H-O-O-T-S/Open-RSC-Docker-Home
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #18 from Marwolf/master

Browse Source 
Certbot and HTTPS support
This commit is contained in:
Marwolf
2018-08-18 19:53:08 -04:00
committed by GitHub
parent fba5201128 38c55adde7
commit c641d14e38
12 changed files with 102 additions and 212 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.env
View File

@@ -1,7 +1,6 @@
#!/usr/bin/env bash
# Ghost
GHOST_HOST=localhost/ghost
GHOST_EMAIL=admin@openrsc.com
GHOST_PASSWORD=malwareinfection
GHOST_DATABASE_NAME=ghost

8
Certbot.sh Executable file
View File

@@ -0,0 +1,8 @@
sudo certbot certonly \
--standalone \
--preferred-challenges http \
--agree-tos -n \
--config-dir ./etc/letsencrypt \
-d wolfkingdom.net \
-m cleako@gmail.com \
-q

4
Linux_Fetch_Updates_Production.sh
View File

@@ -32,12 +32,12 @@ sudo nano .env
sudo nano client/src/org/openrsc/client/Config.java
sudo nano Launcher/src/Main.java
sudo nano server/config/config.xml
sudo nano ../etc/ghost/config.production.json
echo ""
echo ""
echo "File edits complete. Restarting Docker containers."
echo ""
sudo make stop
sudo make start
sudo make stop && sudo make start
fi
if [ "$edit" == "2" ]; then

41
Linux_Installer.sh
View File

@@ -76,7 +76,11 @@ if [ "$install" == "1" ]; then
echo ""
echo "Verifying the basics are installed."
echo ""
sudo apt update && sudo apt install screen zip fail2ban unzip git build-essential apt-transport-https ca-certificates curl software-properties-common -y
sudo apt-get update
sudo apt-get install software-properties-common -y
sudo add-apt-repository ppa:certbot/certbot -y
sudo apt-get update
sudo apt-get install certbot screen zip fail2ban unzip git build-essential apt-transport-https ca-certificates curl software-properties-common -y
echo ""
echo ""
echo "Do you have Docker installed? It is required for this."
@@ -95,7 +99,7 @@ if [ "$install" == "1" ]; then
echo ""
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $vers stable"
sudo apt update && sudo apt install docker-ce docker-compose -y
sudo apt-get update && sudo apt-get install docker-ce docker-compose -y
else
continue
fi
@@ -530,14 +534,15 @@ elif [ "$choice" == "2" ]; then
echo ""
echo "Starting up the Docker containers. If error, do \"sudo make stop\" and rerun script."
echo ""
sudo chmod -R 777 .
sudo make start
echo ""
echo ""
echo "Fetching the Website and Game from the Open RSC git repo."
echo ""
sudo make clone-game
echo ""
sudo make clone-website
sudo chmod -R 777 .
echo ""
echo ""
echo "Creating the client cache in your home folder."
@@ -546,28 +551,34 @@ elif [ "$choice" == "2" ]; then
unzip -o Game/client/cache.zip -d ~/OpenRSC
echo ""
echo ""
echo "Importing the databases."
echo ""
sudo make import-game
sudo make import-ghost
echo ""
echo ""
echo "Creating a backup of your current databases as \"Docker-Home/data/db/db.sql\""
echo ""
sudo make backup
echo ""
echo ""
echo "Next is manual file editing for the website domain and SQL user/pass."
echo ""
echo "It is suggested that you first navigate to your VPS's http://domain:9000"
echo ""
echo "Create a new SQL user and password, grant all permissions, then remove the others."
echo ""
echo ""
echo "When finished, it will be time to edit the files that rely on that new SQL user."
echo ""
echo "(Use Ctrl + X to save each file when done editing) - Press enter when ready."
read next
sudo nano .env
sudo nano Game/client/src/org/openrsc/client/Config.java
sudo nano Game/Launcher/src/Main.java
sudo nano Game/server/config/config.xml
sudo nano etc/ghost/config.production.json
echo ""
echo ""
echo "File edits complete. Restarting Docker containers."
echo "File edits complete."
echo ""
echo ""
echo "Importing the databases."
echo ""
sudo make import-game
sudo make import-ghost
echo ""
echo ""
echo "Restarting Docker containers"
echo ""
sudo make stop && sudo make start
echo ""

