Certbot with HTTPS is working

2018-08-18 19:51:03 -04:00
parent 23f6432dd7
commit 38c55adde7
6 changed files with 56 additions and 142 deletions
--- a/Certbot.sh
+++ b/Certbot.sh
@@ -0,0 +1,8 @@
 sudo certbot certonly \
 --standalone \
 --preferred-challenges http \
 --agree-tos -n \
 --config-dir ./etc/letsencrypt \
 -d wolfkingdom.net \
 -m cleako@gmail.com \
 -q
--- a/Linux_Installer.sh
+++ b/Linux_Installer.sh
@@ -76,7 +76,11 @@ if [ "$install" == "1" ]; then
        echo ""
        echo "Verifying the basics are installed."
        echo ""
-        sudo apt update && sudo apt install screen zip fail2ban unzip git build-essential apt-transport-https ca-certificates curl software-properties-common -y
+        sudo apt-get update
        sudo apt-get install software-properties-common -y
        sudo add-apt-repository ppa:certbot/certbot -y
        sudo apt-get update
        sudo apt-get install certbot screen zip fail2ban unzip git build-essential apt-transport-https ca-certificates curl software-properties-common -y
        echo ""
        echo ""
        echo "Do you have Docker installed? It is required for this."
@@ -95,7 +99,7 @@ if [ "$install" == "1" ]; then
            echo ""
            curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
            sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $vers stable"
-            sudo apt update && sudo apt install docker-ce docker-compose -y
+            sudo apt-get update && sudo apt-get install docker-ce docker-compose -y
        else
          continue
        fi
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,20 +2,22 @@ version: '3.1'
 services:
    nginx:
-        image: bitnami/nginx:latest
+        image: nginx:latest
        container_name: nginx
        volumes:
-            - "./etc/nginx:/opt/bitnami/nginx/conf/vhosts"
+            - "./etc/nginx:/etc/nginx/conf.d"
-            - "./Website:/opt/bitnami/nginx/html"
+            - "./Website:/var/www/html"
-            - "./etc/logs/nginx:/opt/bitnami/nginx/logs"
+            - "./etc/logs/nginx:/var/log/nginx"
            - "./etc/letsencrypt:/etc/letsencrypt"
 #            - "./etc/nginx/fastcgi.conf:/bitnami/nginx/conf/fastcgi.conf"
        ports:
-            - "80:8080"
+            - "80:80"
            - "443:443"
        environment:
            - NGINX_HOST=${NGINX_HOST}
        restart: always
        depends_on:
            - tomcat
            - mysqldb
    myadmin:
        image: phpmyadmin/phpmyadmin
@@ -35,8 +37,6 @@ services:
        command: chown -R 1001:1001 /bitnami
        volumes:
          - "./data/db/mysq:/bitnami/mariadb"
        depends_on:
          - nginx
    mysqldb:
        image: bitnami/mariadb:latest
@@ -69,8 +69,6 @@ services:
        volumes:
            - "./Website:/usr/local/tomcat/webapps/ROOT"
            - "./etc/tomcat:/usr/local/tomcat/conf"
        depends_on:
          - nginx
    fix-ghost-permissions:
        image: 'bitnami/ghost:latest'
@@ -78,9 +76,6 @@ services:
        command: chown -R 1001:1001 /bitnami/ghost
        volumes:
          - "./etc/ghost:/bitnami/ghost"
        depends_on:
          - mysqldb
          - nginx
    ghost:
        image: bitnami/ghost:latest
--- a/etc/nginx/HTTPS_default.conf.BAK
+++ b/etc/nginx/HTTPS_default.conf.BAK
@@ -8,42 +8,43 @@ upstream ghost {
 # HTTP
 server {
-    listen 8080                             default_server;
+    listen 80                               default_server;
-    listen [::]:8080                        default_server ipv6only=on;
+    listen [::]:80                          default_server ipv6only=on;
    server_name                             ${NGINX_HOST};
-    error_log                               /opt/bitnami/nginx/logs/error.log;
+    error_log                               /var/log/nginx/error.log;
-    access_log                              /opt/bitnami/nginx/logs/access.log;
+    access_log                              /var/log/nginx/access.log;
-    location / {
+    location ~ /.well-known/acme-challenge {
-        root   /opt/bitnami/nginx/html;
+        allow all;
        root /var/www/html;
    }
-    rewrite ^ https://$http_host$request_uri? permanent; #Redirect traffic to HTTPS
+    rewrite ^ https://$http_host$request_uri? permanent;
 }
 # HTTPS
 server {
-    listen      443           ssl http2;
+    listen      443                         ssl http2;
-    listen [::]:443           ssl http2;
+    listen [::]:443                         ssl http2;
-    server_name               ${NGINX_HOST};
+    server_name                             ${NGINX_HOST};
-    error_log                 /opt/bitnami/nginx/logs/error.log;
+    error_log                               /var/log/nginx/error.log;
-    access_log                /opt/bitnami/nginx/logs/access.log;
+    access_log                              /var/log/nginx/access.log;
-    add_header                Strict-Transport-Security "max-age=31536000" always;
+    add_header                              Strict-Transport-Security "max-age=31536000" always;
-    ssl_session_cache         shared:SSL:20m;
+    ssl_session_cache                       shared:SSL:20m;
-    ssl_session_timeout       10m;
+    ssl_session_timeout                     10m;
-    ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
+    ssl_protocols                           TLSv1 TLSv1.1 TLSv1.2;
-    ssl_prefer_server_ciphers on;
