HTTPS with Dockerized Lets Encrypt certbot

etc/nginx/default.conf

@@ -97,31 +97,49 @@ server {
         deny all;
         internal;
     }
+
+#    # Redirect to HTTPS
+#    location / {
+#        rewrite ^ https://$host$request_uri? permanent;
+#    }
+
+#    # Certbot for HTTPS cert renewal
+#    location ^~ /.well-known {
+#        allow all;
+#        root  /data/letsencrypt/;
+#    }
 }
 
-# Website and PHPBB forum over HTTP
-# server {
-#     server_name localhost;
+#HTTPS
+#server {
+#    listen      443           ssl http2;
+#    listen [::]:443           ssl http2;
+#    server_name               localhost;
+#    ssl                       on;
+#    add_header                Strict-Transport-Security "max-age=31536000" always;
+#    ssl_session_cache         shared:SSL:20m;
+#    ssl_session_timeout       10m;
+#    ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
+#    ssl_prefer_server_ciphers on;
+#    ssl_ciphers               "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
+#    ssl_stapling              on;
+#    ssl_stapling_verify       on;
+#    resolver                  8.8.8.8 1.1.1.1;
+#    ssl_certificate           /etc/letsencrypt/live/openrsc.com/fullchain.pem;
+#    ssl_certificate_key       /etc/letsencrypt/live/openrsc.com/privkey.pem;
+#    ssl_trusted_certificate   /etc/letsencrypt/live/openrsc.com/chain.pem;
+#    index index.php index.html index.jsp;
+#    error_log  /var/log/nginx/error.log;
+#    access_log /var/log/nginx/access.log;
+#    root /var/www/html/public;
 
-#     listen 443 ssl;
-#     fastcgi_param HTTPS on;
-
-#     ssl_certificate /etc/ssl/server.pem;
-#     ssl_certificate_key /etc/ssl/server.key;
-#     ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
-
-#     index index.php index.html;
-#     error_log  /var/log/nginx/error.log;
-#     access_log /var/log/nginx/access.log;
-#     root /var/www/html/public;
-
-#     location ~ \.php$ {
-#         try_files $uri =404;
-#         fastcgi_split_path_info ^(.+\.php)(/.+)$;
-#         fastcgi_pass php:9000;
-#         fastcgi_index index.php;
-#         include fastcgi_params;
-#         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-#         fastcgi_param PATH_INFO $fastcgi_path_info;
-#     }
-# }
+#    location ~ \.php$ {
+#        try_files $uri =404;
+#        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+#        fastcgi_pass php:9000;
+#        fastcgi_index index.php;
+#        include fastcgi_params;
+#        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+#        fastcgi_param PATH_INFO $fastcgi_path_info;
+#    }
+#}

etc/nginx/default.template.conf

@@ -97,31 +97,49 @@ server {
         deny all;
         internal;
     }
+
+#    # Redirect to HTTPS
+#    location / {
+#        rewrite ^ https://$host$request_uri? permanent;
+#    }
+
+#    # Certbot for HTTPS cert renewal
+#    location ^~ /.well-known {
+#        allow all;
+#        root  /data/letsencrypt/;
+#    }
 }
 
-# Website and PHPBB forum over HTTP
-# server {
-#     server_name ${NGINX_HOST};
+#HTTPS
+#server {
+#    listen      443           ssl http2;
+#    listen [::]:443           ssl http2;
+#    server_name               ${NGINX_HOST};
+#    ssl                       on;
+#    add_header                Strict-Transport-Security "max-age=31536000" always;
+#    ssl_session_cache         shared:SSL:20m;
+#    ssl_session_timeout       10m;
+#    ssl_protocols             TLSv1 TLSv1.1 TLSv1.2;
+#    ssl_prefer_server_ciphers on;
+#    ssl_ciphers               "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
+#    ssl_stapling              on;
+#    ssl_stapling_verify       on;
+#    resolver                  8.8.8.8 1.1.1.1;
+#    ssl_certificate           /etc/letsencrypt/live/openrsc.com/fullchain.pem;
+#    ssl_certificate_key       /etc/letsencrypt/live/openrsc.com/privkey.pem;
+#    ssl_trusted_certificate   /etc/letsencrypt/live/openrsc.com/chain.pem;
+#    index index.php index.html index.jsp;
+#    error_log  /var/log/nginx/error.log;
+#    access_log /var/log/nginx/access.log;
+#    root /var/www/html/public;
 
-#     listen 443 ssl;
-#     fastcgi_param HTTPS on;
-
-#     ssl_certificate /etc/ssl/server.pem;
-#     ssl_certificate_key /etc/ssl/server.key;
-#     ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
-
-#     index index.php index.html;
-#     error_log  /var/log/nginx/error.log;
-#     access_log /var/log/nginx/access.log;
-#     root /var/www/html/public;
-
-#     location ~ \.php$ {
-#         try_files $uri =404;
-#         fastcgi_split_path_info ^(.+\.php)(/.+)$;
-#         fastcgi_pass php:9000;
-#         fastcgi_index index.php;
-#         include fastcgi_params;
-#         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-#         fastcgi_param PATH_INFO $fastcgi_path_info;
-#     }
-# }
+#    location ~ \.php$ {
+#        try_files $uri =404;
+#        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+#        fastcgi_pass php:9000;
+#        fastcgi_index index.php;
+#        include fastcgi_params;
+#        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+#        fastcgi_param PATH_INFO $fastcgi_path_info;
+#    }
+#}