9
Website_Certbot.sh
View File

@@ -1,9 +0,0 @@
#!/bin/bash
sudo docker run -it --rm --name certbot \
-v `pwd`/etc/letsencrypt/certs:/etc/letsencrypt \
-v `pwd`/etc/letsencrypt/data:/data/letsencrypt \
deliverous/certbot \
certonly \
--webroot --webroot-path=/data/letsencrypt \
-d openrsc.com -d www.openrsc.com --staging

55
docker-compose.yml
View File

@@ -2,24 +2,22 @@ version: '3.1'
services:
nginx:
image: bitnami/nginx:latest
image: nginx:latest
container_name: nginx
volumes:
- "./etc/nginx:/opt/bitnami/nginx/conf/vhosts"
- "./Website:/opt/bitnami/nginx/html"
- "./etc/logs/nginx:/opt/bitnami/nginx/logs"
#- "./etc/logs/letsencrypt:/var/log/letsencrypt"
#- "./etc/letsencrypt/certs:/etc/letsencrypt"
#- "./etc/letsencrypt/data:/data/letsencrypt"
- "./etc/nginx:/etc/nginx/conf.d"
- "./Website:/var/www/html"
- "./etc/logs/nginx:/var/log/nginx"
- "./etc/letsencrypt:/etc/letsencrypt"
ports:
- "80:8080"
- "80:80"
- "443:443"
environment:
- NGINX_HOST=${NGINX_HOST}
#- VIRTUAL_HOST=localhost
#- LETSENCRYPT_HOST=localhost
#- LETSENCRYPT_EMAIL=your.email@here.com
restart: always
depends_on:
- tomcat
- mysqldb
myadmin:
image: phpmyadmin/phpmyadmin
@@ -38,7 +36,7 @@ services:
user: root
command: chown -R 1001:1001 /bitnami
volumes:
- "./data/db/mysq:/bitnami/mariadb"
- "./data/db/mysq:/bitnami/mariadb"
mysqldb:
image: bitnami/mariadb:latest
@@ -60,7 +58,7 @@ services:
- "./data/db/mysq:/bitnami/mariadb"
- "./etc/mariadb/innodb.cnf:/bitnami/mariadb/conf/innodb.cnf:ro"
depends_on:
- nginx
- fix-mariadb-permissions
tomcat:
image: tomcat:latest
@@ -71,15 +69,13 @@ services:
volumes:
- "./Website:/usr/local/tomcat/webapps/ROOT"
- "./etc/tomcat:/usr/local/tomcat/conf"
depends_on:
- nginx
fix-ghost-permissions:
image: 'bitnami/ghost:latest'
user: root
command: chown -R 1001:1001 /bitnami/ghost
volumes:
- "./etc/ghost:/bitnami/ghost"
- "./etc/ghost:/bitnami/ghost"
ghost:
image: bitnami/ghost:latest
@@ -98,24 +94,23 @@ services:
- GHOST_DATABASE_PASSWORD=${MARIADB_ROOT_PASSWORD}
- GHOST_DATABASE_NAME=${GHOST_DATABASE_NAME}
- ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}
- GHOST_HOST=${GHOST_HOST}
- GHOST_EMAIL=${GHOST_EMAIL}
- GHOST_PASSWORD=${GHOST_PASSWORD}
depends_on:
- mysqldb
- nginx
- fix-ghost-permissions
php:
image: bitnami/php-fpm:latest
container_name: php
restart: always
ports:
- "9001:9000"
volumes:
- "./etc/php/php.ini:/opt/bitnami/php/etc/conf.d/php.ini"
- "./Website:/app"
depends_on:
- nginx
# php:
# image: bitnami/php-fpm:latest
# container_name: php
# restart: always
# ports:
# - "9001:9000"
# volumes:
# - "./etc/php/php.ini:/opt/bitnami/php/etc/conf.d/php.ini"
# - "./Website:/app"
# - "./etc/logs/php:/opt/bitnami/php/log"
# depends_on:
# - nginx
volumes:
mariadb_data:

2
etc/ghost/config.production.json
View File

@@ -9,7 +9,7 @@
"database": "ghost"
}
},
"url": "http://localhost:2368/blog",
"url": "http://localhost/blog",
"server": {
"port": 2368,
"host": "0.0.0.0"

