H-O-O-T-S/Open-RSC-Docker-Home
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #18 from Marwolf/master

Browse Source 
Certbot and HTTPS support
This commit is contained in:
Marwolf
2018-08-18 19:53:08 -04:00
committed by GitHub
parent fba5201128 38c55adde7
commit c641d14e38
12 changed files with 102 additions and 212 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.env
View File

@@ -1,7 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# Ghost # Ghost
GHOST_HOST=localhost/ghost
GHOST_EMAIL=admin@openrsc.com GHOST_EMAIL=admin@openrsc.com
GHOST_PASSWORD=malwareinfection GHOST_PASSWORD=malwareinfection
GHOST_DATABASE_NAME=ghost GHOST_DATABASE_NAME=ghost

8
Certbot.sh Executable file
View File

@@ -0,0 +1,8 @@
sudo certbot certonly \
--standalone \
--preferred-challenges http \
--agree-tos -n \
--config-dir ./etc/letsencrypt \
-d wolfkingdom.net \
-m cleako@gmail.com \
-q

4
Linux_Fetch_Updates_Production.sh
View File

@@ -32,12 +32,12 @@ sudo nano .env
sudo nano client/src/org/openrsc/client/Config.java sudo nano client/src/org/openrsc/client/Config.java
sudo nano Launcher/src/Main.java sudo nano Launcher/src/Main.java
sudo nano server/config/config.xml sudo nano server/config/config.xml
sudo nano ../etc/ghost/config.production.json
echo "" echo ""
echo "" echo ""
echo "File edits complete. Restarting Docker containers." echo "File edits complete. Restarting Docker containers."
echo "" echo ""
sudo make stop sudo make stop && sudo make start
sudo make start
fi fi
if [ "$edit" == "2" ]; then if [ "$edit" == "2" ]; then

41
Linux_Installer.sh
View File

@@ -76,7 +76,11 @@ if [ "$install" == "1" ]; then
echo "" echo ""
echo "Verifying the basics are installed." echo "Verifying the basics are installed."
echo "" echo ""
sudo apt update && sudo apt install screen zip fail2ban unzip git build-essential apt-transport-https ca-certificates curl software-properties-common -y sudo apt-get update
sudo apt-get install software-properties-common -y
sudo add-apt-repository ppa:certbot/certbot -y
sudo apt-get update
sudo apt-get install certbot screen zip fail2ban unzip git build-essential apt-transport-https ca-certificates curl software-properties-common -y
echo "" echo ""
echo "" echo ""
echo "Do you have Docker installed? It is required for this." echo "Do you have Docker installed? It is required for this."
@@ -95,7 +99,7 @@ if [ "$install" == "1" ]; then
echo "" echo ""
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $vers stable" sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $vers stable"
sudo apt update && sudo apt install docker-ce docker-compose -y sudo apt-get update && sudo apt-get install docker-ce docker-compose -y
else else
continue continue
fi fi
@@ -530,14 +534,15 @@ elif [ "$choice" == "2" ]; then
echo "" echo ""
echo "Starting up the Docker containers. If error, do \"sudo make stop\" and rerun script." echo "Starting up the Docker containers. If error, do \"sudo make stop\" and rerun script."
echo "" echo ""
sudo chmod -R 777 .
sudo make start sudo make start
echo "" echo ""
echo "" echo ""
echo "Fetching the Website and Game from the Open RSC git repo." echo "Fetching the Website and Game from the Open RSC git repo."
echo "" echo ""
sudo make clone-game sudo make clone-game
echo ""
sudo make clone-website sudo make clone-website
sudo chmod -R 777 .
echo "" echo ""
echo "" echo ""
echo "Creating the client cache in your home folder." echo "Creating the client cache in your home folder."
@@ -546,28 +551,34 @@ elif [ "$choice" == "2" ]; then
unzip -o Game/client/cache.zip -d ~/OpenRSC unzip -o Game/client/cache.zip -d ~/OpenRSC
echo "" echo ""
echo "" echo ""
echo "Importing the databases."
echo ""
sudo make import-game
sudo make import-ghost
echo ""
echo ""
echo "Creating a backup of your current databases as \"Docker-Home/data/db/db.sql\""
echo ""
sudo make backup
echo ""
echo ""
echo "Next is manual file editing for the website domain and SQL user/pass." echo "Next is manual file editing for the website domain and SQL user/pass."
echo "" echo ""
echo "It is suggested that you first navigate to your VPS's http://domain:9000"
echo ""
echo "Create a new SQL user and password, grant all permissions, then remove the others."
echo ""
echo ""
echo "When finished, it will be time to edit the files that rely on that new SQL user."
echo ""
echo "(Use Ctrl + X to save each file when done editing) - Press enter when ready." echo "(Use Ctrl + X to save each file when done editing) - Press enter when ready."
read next read next
sudo nano .env sudo nano .env
sudo nano Game/client/src/org/openrsc/client/Config.java sudo nano Game/client/src/org/openrsc/client/Config.java
sudo nano Game/Launcher/src/Main.java sudo nano Game/Launcher/src/Main.java
sudo nano Game/server/config/config.xml sudo nano Game/server/config/config.xml
sudo nano etc/ghost/config.production.json
echo "" echo ""
echo "" echo ""
echo "File edits complete. Restarting Docker containers." echo "File edits complete."
echo ""
echo ""
echo "Importing the databases."
echo ""
sudo make import-game
sudo make import-ghost
echo ""
echo ""
echo "Restarting Docker containers"
echo "" echo ""
sudo make stop && sudo make start sudo make stop && sudo make start
echo "" echo ""