+    ssl_prefer_server_ciphers               on;
-    ssl_ciphers               "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
+    ssl_ciphers                             "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
-    ssl_stapling              on;
+    ssl_stapling                            on;
-    ssl_stapling_verify       on;
+    ssl_stapling_verify                     on;
-    resolver                  8.8.8.8 1.1.1.1;
+    resolver                                8.8.8.8 1.1.1.1;
-    ssl_certificate           /etc/letsencrypt/live/${NGINX_HOST}/fullchain.pem;
+    ssl_certificate                         /etc/letsencrypt/live/wolfkingdom.net/fullchain.pem;
-    ssl_certificate_key       /etc/letsencrypt/live/${NGINX_HOST}/privkey.pem;
+    ssl_certificate_key                     /etc/letsencrypt/live/wolfkingdom.net/privkey.pem;
-    ssl_trusted_certificate   /etc/letsencrypt/live/${NGINX_HOST}/chain.pem;
+    ssl_trusted_certificate                 /etc/letsencrypt/live/wolfkingdom.net/chain.pem;
    root /app;
    index index.jsp index.html index.htm;
@@ -51,30 +52,25 @@ server {
    client_max_body_size                    100M;
    location / {
-        root   /opt/bitnami/nginx/html;
+        root                                /var/www/html;
    }
    location '/.well-known/acme-challenge' {
        default_type "text/plain";
        proxy_pass http://certbot_upstream;
    }
    ####### Proxies #######
    # PHP proxy
 #    location /board {
-#        fastcgi_pass php:9001;
+#        fastcgi_pass                       php:9001;
-#        fastcgi_index index.php;
+#        fastcgi_index                      index.php;
-#        include fastcgi.conf;
+#        include                            fastcgi.conf;
-#        root /app;
+#        root                               /app;
 #    }
    location ~ \.htm$ {
-        root   /opt/bitnami/nginx/html;
+        root                                /var/www/html;
    }
    # Ghost proxy
    location /blog {
-        proxy_pass http://ghost;
+        proxy_pass                          http://ghost;
        proxy_set_header  Host              $http_host;   # required for docker client's sake
        proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
        proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
@@ -84,9 +80,9 @@ server {
    # Tomcat proxy
    location ~ \.jsp$ {
-        proxy_set_header X-Forwarded-Host $host;
+        proxy_set_header X-Forwarded-Host   $host;
        proxy_set_header X-Forwarded-Server $host;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
        proxy_pass                          http://tomcat;
    }
--- a/etc/nginx/fastcgi.conf
+++ b/etc/nginx/fastcgi.conf
@@ -1,26 +0,0 @@
 fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
 fastcgi_param  QUERY_STRING       $query_string;
 fastcgi_param  REQUEST_METHOD     $request_method;
 fastcgi_param  CONTENT_TYPE       $content_type;
 fastcgi_param  CONTENT_LENGTH     $content_length;
 fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
 fastcgi_param  REQUEST_URI        $request_uri;
 fastcgi_param  DOCUMENT_URI       $document_uri;
 fastcgi_param  DOCUMENT_ROOT      $document_root;
 fastcgi_param  SERVER_PROTOCOL    $server_protocol;
 fastcgi_param  REQUEST_SCHEME     $scheme;
 fastcgi_param  HTTPS              $https if_not_empty;
 fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
 fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
 fastcgi_param  REMOTE_ADDR        $remote_addr;
 fastcgi_param  REMOTE_PORT        $remote_port;
 fastcgi_param  SERVER_ADDR        $server_addr;
 fastcgi_param  SERVER_PORT        $server_port;
 fastcgi_param  SERVER_NAME        $server_name;
 # PHP only, required if PHP was built with --enable-force-cgi-redirect
 fastcgi_param  REDIRECT_STATUS    200;
--- a/etc/nginx/nginx.conf
+++ b/etc/nginx/nginx.conf
@@ -1,63 +0,0 @@
 upstream tomcat {
    server tomcat:8080;
 }
 upstream ghost {
    server ghost:2368;
 }
 # HTTP
 server {
    listen 8080                             default_server;
    listen [::]:8080                        default_server ipv6only=on;
    server_name                             ${NGINX_HOST};
    error_log                               /opt/bitnami/nginx/logs/error.log;
    access_log                              /opt/bitnami/nginx/logs/access.log;
    root /app;
    index index.jsp index.html index.htm;
    client_max_body_size                    100M;
    location / {
        try_files $uri $uri/ =404;
    }
    ####### Proxies #######
    # PHP proxy
 #    location /board {
 #        fastcgi_pass php:9001;
 #        fastcgi_index index.php;
 #        include fastcgi.conf;
 #        root /app;
 #    }
    location ~ \.htm$ {
        root   /opt/bitnami/nginx/html;
    }
    # Ghost proxy
    location /blog {
        proxy_pass http://ghost;
        proxy_set_header  Host              $http_host;   # required for docker client's sake
        proxy_set_header  X-Real-IP         $remote_addr; # pass on real client's IP
        proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header  X-Forwarded-Proto $scheme;
        proxy_read_timeout                  900;
    }
    # Tomcat proxy
    location ~ \.jsp$ {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass                          http://tomcat;
    }
    location ~ /\.well-known/acme-challenge {
            root   /opt/bitnami/nginx/html;
            allow all;
    }
 }