# Create nginx.repo
vim /etc/yum.repos.d/nginx.repo
#### content ####
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=0
enabled=1
###############
sudo yum update nginx
sudo service nginx start

systemctl start nginx
systemctl enable nginx
systemctl status nginx

# Firewall stuff:
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload

chmod -R 755 /var/www
mkdir -p /var/www/kimconnect/blog
chown -R $webadmin:$webadmin/var/www/kimconnect/blog
chown -R $webadmin:$webadmin/var/www/kimconnect

vim /var/www/kimconnect/index.html
### file content ###
<html>
<head>
<title>Welcome to KimConnect.com!</title>
</head>
<body>
<h1>Success! The KimConnect server block is working!</h1>
</body>
</html>
########3

mkdir /etc/nginx/sites-available
mkdir /etc/nginx/sites-enabled

ls /etc/nginx/sites-available

# Set nginx to use sites-enabled config files
vim /etc/nginx/nginx.conf
# comment out
### Include this at end of file, right before the last curly bracket }
include /etc/nginx/sites-enabled/*.conf;
server_names_hash_bucket_size 64;
#############
vim /etc/nginx/sites-available/kimconnect.com.conf
##### Input these lines #####
server {
listen 80;
server_name kimconnect.com;
return 301 https://blog.kimconnect.com$request_uri;
}

server {
listen 80;
listen 443;

ssl on;
ssl_certificate /etc/letsencrypt/live/kimconnect.com/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/kimconnect.com/privkey.pem;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;

root /var/www/kimconnect;
index index.php index.html index.htm;

server_name kimconnect.com;

location / {
try_files $uri $uri/ /index.php;
}

location ~ \.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080$request_uri;
}

location ~ /\.ht {
deny all;
}
}
################

ln -s /etc/nginx/sites-available/kimconnect.com.conf /etc/nginx/sites-enabled/kimconnect.com.conf
ln -s /etc/nginx/sites-available/docker.kimconnect.com.conf /etc/nginx/sites-enabled/docker.kimconnect.com.conf
ln -s /etc/nginx/sites-available/project.kimconnect.com.conf /etc/nginx/sites-enabled/project.kimconnect.com.conf

# Remove default.conf file
mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.old

# Restart nginx
systemctl restart nginx

# Check for errors:
tail -30 /var/log/nginx/error.log

# Check services and ports
netstat -tulpn


# kimconnect.NET -- Docker
vim /etc/nginx/sites-available/kimconnect.net.conf

### Content ###
server {
listen 80;
server_name kimconnect.net;

location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:9000$request_uri;
}
}
#### End Content ####

# Make link to active site
ln -s /etc/nginx/sites-available/kimconnect.net.conf /etc/nginx/sites-enabled/kimconnect.net.conf

# Restart nginx
systemctl restart nginx

# allow docker to network connect
#iptables -I INPUT 4 -p tcp -m state --state NEW -m tcp --dport 9000 -j ACCEPT
#/sbin/iptables save
firewall-cmd --zone=public --add-port=9000/tcp --permanent
firewall-cmd --reload