HTTPS with Dockerized Lets Encrypt certbot
This commit is contained in:
Marwolf
9
certbot.sh
Executable file
9
certbot.sh
Executable file
@@ -0,0 +1,9 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
docker run -it --rm --name certbot \
|
||||||
|
-v `pwd`/etc/certbot/certs:/etc/letsencrypt \
|
||||||
|
-v `pwd`/etc/certbot/data:/data/letsencrypt \
|
||||||
|
deliverous/certbot \
|
||||||
|
certonly \
|
||||||
|
--webroot --webroot-path=/data/letsencrypt \
|
||||||
|
-d openrsc.com -d www.openrsc.com
|
||||||
@@ -6,10 +6,11 @@ services:
|
|||||||
container_name: nginx
|
container_name: nginx
|
||||||
volumes:
|
volumes:
|
||||||
- "./etc/nginx/default.conf:/etc/nginx/conf.d/default.conf"
|
- "./etc/nginx/default.conf:/etc/nginx/conf.d/default.conf"
|
||||||
- "./etc/ssl:/etc/ssl"
|
- "./Website:/var/www/html/public:ro"
|
||||||
- "./Website:/var/www/html/public"
|
|
||||||
- "./etc/nginx/default.template.conf:/etc/nginx/conf.d/default.template"
|
- "./etc/nginx/default.template.conf:/etc/nginx/conf.d/default.template"
|
||||||
- "./etc/nginx/logs:/var/log/nginx"
|
- "./etc/logs/nginx:/var/log/nginx"
|
||||||
|
- "./etc/letsencrypt/certs:/etc/letsencrypt"
|
||||||
|
- "./etc/letsencrypt/data:/data/letsencrypt"
|
||||||
ports:
|
ports:
|
||||||
- "80:80"
|
- "80:80"
|
||||||
- "443:443"
|
- "443:443"
|
||||||
|
|||||||
@@ -97,20 +97,38 @@ server {
|
|||||||
deny all;
|
deny all;
|
||||||
internal;
|
internal;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# # Redirect to HTTPS
|
||||||
|
# location / {
|
||||||
|
# rewrite ^ https://$host$request_uri? permanent;
|
||||||
|
# }
|
||||||
|
|
||||||
|
# # Certbot for HTTPS cert renewal
|
||||||
|
# location ^~ /.well-known {
|
||||||
|
# allow all;
|
||||||
|
# root /data/letsencrypt/;
|
||||||
|
# }
|
||||||
}
|
}
|
||||||
|
|
||||||
# Website and PHPBB forum over HTTP
|
#HTTPS
|
||||||
#server {
|
#server {
|
||||||
|
# listen 443 ssl http2;
|
||||||
|
# listen [::]:443 ssl http2;
|
||||||
# server_name localhost;
|
# server_name localhost;
|
||||||
|
# ssl on;
|
||||||
# listen 443 ssl;
|
# add_header Strict-Transport-Security "max-age=31536000" always;
|
||||||
# fastcgi_param HTTPS on;
|
# ssl_session_cache shared:SSL:20m;
|
||||||
|
# ssl_session_timeout 10m;
|
||||||
# ssl_certificate /etc/ssl/server.pem;
|
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||||
# ssl_certificate_key /etc/ssl/server.key;
|
# ssl_prefer_server_ciphers on;
|
||||||
# ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
|
# ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
|
||||||
|
# ssl_stapling on;
|
||||||
# index index.php index.html;
|
# ssl_stapling_verify on;
|
||||||
|
# resolver 8.8.8.8 1.1.1.1;
|
||||||
|
# ssl_certificate /etc/letsencrypt/live/openrsc.com/fullchain.pem;
|
||||||
|
# ssl_certificate_key /etc/letsencrypt/live/openrsc.com/privkey.pem;
|
||||||
|
# ssl_trusted_certificate /etc/letsencrypt/live/openrsc.com/chain.pem;
|
||||||
|
# index index.php index.html index.jsp;
|
||||||
# error_log /var/log/nginx/error.log;
|
# error_log /var/log/nginx/error.log;
|
||||||
# access_log /var/log/nginx/access.log;
|
# access_log /var/log/nginx/access.log;
|
||||||
# root /var/www/html/public;
|
# root /var/www/html/public;
|
||||||
|
|||||||
@@ -97,20 +97,38 @@ server {
|
|||||||
deny all;
|
deny all;
|
||||||
internal;
|
internal;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# # Redirect to HTTPS
|
||||||
|
# location / {
|
||||||
|
# rewrite ^ https://$host$request_uri? permanent;
|
||||||
|
# }
|
||||||
|
|
||||||
|
# # Certbot for HTTPS cert renewal
|
||||||
|
# location ^~ /.well-known {
|
||||||
|
# allow all;
|
||||||
|
# root /data/letsencrypt/;
|
||||||
|
# }
|
||||||
}
|
}
|
||||||
|
|
||||||
# Website and PHPBB forum over HTTP
|
#HTTPS
|
||||||
#server {
|
#server {
|
||||||
|
# listen 443 ssl http2;
|
||||||
|
# listen [::]:443 ssl http2;
|
||||||
# server_name ${NGINX_HOST};
|
# server_name ${NGINX_HOST};
|
||||||
|
# ssl on;
|
||||||
# listen 443 ssl;
|
# add_header Strict-Transport-Security "max-age=31536000" always;
|
||||||
# fastcgi_param HTTPS on;
|
# ssl_session_cache shared:SSL:20m;
|
||||||
|
# ssl_session_timeout 10m;
|
||||||
# ssl_certificate /etc/ssl/server.pem;
|
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||||
# ssl_certificate_key /etc/ssl/server.key;
|
# ssl_prefer_server_ciphers on;
|
||||||
# ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
|
# ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
|
||||||
|
# ssl_stapling on;
|
||||||
# index index.php index.html;
|
# ssl_stapling_verify on;
|
||||||
|
# resolver 8.8.8.8 1.1.1.1;
|
||||||
|
# ssl_certificate /etc/letsencrypt/live/openrsc.com/fullchain.pem;
|
||||||
|
# ssl_certificate_key /etc/letsencrypt/live/openrsc.com/privkey.pem;
|
||||||
|
# ssl_trusted_certificate /etc/letsencrypt/live/openrsc.com/chain.pem;
|
||||||
|
# index index.php index.html index.jsp;
|
||||||
# error_log /var/log/nginx/error.log;
|
# error_log /var/log/nginx/error.log;
|
||||||
# access_log /var/log/nginx/access.log;
|
# access_log /var/log/nginx/access.log;
|
||||||
# root /var/www/html/public;
|
# root /var/www/html/public;
|
||||||
|
|||||||
Reference in New Issue
Block a user