diff --git a/certbot.sh b/certbot.sh new file mode 100755 index 0000000..4cea2f2 --- /dev/null +++ b/certbot.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +docker run -it --rm --name certbot \ + -v `pwd`/etc/certbot/certs:/etc/letsencrypt \ + -v `pwd`/etc/certbot/data:/data/letsencrypt \ + deliverous/certbot \ + certonly \ + --webroot --webroot-path=/data/letsencrypt \ + -d openrsc.com -d www.openrsc.com diff --git a/docker-compose.yml b/docker-compose.yml index fc8379a..94cb402 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -6,10 +6,11 @@ services: container_name: nginx volumes: - "./etc/nginx/default.conf:/etc/nginx/conf.d/default.conf" - - "./etc/ssl:/etc/ssl" - - "./Website:/var/www/html/public" + - "./Website:/var/www/html/public:ro" - "./etc/nginx/default.template.conf:/etc/nginx/conf.d/default.template" - - "./etc/nginx/logs:/var/log/nginx" + - "./etc/logs/nginx:/var/log/nginx" + - "./etc/letsencrypt/certs:/etc/letsencrypt" + - "./etc/letsencrypt/data:/data/letsencrypt" ports: - "80:80" - "443:443" diff --git a/etc/nginx/logs/empty b/etc/logs/empty similarity index 100% rename from etc/nginx/logs/empty rename to etc/logs/empty diff --git a/etc/nginx/default.conf b/etc/nginx/default.conf index 6495631..0582b04 100755 --- a/etc/nginx/default.conf +++ b/etc/nginx/default.conf @@ -97,31 +97,49 @@ server { deny all; internal; } + +# # Redirect to HTTPS +# location / { +# rewrite ^ https://$host$request_uri? permanent; +# } + +# # Certbot for HTTPS cert renewal +# location ^~ /.well-known { +# allow all; +# root /data/letsencrypt/; +# } } -# Website and PHPBB forum over HTTP -# server { -# server_name localhost; +#HTTPS +#server { +# listen 443 ssl http2; +# listen [::]:443 ssl http2; +# server_name localhost; +# ssl on; +# add_header Strict-Transport-Security "max-age=31536000" always; +# ssl_session_cache shared:SSL:20m; +# ssl_session_timeout 10m; +# ssl_protocols TLSv1 TLSv1.1 TLSv1.2; +# ssl_prefer_server_ciphers on; +# ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;"; +# ssl_stapling on; +# ssl_stapling_verify on; +# resolver 8.8.8.8 1.1.1.1; +# ssl_certificate /etc/letsencrypt/live/openrsc.com/fullchain.pem; +# ssl_certificate_key /etc/letsencrypt/live/openrsc.com/privkey.pem; +# ssl_trusted_certificate /etc/letsencrypt/live/openrsc.com/chain.pem; +# index index.php index.html index.jsp; +# error_log /var/log/nginx/error.log; +# access_log /var/log/nginx/access.log; +# root /var/www/html/public; -# listen 443 ssl; -# fastcgi_param HTTPS on; - -# ssl_certificate /etc/ssl/server.pem; -# ssl_certificate_key /etc/ssl/server.key; -# ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; - -# index index.php index.html; -# error_log /var/log/nginx/error.log; -# access_log /var/log/nginx/access.log; -# root /var/www/html/public; - -# location ~ \.php$ { -# try_files $uri =404; -# fastcgi_split_path_info ^(.+\.php)(/.+)$; -# fastcgi_pass php:9000; -# fastcgi_index index.php; -# include fastcgi_params; -# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -# fastcgi_param PATH_INFO $fastcgi_path_info; -# } -# } +# location ~ \.php$ { +# try_files $uri =404; +# fastcgi_split_path_info ^(.+\.php)(/.+)$; +# fastcgi_pass php:9000; +# fastcgi_index index.php; +# include fastcgi_params; +# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +# fastcgi_param PATH_INFO $fastcgi_path_info; +# } +#} diff --git a/etc/nginx/default.template.conf b/etc/nginx/default.template.conf index 3abd443..7a9f468 100755 --- a/etc/nginx/default.template.conf +++ b/etc/nginx/default.template.conf @@ -97,31 +97,49 @@ server { deny all; internal; } + +# # Redirect to HTTPS +# location / { +# rewrite ^ https://$host$request_uri? permanent; +# } + +# # Certbot for HTTPS cert renewal +# location ^~ /.well-known { +# allow all; +# root /data/letsencrypt/; +# } } -# Website and PHPBB forum over HTTP -# server { -# server_name ${NGINX_HOST}; +#HTTPS +#server { +# listen 443 ssl http2; +# listen [::]:443 ssl http2; +# server_name ${NGINX_HOST}; +# ssl on; +# add_header Strict-Transport-Security "max-age=31536000" always; +# ssl_session_cache shared:SSL:20m; +# ssl_session_timeout 10m; +# ssl_protocols TLSv1 TLSv1.1 TLSv1.2; +# ssl_prefer_server_ciphers on; +# ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;"; +# ssl_stapling on; +# ssl_stapling_verify on; +# resolver 8.8.8.8 1.1.1.1; +# ssl_certificate /etc/letsencrypt/live/openrsc.com/fullchain.pem; +# ssl_certificate_key /etc/letsencrypt/live/openrsc.com/privkey.pem; +# ssl_trusted_certificate /etc/letsencrypt/live/openrsc.com/chain.pem; +# index index.php index.html index.jsp; +# error_log /var/log/nginx/error.log; +# access_log /var/log/nginx/access.log; +# root /var/www/html/public; -# listen 443 ssl; -# fastcgi_param HTTPS on; - -# ssl_certificate /etc/ssl/server.pem; -# ssl_certificate_key /etc/ssl/server.key; -# ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; - -# index index.php index.html; -# error_log /var/log/nginx/error.log; -# access_log /var/log/nginx/access.log; -# root /var/www/html/public; - -# location ~ \.php$ { -# try_files $uri =404; -# fastcgi_split_path_info ^(.+\.php)(/.+)$; -# fastcgi_pass php:9000; -# fastcgi_index index.php; -# include fastcgi_params; -# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -# fastcgi_param PATH_INFO $fastcgi_path_info; -# } -# } +# location ~ \.php$ { +# try_files $uri =404; +# fastcgi_split_path_info ^(.+\.php)(/.+)$; +# fastcgi_pass php:9000; +# fastcgi_index index.php; +# include fastcgi_params; +# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +# fastcgi_param PATH_INFO $fastcgi_path_info; +# } +#}