From b8c12d935fcb5b4070d41c4297506516d7f9474b Mon Sep 17 00:00:00 2001 From: Marwolf Date: Sat, 18 Aug 2018 10:33:15 -0400 Subject: [PATCH 01/11] Permissions corrections --- Linux_Installer.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Linux_Installer.sh b/Linux_Installer.sh index 36382e3..e03f53e 100755 --- a/Linux_Installer.sh +++ b/Linux_Installer.sh @@ -530,14 +530,15 @@ elif [ "$choice" == "2" ]; then echo "" echo "Starting up the Docker containers. If error, do \"sudo make stop\" and rerun script." echo "" + sudo chmod -R 777 . sudo make start echo "" echo "" echo "Fetching the Website and Game from the Open RSC git repo." echo "" sudo make clone-game - echo "" sudo make clone-website + sudo chmod -R 777 . echo "" echo "" echo "Creating the client cache in your home folder." From 3c7a2da359cc3ad3bd1ccf034b7b670f1ffd2e50 Mon Sep 17 00:00:00 2001 From: Marwolf Date: Sat, 18 Aug 2018 12:12:37 -0400 Subject: [PATCH 02/11] Changes to support new design --- .env | 1 - Linux_Installer.sh | 35 ++++++++++++------- docker-compose.yml | 15 ++++---- etc/ghost/config.production.json | 2 +- etc/ghost/ghost/config.production.json | 29 ---------------- etc/nginx/HTTPS_default.conf.BAK | 48 ++++---------------------- etc/nginx/nginx.conf | 8 ++--- 7 files changed, 43 insertions(+), 95 deletions(-) delete mode 100644 etc/ghost/ghost/config.production.json diff --git a/.env b/.env index 9fcf5f1..6e499c7 100644 --- a/.env +++ b/.env @@ -1,7 +1,6 @@ #!/usr/bin/env bash # Ghost -GHOST_HOST=localhost/ghost GHOST_EMAIL=admin@openrsc.com GHOST_PASSWORD=malwareinfection GHOST_DATABASE_NAME=ghost diff --git a/Linux_Installer.sh b/Linux_Installer.sh index e03f53e..a3f249d 100755 --- a/Linux_Installer.sh +++ b/Linux_Installer.sh @@ -547,32 +547,43 @@ elif [ "$choice" == "2" ]; then unzip -o Game/client/cache.zip -d ~/OpenRSC echo "" echo "" - echo "Importing the databases." - echo "" - sudo make import-game - sudo make import-ghost - echo "" - echo "" - echo "Creating a backup of your current databases as \"Docker-Home/data/db/db.sql\"" - echo "" - sudo make backup - echo "" - echo "" echo "Next is manual file editing for the website domain and SQL user/pass." echo "" + echo "It is suggested that you first navigate to your VPS's http://domain:9000" + echo "" + echo "Create a new SQL user and password, grant all permissions, then remove the others." + echo "" + echo "" + echo "When finished, it will be time to edit the files that rely on that new SQL user." + echo "" echo "(Use Ctrl + X to save each file when done editing) - Press enter when ready." read next sudo nano .env sudo nano Game/client/src/org/openrsc/client/Config.java sudo nano Game/Launcher/src/Main.java sudo nano Game/server/config/config.xml + sudo nano etc/ghost/config.production.json echo "" echo "" - echo "File edits complete. Restarting Docker containers." + echo "File edits complete." + echo "" + echo "" + echo "Importing the databases." + echo "" + sudo make import-game + sudo make import-ghost + echo "" + echo "" + echo "Restarting Docker containers" echo "" sudo make stop && sudo make start echo "" echo "" + echo "Creating a backup of your current databases as \"Docker-Home/data/db/db.sql\"" + echo "" + sudo make backup + echo "" + echo "" echo "Ready to launch \"./Linux_Fetch_Updates_Production.sh\" - Press enter when ready." echo "" echo "" diff --git a/docker-compose.yml b/docker-compose.yml index 56ef571..9d49563 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -38,7 +38,9 @@ services: user: root command: chown -R 1001:1001 /bitnami volumes: - - "./data/db/mysq:/bitnami/mariadb" + - "./data/db/mysq:/bitnami/mariadb" + depends_on: + - nginx mysqldb: image: bitnami/mariadb:latest @@ -60,7 +62,7 @@ services: - "./data/db/mysq:/bitnami/mariadb" - "./etc/mariadb/innodb.cnf:/bitnami/mariadb/conf/innodb.cnf:ro" depends_on: - - nginx + - fix-mariadb-permissions tomcat: image: tomcat:latest @@ -79,7 +81,10 @@ services: user: root command: chown -R 1001:1001 /bitnami/ghost volumes: - - "./etc/ghost:/bitnami/ghost" + - "./etc/ghost:/bitnami/ghost" + depends_on: + - mysqldb + - nginx ghost: image: bitnami/ghost:latest @@ -98,12 +103,10 @@ services: - GHOST_DATABASE_PASSWORD=${MARIADB_ROOT_PASSWORD} - GHOST_DATABASE_NAME=${GHOST_DATABASE_NAME} - ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD} - - GHOST_HOST=${GHOST_HOST} - GHOST_EMAIL=${GHOST_EMAIL} - GHOST_PASSWORD=${GHOST_PASSWORD} depends_on: - - mysqldb - - nginx + - fix-ghost-permissions php: image: bitnami/php-fpm:latest diff --git a/etc/ghost/config.production.json b/etc/ghost/config.production.json index 476f8da..2f103a7 100644 --- a/etc/ghost/config.production.json +++ b/etc/ghost/config.production.json @@ -9,7 +9,7 @@ "database": "ghost" } }, - "url": "http://localhost:2368/blog", + "url": "http://localhost/blog", "server": { "port": 2368, "host": "0.0.0.0" diff --git a/etc/ghost/ghost/config.production.json b/etc/ghost/ghost/config.production.json deleted file mode 100644 index 476f8da..0000000 --- a/etc/ghost/ghost/config.production.