9
Website_Certbot.sh
View File

@@ -1,9 +0,0 @@
#!/bin/bash
sudo docker run -it --rm --name certbot \
-v `pwd`/etc/letsencrypt/certs:/etc/letsencrypt \
-v `pwd`/etc/letsencrypt/data:/data/letsencrypt \
deliverous/certbot \
certonly \
--webroot --webroot-path=/data/letsencrypt \
-d openrsc.com -d www.openrsc.com --staging

55
docker-compose.yml
View File

@@ -2,24 +2,22 @@ version: '3.1'
services: services:
nginx: nginx:
image: bitnami/nginx:latest image: nginx:latest
container_name: nginx container_name: nginx
volumes: volumes:
- "./etc/nginx:/opt/bitnami/nginx/conf/vhosts" - "./etc/nginx:/etc/nginx/conf.d"
- "./Website:/opt/bitnami/nginx/html" - "./Website:/var/www/html"
- "./etc/logs/nginx:/opt/bitnami/nginx/logs" - "./etc/logs/nginx:/var/log/nginx"
#- "./etc/logs/letsencrypt:/var/log/letsencrypt" - "./etc/letsencrypt:/etc/letsencrypt"
#- "./etc/letsencrypt/certs:/etc/letsencrypt"
#- "./etc/letsencrypt/data:/data/letsencrypt"
ports: ports:
- "80:8080" - "80:80"
- "443:443" - "443:443"
environment: environment:
- NGINX_HOST=${NGINX_HOST} - NGINX_HOST=${NGINX_HOST}
#- VIRTUAL_HOST=localhost
#- LETSENCRYPT_HOST=localhost
#- LETSENCRYPT_EMAIL=your.email@here.com
restart: always restart: always
depends_on:
- tomcat
- mysqldb
myadmin: myadmin:
image: phpmyadmin/phpmyadmin image: phpmyadmin/phpmyadmin
@@ -38,7 +36,7 @@ services:
user: root user: root
command: chown -R 1001:1001 /bitnami command: chown -R 1001:1001 /bitnami
volumes: volumes:
- "./data/db/mysq:/bitnami/mariadb" - "./data/db/mysq:/bitnami/mariadb"
mysqldb: mysqldb:
image: bitnami/mariadb:latest image: bitnami/mariadb:latest
@@ -60,7 +58,7 @@ services:
- "./data/db/mysq:/bitnami/mariadb" - "./data/db/mysq:/bitnami/mariadb"
- "./etc/mariadb/innodb.cnf:/bitnami/mariadb/conf/innodb.cnf:ro" - "./etc/mariadb/innodb.cnf:/bitnami/mariadb/conf/innodb.cnf:ro"
depends_on: depends_on:
- nginx - fix-mariadb-permissions
tomcat: tomcat:
image: tomcat:latest image: tomcat:latest
@@ -71,15 +69,13 @@ services:
volumes: volumes:
- "./Website:/usr/local/tomcat/webapps/ROOT" - "./Website:/usr/local/tomcat/webapps/ROOT"
- "./etc/tomcat:/usr/local/tomcat/conf" - "./etc/tomcat:/usr/local/tomcat/conf"