29
etc/ghost/ghost/config.production.json
View File

@@ -1,29 +0,0 @@
{
"database": {
"client": "mysql",
"connection": {
"host": "mysql",
"port": 3306,
"password": "root",
"user": "root",
"database": "ghost"
}
},
"url": "http://localhost:2368/blog",
"server": {
"port": 2368,
"host": "0.0.0.0"
},
"mail": {
"transport": "Direct"
},
"logging": {
"transports": [
"file"
]
},
"process": "local",
"paths": {
"contentPath": "/opt/bitnami/ghost/content"
}
}

0
etc/logs/.gitkeep → etc/logs/nginx/.gitkeep
View File

0
etc/logs/php/.gitkeep Normal file
View File

110
etc/nginx/HTTPS_default.conf.BAK
View File

@@ -8,94 +8,69 @@ upstream ghost {
# HTTP
server {
listen 8080 default_server;
listen [::]:8080 default_server ipv6only=on;
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name ${NGINX_HOST};
error_log /opt/bitnami/nginx/logs/error.log;
access_log /opt/bitnami/nginx/logs/access.log;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
rewrite ^ https://$http_host$request_uri? permanent; #Redirect traffic to HTTPS
root /app;
index index.html index.htm index.php index.jsp;
client_max_body_size 100M;
location / {
try_files $uri $uri/index.html;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
}
####### Proxies #######
# PHP proxy
location ~ \.php$ {
fastcgi_pass php:9001;
fastcgi_index index.php;
include fastcgi.conf;
}
# Ghost proxy
location /blog {
proxy_pass http://ghost;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
# Tomcat proxy
location ~ \.(do|jspa|obr|jsp|txt|zip) {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tomcat;
}
rewrite ^ https://$http_host$request_uri? permanent;
}
# HTTPS
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${NGINX_HOST};
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${NGINX_HOST};
error_log /opt/bitnami/nginx/logs/error.log;
access_log /opt/bitnami/nginx/logs/access.log;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access.log;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 1.1.1.1;
ssl_certificate /etc/letsencrypt/live/${NGINX_HOST}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${NGINX_HOST}/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/${NGINX_HOST}/chain.pem;
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 1.1.1.1;
ssl_certificate /etc/letsencrypt/live/wolfkingdom.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wolfkingdom.net/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/wolfkingdom.net/chain.pem;
root /app;
index index.html index.htm index.php index.jsp;
index index.jsp index.html index.htm;
client_max_body_size 100M;
location / {
try_files $uri $uri/index.html;
root /var/www/html;
}
####### Proxies #######
# PHP proxy
location ~ \.php$ {
fastcgi_pass php:9001;
fastcgi_index index.php;
include fastcgi.conf;
# location /board {
# fastcgi_pass php:9001;
# fastcgi_index index.php;
# include fastcgi.conf;
# root /app;
# }
location ~ \.htm$ {
root /var/www/html;
}
# Ghost proxy
location /blog {
proxy_pass http://ghost;
proxy_pass http://ghost;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -104,16 +79,11 @@ server {
}
# Tomcat proxy
location ~ \.(do|jspa|obr|jsp|txt|zip) {
proxy_set_header X-Forwarded-Host $host;
location ~ \.jsp$ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tomcat;
}
# Certbot for HTTPS cert renewal
location ~ ^/.well-known {
root /data/letsencrypt/;
}
}

55
etc/nginx/nginx.conf
View File

@@ -1,55 +0,0 @@
upstream tomcat {
server tomcat:8080;
}
upstream ghost {
server ghost:2368;
}
# HTTP
server {
listen 8080 default_server;
listen [::]:8080 default_server ipv6only=on;
server_name ${NGINX_HOST};
error_log /opt/bitnami/nginx/logs/error.log;
access_log /opt/bitnami/nginx/logs/access.log;
#rewrite ^ https://$http_host$request_uri? permanent; #Redirect traffic to HTTPS
root /app;
index index.html index.htm index.php index.jsp;
client_max_body_size 100M;
location / {
try_files $uri $uri/index.html;
}
####### Proxies #######
# PHP proxy
location ~ \.php$ {
fastcgi_pass php:9001;
fastcgi_index index.php;
include fastcgi.conf;
}
# Ghost proxy
location /blog {
proxy_pass http://ghost;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
# Tomcat proxy
location ~ \.(do|jspa|obr|jsp|txt|zip) {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tomcat;
}
}