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "database": { - "client": "mysql", - "connection": { - "host": "mysql", - "port": 3306, - "password": "root", - "user": "root", - "database": "ghost" - } - }, - "url": "http://localhost:2368/blog", - "server": { - "port": 2368, - "host": "0.0.0.0" - }, - "mail": { - "transport": "Direct" - }, - "logging": { - "transports": [ - "file" - ] - }, - "process": "local", - "paths": { - "contentPath": "/opt/bitnami/ghost/content" - } -} diff --git a/etc/nginx/HTTPS_default.conf.BAK b/etc/nginx/HTTPS_default.conf.BAK index 4fefa52..88bda15 100755 --- a/etc/nginx/HTTPS_default.conf.BAK +++ b/etc/nginx/HTTPS_default.conf.BAK @@ -17,41 +17,6 @@ server { rewrite ^ https://$http_host$request_uri? permanent; #Redirect traffic to HTTPS - root /app; - index index.html index.htm index.php index.jsp; - - client_max_body_size 100M; - - location / { - try_files $uri $uri/index.html; - } - - ####### Proxies ####### - # PHP proxy - location ~ \.php$ { - fastcgi_pass php:9001; - fastcgi_index index.php; - include fastcgi.conf; - } - - # Ghost proxy - location /blog { - proxy_pass http://ghost; - proxy_set_header Host $http_host; # required for docker client's sake - proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_read_timeout 900; - } - - # Tomcat proxy - location ~ \.(do|jspa|obr|jsp|txt|zip) { - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://tomcat; - } - } # HTTPS @@ -77,20 +42,21 @@ server { ssl_trusted_certificate /etc/letsencrypt/live/${NGINX_HOST}/chain.pem; root /app; - index index.html index.htm index.php index.jsp; + index index.jsp index.html index.htm index.php; client_max_body_size 100M; location / { - try_files $uri $uri/index.html; + try_files $uri $uri/ =404; } ####### Proxies ####### # PHP proxy location ~ \.php$ { - fastcgi_pass php:9001; - fastcgi_index index.php; - include fastcgi.conf; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass http://php; } # Ghost proxy @@ -104,7 +70,7 @@ server { } # Tomcat proxy - location ~ \.(do|jspa|obr|jsp|txt|zip) { + location ~ \.jsp$ { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index b9c0563..594303f 100755 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -15,15 +15,13 @@ server { error_log /opt/bitnami/nginx/logs/error.log; access_log /opt/bitnami/nginx/logs/access.log; - #rewrite ^ https://$http_host$request_uri? permanent; #Redirect traffic to HTTPS - root /app; - index index.html index.htm index.php index.jsp; + index index.jsp index.html index.htm index.php; client_max_body_size 100M; location / { - try_files $uri $uri/index.html; + try_files $uri $uri/ =404; } ####### Proxies ####### @@ -45,7 +43,7 @@ server { } # Tomcat proxy - location ~ \.(do|jspa|obr|jsp|txt|zip) { + location ~ \.jsp$ { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; From e0e350991e1eed67b74aa18b9923816d23bfacad Mon Sep 17 00:00:00 2001 From: Marwolf Date: Sat, 18 Aug 2018 12:17:58 -0400 Subject: [PATCH 03/11] Tweaks --- Linux_Fetch_Updates_Production.sh | 4 ++-- Linux_Installer.sh | 5 ----- 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/Linux_Fetch_Updates_Production.sh b/Linux_Fetch_Updates_Production.sh index 2815420..f7bccb2 100755 --- a/Linux_Fetch_Updates_Production.sh +++ b/Linux_Fetch_Updates_Production.sh @@ -32,12 +32,12 @@ sudo nano .env sudo nano client/src/org/openrsc/client/Config.java sudo nano Launcher/src/Main.java sudo nano server/config/config.xml +sudo nano ../etc/ghost/config.production.json echo "" echo "" echo "File edits complete. Restarting Docker containers." echo "" -sudo make stop -sudo make start +sudo make stop && sudo make start fi if [ "$edit" == "2" ]; then diff --git a/Linux_Installer.sh b/Linux_Installer.sh index a3f249d..84fe754 100755 --- a/Linux_Installer.sh +++ b/Linux_Installer.sh @@ -579,11 +579,6 @@ elif [ "$choice" == "2" ]; then sudo make stop && sudo make start echo "" echo "" - echo "Creating a backup of your current databases as \"Docker-Home/data/db/db.sql\"" - echo "" - sudo make backup - echo "" - echo "" echo "Ready to launch \"./Linux_Fetch_Updates_Production.sh\" - Press enter when ready." echo "" echo "" From 24812b66fabb2793c33ae93e079d9eaf1f18ccfe Mon Sep 17 00:00:00 2001 From: Marwolf Date: Sat, 18 Aug 2018 12:33:59 -0400 Subject: [PATCH 04/11] Lets Encrypt friendliness --- Website_Certbot.sh => Lets_Encrypt.sh | 2 +- docker-compose.yml | 11 +++++------ etc/logs/{ => nginx}/.gitkeep | 0 etc/logs/php/.gitkeep | 0 etc/nginx/HTTPS_default.conf.BAK | 19 ++++++++++++------- etc/nginx/nginx.conf | 12 +++++++++++- 6 files changed, 29 insertions(+), 15 deletions(-) rename Website_Certbot.sh => Lets_Encrypt.sh (83%) rename etc/logs/{ => nginx}/.gitkeep (100%) create mode 100644 etc/logs/php/.gitkeep diff --git a/Website_Certbot.sh b/Lets_Encrypt.sh similarity index 83% rename from Website_Certbot.sh rename to Lets_Encrypt.sh index d5ce090..47f225d 100755 --- a/Website_Certbot.sh +++ b/Lets_Encrypt.sh @@ -6,4 +6,4 @@ sudo docker run -it --rm --name certbot \ deliverous/certbot \ certonly \ --webroot --webroot-path=/data/letsencrypt \ - -d openrsc.com -d www.openrsc.com --staging + -d localhost -d www.localhost --staging diff --git a/docker-compose.yml b/docker-compose.yml index 9d49563..f0cb311 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -8,17 +8,15 @@ services: - "./etc/nginx:/opt/bitnami/nginx/conf/vhosts" - "./Website:/opt/bitnami/nginx/html" - "./etc/logs/nginx:/opt/bitnami/nginx/logs" - #- "./etc/logs/letsencrypt:/var/log/letsencrypt" - #- "./etc/letsencrypt/certs:/etc/letsencrypt" - #- "./etc/letsencrypt/data:/data/letsencrypt" + - "./etc/letsencrypt/certs:/opt/bitnami/nginx/conf/bitnami/certs" + - "./etc/nginx/fastcgi.conf:/bitnami/nginx/conf/fastcgi.conf" ports: - "80:8080" - "443:443" environment: - NGINX_HOST=${NGINX_HOST} - #- VIRTUAL_HOST=localhost - #- LETSENCRYPT_HOST=localhost - #- LETSENCRYPT_EMAIL=your.email@here.com + - LETSENCRYPT_HOST=localhost + - LETSENCRYPT_EMAIL=your.email@here.com restart: always myadmin: @@ -117,6 +115,7 @@ services: volumes: - "./etc/php/php.ini:/opt/bitnami/php/etc/conf.d/php.ini" - "./Website:/app" + - "./etc/logs/php:/opt/bitnami/php/log" depends_on: - nginx diff --git a/etc/logs/.gitkeep b/etc/logs/nginx/.gitkeep similarity index 100% rename from etc/logs/.gitkeep rename to etc/logs/nginx/.gitkeep diff --git a/etc/logs/php/.gitkeep b/etc/logs/php/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/etc/nginx/HTTPS_default.conf.BAK b/etc/nginx/HTTPS_default.conf.BAK index 88bda15..88f0bf3 100755 --- a/etc/nginx/HTTPS_default.conf.BAK +++ b/etc/nginx/HTTPS_default.conf.BAK @@ -47,16 +47,20 @@ server { client_max_body_size 100M; location / { - try_files $uri $uri/ =404; + try_files $uri $uri/index.php; } ####### Proxies ####### # PHP proxy location ~ \.php$ { - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://php; + fastcgi_pass php:9001; + fastcgi_index index.php; + include fastcgi.conf; + root /app; + } + + location ~ \.htm$ { + root /opt/bitnami/nginx/html; } # Ghost proxy @@ -78,8 +82,9 @@ server { } # Certbot for HTTPS cert renewal - location ~ ^/.well-known { - root /data/letsencrypt/; + location ~ /.well-known { + root /opt/bitnami/nginx/html; + allow all; } } diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index 594303f..d15c157 100755 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -21,7 +21,7 @@ server { client_max_body_size 100M; location / { - try_files $uri $uri/ =404; + try_files $uri $uri/index.php; } ####### Proxies ####### @@ -30,6 +30,11 @@ server { fastcgi_pass php:9001; fastcgi_index index.php; include fastcgi.conf; + root /app; + } + + location ~ \.htm$ { + root /opt/bitnami/nginx/html; } # Ghost proxy @@ -50,4 +55,9 @@ server { proxy_pass http://tomcat; } + location ~ /.well-known { + root /opt/bitnami/nginx/html; + allow all; + } + } From 3e2046f50ec2c20cb92fa17bd3d11b8e326f6695 Mon Sep 17 00:00:00 2001 From: Marwolf Date: Sat, 18 Aug 2018 12:37:33 -0400 Subject: [PATCH 05/11] Including fastcgi.conf --- etc/nginx/fastcgi.conf | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 etc/nginx/fastcgi.conf diff --git a/etc/nginx/fastcgi.conf b/etc/nginx/fastcgi.conf new file mode 100644 index 0000000..091738c --- /dev/null +++ b/etc/nginx/fastcgi.conf @@ -0,0 +1,26 @@ + +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; From 200e2d82c77b89817e0c064a5b9a3e8b11c7610d Mon Sep 17 00:00:00 2001 From: Marwolf Date: Sat, 18 Aug 2018 13:03:12 -0400 Subject: [PATCH 06/11] Disabling PHP --- docker-compose.yml | 30 +++++++++++++++--------------- etc/nginx/HTTPS_default.conf.BAK | 17 ++++++++--------- etc/nginx/nginx.conf | 16 ++++++++-------- 3 files changed, 31 insertions(+), 32 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index f0cb311..ec7c94c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,14 +9,14 @@ services: - "./Website:/opt/bitnami/nginx/html" - "./etc/logs/nginx:/opt/bitnami/nginx/logs" - "./etc/letsencrypt/certs:/opt/bitnami/nginx/conf/bitnami/certs" - - "./etc/nginx/fastcgi.conf:/bitnami/nginx/conf/fastcgi.conf" +# - "./etc/nginx/fastcgi.conf:/bitnami/nginx/conf/fastcgi.conf" ports: - "80:8080" - "443:443" environment: - NGINX_HOST=${NGINX_HOST} - - LETSENCRYPT_HOST=localhost - - LETSENCRYPT_EMAIL=your.email@here.com +# - LETSENCRYPT_HOST=localhost +# - LETSENCRYPT_EMAIL=root@root.com restart: always myadmin: @@ -106,18 +106,18 @@ services: depends_on: - fix-ghost-permissions - php: - image: bitnami/php-fpm:latest - container_name: php - restart: always - ports: - - "9001:9000" - volumes: - - "./etc/php/php.ini:/opt/bitnami/php/etc/conf.d/php.ini" - - "./Website:/app" - - "./etc/logs/php:/opt/bitnami/php/log" - depends_on: - - nginx +# php: +# image: bitnami/php-fpm:latest +# container_name: php +# restart: always +# ports: +# - "9001:9000" +# volumes: +# - "./etc/php/php.ini:/opt/bitnami/php/etc/conf.d/php.ini" +# - "./Website:/app" +# - "./etc/logs/php:/opt/bitnami/php/log" +# depends_on: +# - nginx volumes: mariadb_data: diff --git a/etc/nginx/HTTPS_default.conf.BAK b/etc/nginx/HTTPS_default.conf.BAK index 88f0bf3..6d1dbf9 100755 --- a/etc/nginx/HTTPS_default.conf.BAK +++ b/etc/nginx/HTTPS_default.conf.BAK @@ -42,22 +42,22 @@ server { ssl_trusted_certificate /etc/letsencrypt/live/${NGINX_HOST}/chain.pem; root /app; - index index.jsp index.html index.htm index.php; + index index.jsp index.html index.htm; client_max_body_size 100M; location / { - try_files $uri $uri/index.php; + try_files $uri $uri/ =404; } ####### Proxies ####### # PHP proxy - location ~ \.php$ { - fastcgi_pass php:9001; - fastcgi_index index.php; - include fastcgi.conf; - root /app; - } +# location /board { +# fastcgi_pass php:9001; +# fastcgi_index index.php; +# include fastcgi.conf; +# root /app; +# } location ~ \.htm$ { root /opt/bitnami/nginx/html; @@ -81,7 +81,6 @@ server { proxy_pass http://tomcat; } - # Certbot for HTTPS cert renewal location ~ /.well-known { root /opt/bitnami/nginx/html; allow all; diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index d15c157..e7b3cf3 100755 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -16,22 +16,22 @@ server { access_log /opt/bitnami/nginx/logs/access.log; root /app; - index index.jsp index.html index.htm index.php; + index index.jsp index.html index.htm; client_max_body_size 100M; location / { - try_files $uri $uri/index.php; + try_files $uri $uri/ =404; } ####### Proxies ####### # PHP proxy - location ~ \.php$ { - fastcgi_pass php:9001; - fastcgi_index index.php; - include fastcgi.conf; - root /app; - } +# location /board { +# fastcgi_pass php:9001; +# fastcgi_index index.php; +# include fastcgi.conf; +# root /app; +# } location ~ \.htm$ { root /opt/bitnami/nginx/html; From ea63bc1ab31900a102bf17684b6c4a0eaf25f788 Mon Sep 17 00:00:00 2001 From: Marwolf Date: Sat, 18 Aug 2018 13:39:12 -0400 Subject: [PATCH 07/11] Fixing lets encrypt certbot --- Lets_Encrypt.sh | 3 +-- etc/nginx/nginx.conf | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/Lets_Encrypt.sh b/Lets_Encrypt.sh index 47f225d..a892087 100755 --- a/Lets_Encrypt.sh +++ b/Lets_Encrypt.sh @@ -1,8 +1,7 @@ #!/bin/bash sudo docker run -it --rm --name certbot \ - -v `pwd`/etc/letsencrypt/certs:/etc/letsencrypt \ - -v `pwd`/etc/letsencrypt/data:/data/letsencrypt \ + -v `pwd`/etc/letsencrypt/certs:/opt/bitnami/nginx/conf/bitnami/certs \ deliverous/certbot \ certonly \ --webroot --webroot-path=/data/letsencrypt \ diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index e7b3cf3..6b07395 100755 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -55,7 +55,7 @@ server { proxy_pass http://tomcat; } - location ~ /.well-known { + location ~ /\.well-known/acme-challenge { root /opt/bitnami/nginx/html; allow all; } From 4e7f7674983ccc2a5dab37588ca4cb2c2d63574f Mon Sep 17 00:00:00 2001 From: Marwolf Date: Sat, 18 Aug 2018 16:15:42 -0400 Subject: [PATCH 08/11] Further changes --- Lets_Encrypt.sh | 8 -------- docker-compose.yml | 4 +--- etc/nginx/HTTPS_default.conf.BAK | 4 ++-- etc/nginx/nginx.conf | 2 +- 4 files changed, 4 insertions(+), 14 deletions(-) delete mode 100755 Lets_Encrypt.sh diff --git a/Lets_Encrypt.sh b/Lets_Encrypt.sh deleted file mode 100755 index a892087..0000000 --- a/Lets_Encrypt.