H-O-O-T-S/Open-RSC-Docker-Home
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Certbot with HTTPS is working

Browse Source
This commit is contained in:
Marwolf
2018-08-18 19:51:03 -04:00
parent 23f6432dd7
commit 38c55adde7
6 changed files with 56 additions and 142 deletions
Download Patch File Download Diff File Expand all files Collapse all files

72
etc/nginx/HTTPS_default.conf.BAK
View File

@@ -8,42 +8,43 @@ upstream ghost {
# HTTP
server {
listen 8080 default_server;
listen [::]:8080 default_server ipv6only=on;
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name ${NGINX_HOST};
error_log /opt/bitnami/nginx/logs/error.log;
access_log /opt/bitnami/nginx/logs/access.log;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
location / {
root /opt/bitnami/nginx/html;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
}
rewrite ^ https://$http_host$request_uri? permanent; #Redirect traffic to HTTPS
rewrite ^ https://$http_host$request_uri? permanent;
}
# HTTPS
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${NGINX_HOST};
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${NGINX_HOST};
error_log /opt/bitnami/nginx/logs/error.log;
access_log /opt/bitnami/nginx/logs/access.log;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 1.1.1.1;
ssl_certificate /etc/letsencrypt/live/${NGINX_HOST}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${NGINX_HOST}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/${NGINX_HOST}/chain.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 1.1.1.1;
ssl_certificate /etc/letsencrypt/live/wolfkingdom.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wolfkingdom.net/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/wolfkingdom.net/chain.pem;
root /app;
index index.jsp index.html index.htm;
@@ -51,30 +52,25 @@ server {
client_max_body_size 100M;
location / {
root /opt/bitnami/nginx/html;
}
location '/.well-known/acme-challenge' {
default_type "text/plain";
proxy_pass http://certbot_upstream;
root /var/www/html;
}
####### Proxies #######
# PHP proxy
# location /board {
# fastcgi_pass php:9001;
# fastcgi_index index.php;
# include fastcgi.conf;
# root /app;
# fastcgi_pass php:9001;
# fastcgi_index index.php;
# include fastcgi.conf;
# root /app;
# }
location ~ \.htm$ {
root /opt/bitnami/nginx/html;
root /var/www/html;
}
# Ghost proxy
location /blog {
proxy_pass http://ghost;
proxy_pass http://ghost;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -84,9 +80,9 @@ server {
# Tomcat proxy
location ~ \.jsp$ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tomcat;
}

26
etc/nginx/fastcgi.conf
View File

@@ -1,26 +0,0 @@
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

63
etc/nginx/nginx.conf
View File

@@ -1,63 +0,0 @@
upstream tomcat {
server tomcat:8080;
}
upstream ghost {
server ghost:2368;
}
# HTTP
server {
listen 8080 default_server;
listen [::]:8080 default_server ipv6only=on;
server_name ${NGINX_HOST};
error_log /opt/bitnami/nginx/logs/error.log;
access_log /opt/bitnami/nginx/logs/access.log;
root /app;
index index.jsp index.html index.htm;
client_max_body_size 100M;
location / {
try_files $uri $uri/ =404;
}
####### Proxies #######
# PHP proxy
# location /board {
# fastcgi_pass php:9001;
# fastcgi_index index.php;
# include fastcgi.conf;
# root /app;
# }
location ~ \.htm$ {
root /opt/bitnami/nginx/html;
}
# Ghost proxy
location /blog {
proxy_pass http://ghost;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
# Tomcat proxy
location ~ \.jsp$ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tomcat;
}
location ~ /\.well-known/acme-challenge {
root /opt/bitnami/nginx/html;
allow all;
}
}