depends_on:
- nginx
fix-ghost-permissions: fix-ghost-permissions:
image: 'bitnami/ghost:latest' image: 'bitnami/ghost:latest'
user: root user: root
command: chown -R 1001:1001 /bitnami/ghost command: chown -R 1001:1001 /bitnami/ghost
volumes: volumes:
- "./etc/ghost:/bitnami/ghost" - "./etc/ghost:/bitnami/ghost"
ghost: ghost:
image: bitnami/ghost:latest image: bitnami/ghost:latest
@@ -98,24 +94,23 @@ services:
- GHOST_DATABASE_PASSWORD=${MARIADB_ROOT_PASSWORD} - GHOST_DATABASE_PASSWORD=${MARIADB_ROOT_PASSWORD}
- GHOST_DATABASE_NAME=${GHOST_DATABASE_NAME} - GHOST_DATABASE_NAME=${GHOST_DATABASE_NAME}
- ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD} - ALLOW_EMPTY_PASSWORD=${ALLOW_EMPTY_PASSWORD}
- GHOST_HOST=${GHOST_HOST}
- GHOST_EMAIL=${GHOST_EMAIL} - GHOST_EMAIL=${GHOST_EMAIL}
- GHOST_PASSWORD=${GHOST_PASSWORD} - GHOST_PASSWORD=${GHOST_PASSWORD}
depends_on: depends_on:
- mysqldb - fix-ghost-permissions
- nginx
php: # php:
image: bitnami/php-fpm:latest # image: bitnami/php-fpm:latest
container_name: php # container_name: php
restart: always # restart: always
ports: # ports:
- "9001:9000" # - "9001:9000"
volumes: # volumes:
- "./etc/php/php.ini:/opt/bitnami/php/etc/conf.d/php.ini" # - "./etc/php/php.ini:/opt/bitnami/php/etc/conf.d/php.ini"
- "./Website:/app" # - "./Website:/app"
depends_on: # - "./etc/logs/php:/opt/bitnami/php/log"
- nginx # depends_on:
# - nginx
volumes: volumes:
mariadb_data: mariadb_data:

2
etc/ghost/config.production.json
View File

@@ -9,7 +9,7 @@
"database": "ghost" "database": "ghost"
} }
}, },
"url": "http://localhost:2368/blog", "url": "http://localhost/blog",
"server": { "server": {
"port": 2368, "port": 2368,
"host": "0.0.0.0" "host": "0.0.0.0"

29
etc/ghost/ghost/config.production.json
View File

@@ -1,29 +0,0 @@
{
"database": {
"client": "mysql",
"connection": {
"host": "mysql",
"port": 3306,
"password": "root",
"user": "root",
"database": "ghost"
}
},
"url": "http://localhost:2368/blog",
"server": {
"port": 2368,
"host": "0.0.0.0"
},
"mail": {
"transport": "Direct"
},
"logging": {
"transports": [
"file"
]
},
"process": "local",
"paths": {
"contentPath": "/opt/bitnami/ghost/content"
}
}

