NGINX (AWS EC2/AZURE)

#create the ec2/azure instance

#create a DNS A record pointing nginx ec2 instance ip to {subdomain}.{domain}.{tld}
#this is required prior to executing the ./automate.sh script

#connect to the ec2 virtual machine
root@oco:~$ sudo -i {key}.pem ubuntu@ec2.compute.amazonaws.com

root@oco:~$ scp -i {key}.pem "automated_nginx.zip" root@aws.com:/home/ubuntu
 * automated_nginx.zip is a modified version of https://github.com/coffeegist/now-you-see-me
    - it is specifically modified to match the cwl CRT-ID redirector configuration

root@oco:~$ ssh -i "{key}.pem" root@aws.com
root@aws:~$ unzip automated_nginx.zip
root@aws:~$ sudo ./automate.sh

 * ensure that a DNS A record is created for the nginx ec2 instance IP

 NYSM - Select an Option: 2
  - Check Status whether there is an instance already running
 NYSM - Select an Option: 1
  - all packages will be downloaded and installed first
 Modifying nginx configs...
  What is the sites domain name?: nginx.{domain}.{tld}
  What is the C2 server address? xxx.xxx.xxx.xxx
   - enter the IP of this specific VM where nginx is installed
   
 * certificate will be stored in /etc/letsencrypt/live/{domain}.{tld}/fullchain.pem
 * the private key will be saved in /etc/letsencrypt/live/{domain.{tld}/privkey.pem
 
root@aws: service nginx status
 * if the nginx service is enabled, but not active then determine error/issue
    - error  le_nginx_SSL conflicts with already...

#fix
root@aws:~$ sudo nano /etc/letsencrypt/options-ssl-nginx.conf
 * change ssl_session_cache shared: le_nginx_SSL:10m to 1m
    - le_nginx_SSL:1m
    
#reload nginx with ssl fix
root@aws:~$ sudo nginx -c /etc/nginx/nginx.conf -t
root@aws:~$ sudo service nginx restart

#test access
root@oco:~$ BROWSER > nginx.{domain}.{tld}