is how easy is it to obtain your free SSL/TLS certificate for your Nginx powered website.

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Pick option 2 to redirect all traffic over HTTPS. This is important!

After that, the SSL client should install the cert and configure your website to redirect all traffic over HTTPS.

Congratulations! You have successfully enabled https://example.com and
https://www.example.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=example.com
https://www.ssllabs.com/ssltest/analyze.html?d=www.example.com
-------------------------------------------------------------------------------

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/example.com/privkey.pem
   Your cert will expire on 2018-02-24. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

The highlighted code block should be added to your Nginx configuration file automatically by Let’s Encrypt certbot. Your site is ready to be used over HTTPS.

server {
    listen 80;
    listen [::]:80;
    root /var/www/html/example.com;
    index  index.php index.html index.htm;
    server_name  example.com www.example.com;
    location / {
    try_files $uri $uri/ /index.php?$args;
    }
    location ~ \.php$ {
    fastcgi_split_path_info  ^(.+\.php)(/.+)$;
    fastcgi_index            index.php;
    fastcgi_pass             unix:/var/run/php/php7.1-fpm.sock; #Ubuntu 17.10
  # fastcgi_pass             unix:/var/run/php/php7.0-fpm.sock; #Ubuntu 17.04
    include                  fastcgi_params;
    fastcgi_param   PATH_INFO       $fastcgi_path_info;
    fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
 
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    # Redirect non-https traffic to https
    # if ($scheme != "https") {
    #     return 301 https://$host$request_uri;
    # } # managed by Certbot
}

After that, browse to your domain name and the site should respond over HTTPS.

 

Para renovar automáticamente los certificados.

  1. Para probar que todo funciona correcto (dry run — no se renovará nada) 
    sudo certbot renew --dry-run
  2. Insertar en el cron 
    sudo certbot renew

Cambiar versión php cli

Sergio Reina Deja un comentario

Una vez instalados los diferentes cli de php se puede cambiar facilmente sin tener que crear enlaces simbólicos de la siguiente manera

sudo update-alternatives --set php /usr/bin/php5.6
sudo update-alternatives --set php /usr/bin/php7.0
sudo update-alternatives --set php /usr/bin/php7.1
sudo update-alternatives --set php /usr/bin/php7.2

Install Multiple Versions of PHP on Ubuntu 16.04/17.10 via PPA

Sergio Reina Deja un comentario

The easiest way to install multiple versions of PHP is by using the PPA from Ondřej Surý, who is also the maintainer of certbot PPA. To add this PPA, run the following commands in terminal. The software-properties-common package is needed if you want to install software from PPA. It’s installed automatically on Ubuntu desktop, but might be missing on your Ubuntu server.

sudo apt install software-properties-common

sudo add-apt-repository ppa:ondrej/php

sudo apt update

 

Now you can install PHP7.2 on Ubuntu 16.04/17.10 by executing the following command.

sudo apt install php7.2 php7.2-fpm

And install some common PHP7.2 extensions.

sudo apt install php7.2-mysql php7.2-mbstring php7.2-xml php7.2-gd php7.2-curl php7.2-zip

You can view all available PHP7.2 extensions by typing in sudo apt install php7.2 and pressing Tab key twice.

 

To install PHP7.1 on Ubuntu 16.04/17.10, run

sudo apt install php7.1 php7.1-fpm

Install some common PHP7.1 extensions.

sudo apt install php7.1-mysql php7.1-mbstring php7.1-xml php7.1-gd php7.1-curl php7.1-zip

You can install PHP7.0 and PHP5.6 in the same way. Simply replace the version number in these commands.

 

Switching PHP Version in Nginx Server Block

It’s very easy to switch PHP version in Nginx server block. As you probably know, Nginx runs PHP code via PHP-FPM, which listens on a Unix socket. The socket file is located in /run/php/ directory.

location ~ \.php$ {
    fastcgi_pass unix:/run/php/php5.6-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
    include snippets/fastcgi-php.conf;
  }

I’m sure you get the idea now. Save and close the file. Then reload Nginx for the changes to take effect.

sudo systemctl reload nginx

Tarjetas de prueba para integración REDSYS TPV

Sergio Reina Deja un comentario

Tu banco (ING, Bankia, BBVA, Santanter, Sabadell,…) te pedirá que realices estas dos pruebas:

  • Realizar al menos una operación Autorizada. Utilice esta tarjeta de prueba:
    • Número de tarjeta: 4548812049400004
    • Caducidad: 12/20
    • Código CVV2: 123
    • Código CIP: 123456
  • Realizar al menos una operación Denegada. Utilice esta tarjeta de prueba:
    • Número de tarjeta: 1111111111111117
    • Caducidad: 12/20

Una vez realizadas las pruebas, debes realizar por mail la petición para pasar al entorno REAL (PRODUCCIÓN).