0
etc/logs/.gitkeep → etc/logs/nginx/.gitkeep
View File

0
etc/logs/php/.gitkeep Normal file
View File

110
etc/nginx/HTTPS_default.conf.BAK
View File

@@ -8,94 +8,69 @@ upstream ghost {
# HTTP # HTTP
server { server {
listen 8080 default_server; listen 80 default_server;
listen [::]:8080 default_server ipv6only=on; listen [::]:80 default_server ipv6only=on;
server_name ${NGINX_HOST}; server_name ${NGINX_HOST};
error_log /opt/bitnami/nginx/logs/error.log; error_log /var/log/nginx/error.log;
access_log /opt/bitnami/nginx/logs/access.log; access_log /var/log/nginx/access.log;
rewrite ^ https://$http_host$request_uri? permanent; #Redirect traffic to HTTPS location ~ /.well-known/acme-challenge {
allow all;
root /app; root /var/www/html;
index index.html index.htm index.php index.jsp;
client_max_body_size 100M;
location / {
try_files $uri $uri/index.html;
} }
####### Proxies ####### rewrite ^ https://$http_host$request_uri? permanent;
# PHP proxy
location ~ \.php$ {
fastcgi_pass php:9001;
fastcgi_index index.php;
include fastcgi.conf;
}
# Ghost proxy
location /blog {
proxy_pass http://ghost;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
# Tomcat proxy
location ~ \.(do|jspa|obr|jsp|txt|zip) {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tomcat;
}
} }
# HTTPS # HTTPS
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name ${NGINX_HOST}; server_name ${NGINX_HOST};
error_log /opt/bitnami/nginx/logs/error.log; error_log /var/log/nginx/error.log;
access_log /opt/bitnami/nginx/logs/access.log; access_log /var/log/nginx/access.log;
add_header Strict-Transport-Security "max-age=31536000" always; add_header Strict-Transport-Security "max-age=31536000" always;
ssl_session_cache shared:SSL:20m; ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m; ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on; ssl_prefer_server_ciphers on;
ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;"; ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
ssl_stapling on; ssl_stapling on;
ssl_stapling_verify on; ssl_stapling_verify on;
resolver 8.8.8.8 1.1.1.1; resolver 8.8.8.8 1.1.1.1;
ssl_certificate /etc/letsencrypt/live/${NGINX_HOST}/fullchain.pem; ssl_certificate /etc/letsencrypt/live/wolfkingdom.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${NGINX_HOST}/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/wolfkingdom.net/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/${NGINX_HOST}/chain.pem; ssl_trusted_certificate /etc/letsencrypt/live/wolfkingdom.net/chain.pem;
root /app; root /app;
index index.html index.htm index.php index.jsp; index index.jsp index.html index.htm;
client_max_body_size 100M; client_max_body_size 100M;
location / { location / {
try_files $uri $uri/index.html; root /var/www/html;
} }
####### Proxies ####### ####### Proxies #######
# PHP proxy # PHP proxy
location ~ \.php$ { # location /board {
fastcgi_pass php:9001; # fastcgi_pass php:9001;
fastcgi_index index.php; # fastcgi_index index.php;
include fastcgi.conf; # include fastcgi.conf;
# root /app;
# }
location ~ \.htm$ {
root /var/www/html;
} }
# Ghost proxy # Ghost proxy
location /blog { location /blog {
proxy_pass http://ghost; proxy_pass http://ghost;
proxy_set_header Host $http_host; # required for docker client's sake proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -104,16 +79,11 @@ server {
} }
# Tomcat proxy # Tomcat proxy
location ~ \.(do|jspa|obr|jsp|txt|zip) { location ~ \.jsp$ {
proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tomcat; proxy_pass http://tomcat;
} }
# Certbot for HTTPS cert renewal
location ~ ^/.well-known {
root /data/letsencrypt/;
}
} }

55
etc/nginx/nginx.conf
View File

@@ -1,55 +0,0 @@
upstream tomcat {
server tomcat:8080;
}
upstream ghost {
server ghost:2368;
}
# HTTP
server {
listen 8080 default_server;
listen [::]:8080 default_server ipv6only=on;
server_name ${NGINX_HOST};
error_log /opt/bitnami/nginx/logs/error.log;
access_log /opt/bitnami/nginx/logs/access.log;
#rewrite ^ https://$http_host$request_uri? permanent; #Redirect traffic to HTTPS
root /app;
index index.html index.htm index.php index.jsp;
client_max_body_size 100M;
location / {
try_files $uri $uri/index.html;
}
####### Proxies #######
# PHP proxy
location ~ \.php$ {
fastcgi_pass php:9001;
fastcgi_index index.php;
include fastcgi.conf;
}
# Ghost proxy
location /blog {
proxy_pass http://ghost;
proxy_set_header Host $http_host; # required for docker client's sake
proxy_set_header X-Real-IP $remote_addr; # pass on real client's IP
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
}
# Tomcat proxy
location ~ \.(do|jspa|obr|jsp|txt|zip) {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://tomcat;
}
}