H-O-O-T-S/Open-RSC-Docker-Home
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Certbot with HTTPS is working

Browse Source
This commit is contained in:
Marwolf
2018-08-18 19:51:03 -04:00
parent 23f6432dd7
commit 38c55adde7
6 changed files with 56 additions and 142 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Certbot.sh Executable file
View File

@@ -0,0 +1,8 @@
sudo certbot certonly \
--standalone \
--preferred-challenges http \
--agree-tos -n \
--config-dir ./etc/letsencrypt \
-d wolfkingdom.net \
-m cleako@gmail.com \
-q

8
Linux_Installer.sh
View File

@@ -76,7 +76,11 @@ if [ "$install" == "1" ]; then
echo ""
echo "Verifying the basics are installed."
echo ""
sudo apt update && sudo apt install screen zip fail2ban unzip git build-essential apt-transport-https ca-certificates curl software-properties-common -y
sudo apt-get update
sudo apt-get install software-properties-common -y
sudo add-apt-repository ppa:certbot/certbot -y
sudo apt-get update
sudo apt-get install certbot screen zip fail2ban unzip git build-essential apt-transport-https ca-certificates curl software-properties-common -y
echo ""
echo ""
echo "Do you have Docker installed? It is required for this."
@@ -95,7 +99,7 @@ if [ "$install" == "1" ]; then
echo ""
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $vers stable"
sudo apt update && sudo apt install docker-ce docker-compose -y
sudo apt-get update && sudo apt-get install docker-ce docker-compose -y
else
continue
fi

21
docker-compose.yml
View File

@@ -2,20 +2,22 @@ version: '3.1'
services:
nginx:
image: bitnami/nginx:latest
image: nginx:latest
container_name: nginx
volumes:
- "./etc/nginx:/opt/bitnami/nginx/conf/vhosts"
- "./Website:/opt/bitnami/nginx/html"
- "./etc/logs/nginx:/opt/bitnami/nginx/logs"
- "./etc/nginx:/etc/nginx/conf.d"
- "./Website:/var/www/html"
- "./etc/logs/nginx:/var/log/nginx"
- "./etc/letsencrypt:/etc/letsencrypt"
# - "./etc/nginx/fastcgi.conf:/bitnami/nginx/conf/fastcgi.conf"
ports:
- "80:8080"
- "80:80"
- "443:443"
environment:
- NGINX_HOST=${NGINX_HOST}
restart: always
depends_on:
- tomcat
- mysqldb
myadmin:
image: phpmyadmin/phpmyadmin
@@ -35,8 +37,6 @@ services:
command: chown -R 1001:1001 /bitnami
volumes:
- "./data/db/mysq:/bitnami/mariadb"
depends_on:
- nginx
mysqldb:
image: bitnami/mariadb:latest
@@ -69,8 +69,6 @@ services:
volumes:
- "./Website:/usr/local/tomcat/webapps/ROOT"
- "./etc/tomcat:/usr/local/tomcat/conf"
depends_on:
- nginx
fix-ghost-permissions:
image: 'bitnami/ghost:latest'
@@ -78,9 +76,6 @@ services:
command: chown -R 1001:1001 /bitnami/ghost
volumes:
- "./etc/ghost:/bitnami/ghost"
depends_on:
- mysqldb
- nginx
ghost:
image: bitnami/ghost:latest

72
etc/nginx/HTTPS_default.conf.BAK
View File

@@ -8,42 +8,43 @@ upstream ghost {
# HTTP
server {
listen 8080 default_server;
listen [::]:8080 default_server ipv6only=on;
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name ${NGINX_HOST};
error_log /opt/bitnami/nginx/logs/error.log;
access_log /opt/bitnami/nginx/logs/access.log;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
location / {
root /opt/bitnami/nginx/html;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
}
rewrite ^ https://$http_host$request_uri? permanent; #Redirect traffic to HTTPS
rewrite ^ https://$http_host$request_uri? permanent;
}
# HTTPS
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${NGINX_HOST};
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${NGINX_HOST};
error_log /opt/bitnami/nginx/logs/error.log;
access_log /opt/bitnami/nginx/logs/access.log;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 1.1.1.1;
ssl_certificate /etc/letsencrypt/live/${NGINX_HOST}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${NGINX_HOST}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/${NGINX_HOST}/chain.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 1.1.1.1;
ssl_certificate /etc/letsencrypt/live/wolfkingdom.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wolfkingdom.net/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/wolfkingdom.net/chain.pem;
root /app;
index index.jsp index.html index.htm;
@@ -51,30 +52,25 @@ server {
client_max_body_size 100M;
location / {
root /opt/bitnami/nginx/html;
}
location '/.well-known/acme-challenge' {
default_type "text/plain";
proxy_pass http://certbot_upstream;
root /var/www/html;
}
####### Proxies #######
# PHP proxy
# location /board {
# fastcgi_pass php:9001;
# fastcgi_index index.php;
# include fastcgi.conf;
# root /app;
# fastcgi_pass php:9001;
# fastcgi_index index.php;
# include fastcgi.conf;
# root /app;
# }
location ~ \.htm$ {
root /opt/bitnami/nginx/html;
root /var/www/html;
}
# Ghost proxy
location /blog {
proxy_pass http://ghost;
proxy_pass http://ghost;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -84,9 +80,9 @@ server {
# Tomcat proxy
location ~ \.jsp$ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tomcat;
}

26
etc/nginx/fastcgi.conf
View File

@@ -1,26 +0,0 @@
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;

63
etc/nginx/nginx.conf
View File

@@ -1,63 +0,0 @@
upstream tomcat {
server tomcat:8080;
}
upstream ghost {
server ghost:2368;
}
# HTTP
server {
listen 8080 default_server;
listen [::]:8080 default_server ipv6only=on;
server_name ${NGINX_HOST};
error_log /opt/bitnami/nginx/logs/error.log;
access_log /opt/bitnami/nginx/logs/access.log;
root /app;
index index.jsp index.html index.htm;
client_max_body_size 100M;
location / {
try_files $uri $uri/ =404;
}
####### Proxies #######
# PHP proxy
# location /board {
# fastcgi_pass php:9001;
# fastcgi_index index.php;
# include fastcgi.conf;
# root /app;
# }
location ~ \.htm$ {
root /opt/bitnami/nginx/html;
}
# Ghost proxy
location /blog {
proxy_pass http://ghost;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
# Tomcat proxy
location ~ \.jsp$ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tomcat;
}
location ~ /\.well-known/acme-challenge {
root /opt/bitnami/nginx/html;
allow all;
}
}