H-O-O-T-S/Open-RSC-Docker-Home
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

HTTPS with Dockerized Lets Encrypt certbot

Browse Source
This commit is contained in:
Marwolf
2018-07-27 12:22:08 -04:00
parent eb0b7a57b0
commit e3a98cdcf6
5 changed files with 99 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
certbot.sh Executable file
View File

@@ -0,0 +1,9 @@
#!/bin/bash
docker run -it --rm --name certbot \
-v `pwd`/etc/certbot/certs:/etc/letsencrypt \
-v `pwd`/etc/certbot/data:/data/letsencrypt \
deliverous/certbot \
certonly \
--webroot --webroot-path=/data/letsencrypt \
-d openrsc.com -d www.openrsc.com

7
docker-compose.yml
View File

@@ -6,10 +6,11 @@ services:
container_name: nginx container_name: nginx
volumes: volumes:
- "./etc/nginx/default.conf:/etc/nginx/conf.d/default.conf" - "./etc/nginx/default.conf:/etc/nginx/conf.d/default.conf"
- "./etc/ssl:/etc/ssl" - "./Website:/var/www/html/public:ro"
- "./Website:/var/www/html/public"
- "./etc/nginx/default.template.conf:/etc/nginx/conf.d/default.template" - "./etc/nginx/default.template.conf:/etc/nginx/conf.d/default.template"
- "./etc/nginx/logs:/var/log/nginx" - "./etc/logs/nginx:/var/log/nginx"
- "./etc/letsencrypt/certs:/etc/letsencrypt"
- "./etc/letsencrypt/data:/data/letsencrypt"
ports: ports:
- "80:80" - "80:80"
- "443:443" - "443:443"

0
etc/nginx/logs/empty → etc/logs/empty
View File

42
etc/nginx/default.conf
View File

@@ -97,20 +97,38 @@ server {
deny all; deny all;
internal; internal;
} }
# # Redirect to HTTPS
# location / {
# rewrite ^ https://$host$request_uri? permanent;
# }
# # Certbot for HTTPS cert renewal
# location ^~ /.well-known {
# allow all;
# root /data/letsencrypt/;
# }
} }
# Website and PHPBB forum over HTTP #HTTPS
# server { #server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name localhost; # server_name localhost;
# ssl on;
# listen 443 ssl; # add_header Strict-Transport-Security "max-age=31536000" always;
# fastcgi_param HTTPS on; # ssl_session_cache shared:SSL:20m;
# ssl_session_timeout 10m;
# ssl_certificate /etc/ssl/server.pem; # ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_certificate_key /etc/ssl/server.key; # ssl_prefer_server_ciphers on;
# ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; # ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
# ssl_stapling on;
# index index.php index.html; # ssl_stapling_verify on;
# resolver 8.8.8.8 1.1.1.1;
# ssl_certificate /etc/letsencrypt/live/openrsc.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/openrsc.com/privkey.pem;
# ssl_trusted_certificate /etc/letsencrypt/live/openrsc.com/chain.pem;
# index index.php index.html index.jsp;
# error_log /var/log/nginx/error.log; # error_log /var/log/nginx/error.log;
# access_log /var/log/nginx/access.log; # access_log /var/log/nginx/access.log;
# root /var/www/html/public; # root /var/www/html/public;
@@ -124,4 +142,4 @@ server {
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_param PATH_INFO $fastcgi_path_info; # fastcgi_param PATH_INFO $fastcgi_path_info;
# } # }
# } #}

42
etc/nginx/default.template.conf
View File

@@ -97,20 +97,38 @@ server {
deny all; deny all;
internal; internal;
} }
# # Redirect to HTTPS
# location / {
# rewrite ^ https://$host$request_uri? permanent;
# }
# # Certbot for HTTPS cert renewal
# location ^~ /.well-known {
# allow all;
# root /data/letsencrypt/;
# }
} }
# Website and PHPBB forum over HTTP #HTTPS
# server { #server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name ${NGINX_HOST}; # server_name ${NGINX_HOST};
# ssl on;
# listen 443 ssl; # add_header Strict-Transport-Security "max-age=31536000" always;
# fastcgi_param HTTPS on; # ssl_session_cache shared:SSL:20m;
# ssl_session_timeout 10m;
# ssl_certificate /etc/ssl/server.pem; # ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_certificate_key /etc/ssl/server.key; # ssl_prefer_server_ciphers on;
# ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; # ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
# ssl_stapling on;
# index index.php index.html; # ssl_stapling_verify on;
# resolver 8.8.8.8 1.1.1.1;
# ssl_certificate /etc/letsencrypt/live/openrsc.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/openrsc.com/privkey.pem;
# ssl_trusted_certificate /etc/letsencrypt/live/openrsc.com/chain.pem;
# index index.php index.html index.jsp;
# error_log /var/log/nginx/error.log; # error_log /var/log/nginx/error.log;
# access_log /var/log/nginx/access.log; # access_log /var/log/nginx/access.log;
# root /var/www/html/public; # root /var/www/html/public;
@@ -124,4 +142,4 @@ server {
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_param PATH_INFO $fastcgi_path_info; # fastcgi_param PATH_INFO $fastcgi_path_info;
# } # }
# } #}