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -sudo docker run -it --rm --name certbot \ - -v `pwd`/etc/letsencrypt/certs:/opt/bitnami/nginx/conf/bitnami/certs \ - deliverous/certbot \ - certonly \ - --webroot --webroot-path=/data/letsencrypt \ - -d localhost -d www.localhost --staging diff --git a/docker-compose.yml b/docker-compose.yml index ec7c94c..baa8f61 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -8,15 +8,13 @@ services: - "./etc/nginx:/opt/bitnami/nginx/conf/vhosts" - "./Website:/opt/bitnami/nginx/html" - "./etc/logs/nginx:/opt/bitnami/nginx/logs" - - "./etc/letsencrypt/certs:/opt/bitnami/nginx/conf/bitnami/certs" + - "./etc/letsencrypt:/etc/letsencrypt" # - "./etc/nginx/fastcgi.conf:/bitnami/nginx/conf/fastcgi.conf" ports: - "80:8080" - "443:443" environment: - NGINX_HOST=${NGINX_HOST} -# - LETSENCRYPT_HOST=localhost -# - LETSENCRYPT_EMAIL=root@root.com restart: always myadmin: diff --git a/etc/nginx/HTTPS_default.conf.BAK b/etc/nginx/HTTPS_default.conf.BAK index 6d1dbf9..29b9a1f 100755 --- a/etc/nginx/HTTPS_default.conf.BAK +++ b/etc/nginx/HTTPS_default.conf.BAK @@ -47,7 +47,7 @@ server { client_max_body_size 100M; location / { - try_files $uri $uri/ =404; + root /opt/bitnami/nginx/html; } ####### Proxies ####### @@ -81,7 +81,7 @@ server { proxy_pass http://tomcat; } - location ~ /.well-known { + location ~ /\.well-known/acme-challenge { root /opt/bitnami/nginx/html; allow all; } diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index 6b07395..3b52dc3 100755 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -21,7 +21,7 @@ server { client_max_body_size 100M; location / { - try_files $uri $uri/ =404; + root /opt/bitnami/nginx/html; } ####### Proxies ####### From 82bc1016d5e31304f1cd6e406363bcc5c7b9b00a Mon Sep 17 00:00:00 2001 From: Marwolf Date: Sat, 18 Aug 2018 16:52:28 -0400 Subject: [PATCH 09/11] Another attempt --- docker-compose.yml | 13 +++++++ etc/certbot/Dockerfile | 21 ++++++++++++ etc/certbot/run_certbot.sh | 59 ++++++++++++++++++++++++++++++++ etc/nginx/HTTPS_default.conf.BAK | 15 +++++--- etc/nginx/nginx.conf | 14 +++++--- 5 files changed, 112 insertions(+), 10 deletions(-) create mode 100755 etc/certbot/Dockerfile create mode 100755 etc/certbot/run_certbot.sh diff --git a/docker-compose.yml b/docker-compose.yml index baa8f61..5a06deb 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -17,6 +17,19 @@ services: - NGINX_HOST=${NGINX_HOST} restart: always + certbot: + build: ./etc/certbot + container_name: certbot + volumes: + - ./etc/letsencrypt/certs:/certs + restart: always + environment: + - WEBROOT="/opt/bitnami/nginx/html" + - DOMAINS=wolfkingdom.net + - EMAIL=cleako@gmail.com + - CONCAT=false + - SEPARATE=true + myadmin: image: phpmyadmin/phpmyadmin container_name: phpmyadmin diff --git a/etc/certbot/Dockerfile b/etc/certbot/Dockerfile new file mode 100755 index 0000000..94bedd6 --- /dev/null +++ b/etc/certbot/Dockerfile @@ -0,0 +1,21 @@ +FROM python:2-alpine +MAINTAINER Henri Dwyer + +VOLUME /certs +VOLUME /etc/letsencrypt +EXPOSE 80 + +RUN apk add --no-cache --virtual .build-deps linux-headers gcc musl-dev\ + && apk add --no-cache libffi-dev openssl-dev dialog\ + && pip install certbot\ + && apk del .build-deps\ + && mkdir /scripts + +ADD crontab /etc/crontabs +RUN crontab /etc/crontabs/crontab + +COPY ./scripts/ /scripts +RUN chmod +x /scripts/run_certbot.sh + +ENTRYPOINT [] +CMD ["crond", "-f"] diff --git a/etc/certbot/run_certbot.sh b/etc/certbot/run_certbot.sh new file mode 100755 index 0000000..4287eba --- /dev/null +++ b/etc/certbot/run_certbot.sh @@ -0,0 +1,59 @@ +echo "Running certbot for domains $DOMAINS" + +get_certificate() { + # Gets the certificate for the domain(s) CERT_DOMAINS (a comma separated list) + # The certificate will be named after the first domain in the list + # To work, the following variables must be set: + # - CERT_DOMAINS : comma separated list of domains + # - EMAIL + # - CONCAT + # - args + + local d=${CERT_DOMAINS//,*/} # read first domain + echo "Getting certificate for $CERT_DOMAINS" + certbot certonly --agree-tos --renew-by-default -n \ + --text --server https://acme-v01.api.letsencrypt.org/directory \ + --email $EMAIL -d $CERT_DOMAINS $args + ec=$? + echo "certbot exit code $ec" + if [ $ec -eq 0 ] + then + if $CONCAT + then + # concat the full chain with the private key (e.g. for haproxy) + cat /etc/letsencrypt/live/$d/fullchain.pem /etc/letsencrypt/live/$d/privkey.pem > /certs/$d.pem + else + # keep full chain and private key in separate files (e.g. for nginx and apache) + cp /etc/letsencrypt/live/$d/fullchain.pem /certs/$d.pem + cp /etc/letsencrypt/live/$d/privkey.pem /certs/$d.key + fi + echo "Certificate obtained for $CERT_DOMAINS! Your new certificate - named $d - is in /certs" + else + echo "Cerbot failed for $CERT_DOMAINS. Check the logs for details." + fi +} + +args="" +if [ $WEBROOT ] +then + args=" --webroot -w $WEBROOT" +else + args=" --standalone --standalone-supported-challenges http-01" +fi + +if $DEBUG +then + args=$args" --debug" +fi + +if $SEPARATE +then + for d in $DOMAINS + do + CERT_DOMAINS=$d + get_certificate + done +else + CERT_DOMAINS=${DOMAINS// /,} + get_certificate +fi diff --git a/etc/nginx/HTTPS_default.conf.BAK b/etc/nginx/HTTPS_default.conf.BAK index 29b9a1f..2a4e745 100755 --- a/etc/nginx/HTTPS_default.conf.BAK +++ b/etc/nginx/HTTPS_default.conf.BAK @@ -15,6 +15,11 @@ server { error_log /opt/bitnami/nginx/logs/error.log; access_log /opt/bitnami/nginx/logs/access.log; + location '/.well-known/acme-challenge' { + default_type "text/plain"; + proxy_pass http://certbot_upstream; + } + rewrite ^ https://$http_host$request_uri? permanent; #Redirect traffic to HTTPS } @@ -50,6 +55,11 @@ server { root /opt/bitnami/nginx/html; } + location '/.well-known/acme-challenge' { + default_type "text/plain"; + proxy_pass http://certbot_upstream; + } + ####### Proxies ####### # PHP proxy # location /board { @@ -81,9 +91,4 @@ server { proxy_pass http://tomcat; } - location ~ /\.well-known/acme-challenge { - root /opt/bitnami/nginx/html; - allow all; - } - } diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index 3b52dc3..ed7d935 100755 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -6,6 +6,10 @@ upstream ghost { server ghost:2368; } +upstream certbot_upstream{ + server certbot:80; +} + # HTTP server { listen 8080 default_server; @@ -24,6 +28,11 @@ server { root /opt/bitnami/nginx/html; } + location '/.well-known/acme-challenge' { + default_type "text/plain"; + proxy_pass http://certbot_upstream; + } + ####### Proxies ####### # PHP proxy # location /board { @@ -55,9 +64,4 @@ server { proxy_pass http://tomcat; } - location ~ /\.well-known/acme-challenge { - root /opt/bitnami/nginx/html; - allow all; - } - } From 23f6432dd7a58e974407ab9525f7598a79bdf828 Mon Sep 17 00:00:00 2001 From: Marwolf Date: Sat, 18 Aug 2018 17:35:15 -0400 Subject: [PATCH 10/11] Revert --- docker-compose.yml | 13 ------- etc/certbot/Dockerfile | 21 ------------ etc/certbot/run_certbot.sh | 59 -------------------------------- etc/nginx/HTTPS_default.conf.BAK | 5 ++- etc/nginx/nginx.conf | 16 ++++----- 5 files changed, 8 insertions(+), 106 deletions(-) delete mode 100755 etc/certbot/Dockerfile delete mode 100755 etc/certbot/run_certbot.sh diff --git a/docker-compose.yml b/docker-compose.yml index 5a06deb..baa8f61 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -17,19 +17,6 @@ services: - NGINX_HOST=${NGINX_HOST} restart: always - certbot: - build: ./etc/certbot - container_name: certbot - volumes: - - ./etc/letsencrypt/certs:/certs - restart: always - environment: - - WEBROOT="/opt/bitnami/nginx/html" - - DOMAINS=wolfkingdom.net - - EMAIL=cleako@gmail.com - - CONCAT=false - - SEPARATE=true - myadmin: image: phpmyadmin/phpmyadmin container_name: phpmyadmin diff --git a/etc/certbot/Dockerfile b/etc/certbot/Dockerfile deleted file mode 100755 index 94bedd6..0000000 --- a/etc/certbot/Dockerfile +++ /dev/null @@ -1,21 +0,0 @@ -FROM python:2-alpine -MAINTAINER Henri Dwyer - -VOLUME /certs -VOLUME /etc/letsencrypt -EXPOSE 80 - -RUN apk add --no-cache --virtual .build-deps linux-headers gcc musl-dev\ - && apk add --no-cache libffi-dev openssl-dev dialog\ - && pip install certbot\ - && apk del .build-deps\ - && mkdir /scripts - -ADD crontab /etc/crontabs -RUN crontab /etc/crontabs/crontab - -COPY ./scripts/ /scripts -RUN chmod +x /scripts/run_certbot.sh - -ENTRYPOINT [] -CMD ["crond", "-f"] diff --git a/etc/certbot/run_certbot.sh b/etc/certbot/run_certbot.sh deleted file mode 100755 index 4287eba..0000000 --- a/etc/certbot/run_certbot.sh +++ /dev/null @@ -1,59 +0,0 @@ -echo "Running certbot for domains $DOMAINS" - -get_certificate() { - # Gets the certificate for the domain(s) CERT_DOMAINS (a comma separated list) - # The certificate will be named after the first domain in the list - # To work, the following variables must be set: - # - CERT_DOMAINS : comma separated list of domains - # - EMAIL - # - CONCAT - # - args - - local d=${CERT_DOMAINS//,*/} # read first domain - echo "Getting certificate for $CERT_DOMAINS" - certbot certonly --agree-tos --renew-by-default -n \ - --text --server https://acme-v01.api.letsencrypt.org/directory \ - --email $EMAIL -d $CERT_DOMAINS $args - ec=$? - echo "certbot exit code $ec" - if [ $ec -eq 0 ] - then - if $CONCAT - then - # concat the full chain with the private key (e.g. for haproxy) - cat /etc/letsencrypt/live/$d/fullchain.pem /etc/letsencrypt/live/$d/privkey.pem > /certs/$d.pem - else - # keep full chain and private key in separate files (e.g. for nginx and apache) - cp /etc/letsencrypt/live/$d/fullchain.pem /certs/$d.pem - cp /etc/letsencrypt/live/$d/privkey.pem /certs/$d.key - fi - echo "Certificate obtained for $CERT_DOMAINS! Your new certificate - named $d - is in /certs" - else - echo "Cerbot failed for $CERT_DOMAINS. Check the logs for details." - fi -} - -args="" -if [ $WEBROOT ] -then - args=" --webroot -w $WEBROOT" -else - args=" --standalone --standalone-supported-challenges http-01" -fi - -if $DEBUG -then - args=$args" --debug" -fi - -if $SEPARATE -then - for d in $DOMAINS - do - CERT_DOMAINS=$d - get_certificate - done -else - CERT_DOMAINS=${DOMAINS// /,} - get_certificate -fi diff --git a/etc/nginx/HTTPS_default.conf.BAK b/etc/nginx/HTTPS_default.conf.BAK index 2a4e745..ccb49d6 100755 --- a/etc/nginx/HTTPS_default.conf.BAK +++ b/etc/nginx/HTTPS_default.conf.BAK @@ -15,9 +15,8 @@ server { error_log /opt/bitnami/nginx/logs/error.log; access_log /opt/bitnami/nginx/logs/access.log; - location '/.well-known/acme-challenge' { - default_type "text/plain"; - proxy_pass http://certbot_upstream; + location / { + root /opt/bitnami/nginx/html; } rewrite ^ https://$http_host$request_uri? permanent; #Redirect traffic to HTTPS diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index ed7d935..6b07395 100755 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -6,10 +6,6 @@ upstream ghost { server ghost:2368; } -upstream certbot_upstream{ - server certbot:80; -} - # HTTP server { listen 8080 default_server; @@ -25,12 +21,7 @@ server { client_max_body_size 100M; location / { - root /opt/bitnami/nginx/html; - } - - location '/.well-known/acme-challenge' { - default_type "text/plain"; - proxy_pass http://certbot_upstream; + try_files $uri $uri/ =404; } ####### Proxies ####### @@ -64,4 +55,9 @@ server { proxy_pass http://tomcat; } + location ~ /\.well-known/acme-challenge { + root /opt/bitnami/nginx/html; + allow all; + } + } From 38c55adde7ad9e58a4cda0271b9ed847e7f160af Mon Sep 17 00:00:00 2001 From: Marwolf Date: Sat, 18 Aug 2018 19:51:03 -0400 Subject: [PATCH 11/11] Certbot with HTTPS is working --- Certbot.sh | 8 ++++ Linux_Installer.sh | 8 +++- docker-compose.yml | 21 ++++------ etc/nginx/HTTPS_default.conf.BAK | 72 +++++++++++++++----------------- etc/nginx/fastcgi.conf | 26 ------------ etc/nginx/nginx.conf | 63 ---------------------------- 6 files changed, 56 insertions(+), 142 deletions(-) create mode 100755 Certbot.sh delete mode 100644 etc/nginx/fastcgi.conf delete mode 100755 etc/nginx/nginx.conf diff --git a/Certbot.sh b/Certbot.sh new file mode 100755 index 0000000..9806500 --- /dev/null +++ b/Certbot.sh @@ -0,0 +1,8 @@ +sudo certbot certonly \ +--standalone \ +--preferred-challenges http \ +--agree-tos -n \ +--config-dir ./etc/letsencrypt \ +-d wolfkingdom.net \ +-m cleako@gmail.com \ +-q diff --git a/Linux_Installer.sh b/Linux_Installer.sh index 84fe754..56e80a0 100755 --- a/Linux_Installer.sh +++ b/Linux_Installer.sh @@ -76,7 +76,11 @@ if [ "$install" == "1" ]; then echo "" echo "Verifying the basics are installed." echo "" - sudo apt update && sudo apt install screen zip fail2ban unzip git build-essential apt-transport-https ca-certificates curl software-properties-common -y + sudo apt-get update + sudo apt-get install software-properties-common -y + sudo add-apt-repository ppa:certbot/certbot -y + sudo apt-get update + sudo apt-get install certbot screen zip fail2ban unzip git build-essential apt-transport-https ca-certificates curl software-properties-common -y echo "" echo "" echo "Do you have Docker installed? It is required for this." @@ -95,7 +99,7 @@ if [ "$install" == "1" ]; then echo "" curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $vers stable" - sudo apt update && sudo apt install docker-ce docker-compose -y + sudo apt-get update && sudo apt-get install docker-ce docker-compose -y else continue fi diff --git a/docker-compose.yml b/docker-compose.yml index baa8f61..a5c6f33 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,20 +2,22 @@ version: '3.1' services: nginx: - image: bitnami/nginx:latest + image: nginx:latest container_name: nginx volumes: - - "./etc/nginx:/opt/bitnami/nginx/conf/vhosts" - - "./Website:/opt/bitnami/nginx/html" - - "./etc/logs/nginx:/opt/bitnami/nginx/logs" + - "./etc/nginx:/etc/nginx/conf.d" + - "./Website:/var/www/html" + - "./etc/logs/nginx:/var/log/nginx" - "./etc/letsencrypt:/etc/letsencrypt" -# - "./etc/nginx/fastcgi.conf:/bitnami/nginx/conf/fastcgi.conf" ports: - - "80:8080" + - "80:80" - "443:443" environment: - NGINX_HOST=${NGINX_HOST} restart: always + depends_on: + - tomcat + - mysqldb myadmin: image: phpmyadmin/phpmyadmin @@ -35,8 +37,6 @@ services: command: chown -R 1001:1001 /bitnami volumes: - "./data/db/mysq:/bitnami/mariadb" - depends_on: - - nginx mysqldb: image: bitnami/mariadb:latest @@ -69,8 +69,6 @@ services: volumes: - "./Website:/usr/local/tomcat/webapps/ROOT" - "./etc/tomcat:/usr/local/tomcat/conf" - depends_on: - - nginx fix-ghost-permissions: image: 'bitnami/ghost:latest' @@ -78,9 +76,6 @@ services: command: chown -R 1001:1001 /bitnami/ghost volumes: - "./etc/ghost:/bitnami/ghost" - depends_on: - - mysqldb - - nginx ghost: image: bitnami/ghost:latest