nginx proxy_pass_new

apt install -y nginx mc
systemctl restart nginx
systemctl status nginx
mkdir -p /web/sites/nginx.sytes.net/{www,log}
chown -R www-data. /web/sites/
openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Малый конфиг для установки ssl

mcedit /etc/nginx/conf.d/nginx.sytes.net.conf
server {
    listen 80;
    server_name nginx.sytes.net;
    root /web/sites/nginx.sytes.net/www/;
    index index.php index.html index.htm;
    access_log /web/sites/nginx.sytes.net/log/access.log;
    error_log /web/sites/nginx.sytes.net/log/error.log;

    location / {
    return 301 https://nginx.sytes.net$request_uri;
    }
}


sudo apt update
sudo apt -y install snapd sudo

sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Прежде чем запускать команду нужно сделать проброс или открыть порты на ружу 80,443,53
sudo certbot --nginx


************************************************************
После установки certbot заменить на этот

mcedit /etc/nginx/conf.d/nginx.sytes.net.conf


server {
    listen 80;
    server_name nginx.sytes.net;
    access_log /var/log/nginx/nginx.sytes.net-access.log;
    error_log /var/log/nginx/nginx.sytes.net-error.log;
    return 301 https://$server_name$request_uri; # редирект обычных запросов на https
    }

server {
    listen 443 ssl http2;
    server_name nginx.sytes.net;
    access_log /var/log/nginx/nginx.sytes.net-ssl-access.log;
    error_log /var/log/nginx/nginx.sytes.net-ssl-error.log;


    ssl_certificate /etc/letsencrypt/live/nginx.sytes.net/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/nginx.sytes.net/privkey.pem;
    ssl_session_timeout 190m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;


 location / {
       proxy_pass http://10.20.7.70:8080;
       proxy_set_header Host $host;
    }
}