diff --git a/etc/nginx/HTTPS_default.conf.BAK b/etc/nginx/HTTPS_default.conf.BAK index ccb49d6..96fb245 100755 --- a/etc/nginx/HTTPS_default.conf.BAK +++ b/etc/nginx/HTTPS_default.conf.BAK @@ -8,42 +8,43 @@ upstream ghost { # HTTP server { - listen 8080 default_server; - listen [::]:8080 default_server ipv6only=on; + listen 80 default_server; + listen [::]:80 default_server ipv6only=on; server_name ${NGINX_HOST}; - error_log /opt/bitnami/nginx/logs/error.log; - access_log /opt/bitnami/nginx/logs/access.log; + error_log /var/log/nginx/error.log; + access_log /var/log/nginx/access.log; - location / { - root /opt/bitnami/nginx/html; + location ~ /.well-known/acme-challenge { + allow all; + root /var/www/html; } - rewrite ^ https://$http_host$request_uri? permanent; #Redirect traffic to HTTPS + rewrite ^ https://$http_host$request_uri? permanent; } # HTTPS server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name ${NGINX_HOST}; + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name ${NGINX_HOST}; - error_log /opt/bitnami/nginx/logs/error.log; - access_log /opt/bitnami/nginx/logs/access.log; + error_log /var/log/nginx/error.log; + access_log /var/log/nginx/access.log; - add_header Strict-Transport-Security "max-age=31536000" always; - ssl_session_cache shared:SSL:20m; - ssl_session_timeout 10m; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_prefer_server_ciphers on; - ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;"; - ssl_stapling on; - ssl_stapling_verify on; - resolver 8.8.8.8 1.1.1.1; - ssl_certificate /etc/letsencrypt/live/${NGINX_HOST}/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/${NGINX_HOST}/privkey.pem; - ssl_trusted_certificate /etc/letsencrypt/live/${NGINX_HOST}/chain.pem; + add_header Strict-Transport-Security "max-age=31536000" always; + ssl_session_cache shared:SSL:20m; + ssl_session_timeout 10m; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;"; + ssl_stapling on; + ssl_stapling_verify on; + resolver 8.8.8.8 1.1.1.1; + ssl_certificate /etc/letsencrypt/live/wolfkingdom.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/wolfkingdom.net/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/wolfkingdom.net/chain.pem; root /app; index index.jsp index.html index.htm; @@ -51,30 +52,25 @@ server { client_max_body_size 100M; location / { - root /opt/bitnami/nginx/html; - } - - location '/.well-known/acme-challenge' { - default_type "text/plain"; - proxy_pass http://certbot_upstream; + root /var/www/html; } ####### Proxies ####### # PHP proxy # location /board { -# fastcgi_pass php:9001; -# fastcgi_index index.php; -# include fastcgi.conf; -# root /app; +# fastcgi_pass php:9001; +# fastcgi_index index.php; +# include fastcgi.conf; +# root /app; # } location ~ \.htm$ { - root /opt/bitnami/nginx/html; + root /var/www/html; } # Ghost proxy location /blog { - proxy_pass http://ghost; + proxy_pass http://ghost; proxy_set_header Host $http_host; # required for docker client's sake proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -84,9 +80,9 @@ server { # Tomcat proxy location ~ \.jsp$ { - proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://tomcat; } diff --git a/etc/nginx/fastcgi.conf b/etc/nginx/fastcgi.conf deleted file mode 100644 index 091738c..0000000 --- a/etc/nginx/fastcgi.conf +++ /dev/null @@ -1,26 +0,0 @@ - -fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param REQUEST_SCHEME $scheme; -fastcgi_param HTTPS $https if_not_empty; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf deleted file mode 100755 index 6b07395..0000000 --- a/etc/nginx/nginx.conf +++ /dev/null @@ -1,63 +0,0 @@ -upstream tomcat { - server tomcat:8080; -} - -upstream ghost { - server ghost:2368; -} - -# HTTP -server { - listen 8080 default_server; - listen [::]:8080 default_server ipv6only=on; - server_name ${NGINX_HOST}; - - error_log /opt/bitnami/nginx/logs/error.log; - access_log /opt/bitnami/nginx/logs/access.log; - - root /app; - index index.jsp index.html index.htm; - - client_max_body_size 100M; - - location / { - try_files $uri $uri/ =404; - } - - ####### Proxies ####### - # PHP proxy -# location /board { -# fastcgi_pass php:9001; -# fastcgi_index index.php; -# include fastcgi.conf; -# root /app; -# } - - location ~ \.htm$ { - root /opt/bitnami/nginx/html; - } - - # Ghost proxy - location /blog { - proxy_pass http://ghost; - proxy_set_header Host $http_host; # required for docker client's sake - proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_read_timeout 900; - } - - # Tomcat proxy - location ~ \.jsp$ { - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://tomcat; - } - - location ~ /\.well-known/acme-challenge { - root /opt/bitnami/nginx/html; - allow all; - } - -}