H-O-O-T-S/Open-RSC-Docker-Home
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

HTTPS with Dockerized Lets Encrypt certbot

Browse Source
This commit is contained in:
Marwolf
2018-07-27 12:22:08 -04:00
parent eb0b7a57b0
commit e3a98cdcf6
5 changed files with 99 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
certbot.sh Executable file
View File

@@ -0,0 +1,9 @@
#!/bin/bash
docker run -it --rm --name certbot \
-v `pwd`/etc/certbot/certs:/etc/letsencrypt \
-v `pwd`/etc/certbot/data:/data/letsencrypt \
deliverous/certbot \
certonly \
--webroot --webroot-path=/data/letsencrypt \
-d openrsc.com -d www.openrsc.com

7
docker-compose.yml
View File

@@ -6,10 +6,11 @@ services:
container_name: nginx
volumes:
- "./etc/nginx/default.conf:/etc/nginx/conf.d/default.conf"
- "./etc/ssl:/etc/ssl"
- "./Website:/var/www/html/public"
- "./Website:/var/www/html/public:ro"
- "./etc/nginx/default.template.conf:/etc/nginx/conf.d/default.template"
- "./etc/nginx/logs:/var/log/nginx"
- "./etc/logs/nginx:/var/log/nginx"
- "./etc/letsencrypt/certs:/etc/letsencrypt"
- "./etc/letsencrypt/data:/data/letsencrypt"
ports:
- "80:80"
- "443:443"

0
etc/nginx/logs/empty → etc/logs/empty
View File

68
etc/nginx/default.conf
View File

@@ -97,31 +97,49 @@ server {
deny all;
internal;
}
# # Redirect to HTTPS
# location / {
# rewrite ^ https://$host$request_uri? permanent;
# }
# # Certbot for HTTPS cert renewal
# location ^~ /.well-known {
# allow all;
# root /data/letsencrypt/;
# }
}
# Website and PHPBB forum over HTTP
# server {
# server_name localhost;
#HTTPS
#server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name localhost;
# ssl on;
# add_header Strict-Transport-Security "max-age=31536000" always;
# ssl_session_cache shared:SSL:20m;
# ssl_session_timeout 10m;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_prefer_server_ciphers on;
# ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
# ssl_stapling on;
# ssl_stapling_verify on;
# resolver 8.8.8.8 1.1.1.1;
# ssl_certificate /etc/letsencrypt/live/openrsc.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/openrsc.com/privkey.pem;
# ssl_trusted_certificate /etc/letsencrypt/live/openrsc.com/chain.pem;
# index index.php index.html index.jsp;
# error_log /var/log/nginx/error.log;
# access_log /var/log/nginx/access.log;
# root /var/www/html/public;
# listen 443 ssl;
# fastcgi_param HTTPS on;
# ssl_certificate /etc/ssl/server.pem;
# ssl_certificate_key /etc/ssl/server.key;
# ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
# index index.php index.html;
# error_log /var/log/nginx/error.log;
# access_log /var/log/nginx/access.log;
# root /var/www/html/public;
# location ~ \.php$ {
# try_files $uri =404;
# fastcgi_split_path_info ^(.+\.php)(/.+)$;
# fastcgi_pass php:9000;
# fastcgi_index index.php;
# include fastcgi_params;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_param PATH_INFO $fastcgi_path_info;
# }
# }
# location ~ \.php$ {
# try_files $uri =404;
# fastcgi_split_path_info ^(.+\.php)(/.+)$;
# fastcgi_pass php:9000;
# fastcgi_index index.php;
# include fastcgi_params;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_param PATH_INFO $fastcgi_path_info;
# }
#}

68
etc/nginx/default.template.conf
View File

@@ -97,31 +97,49 @@ server {
deny all;
internal;
}
# # Redirect to HTTPS
# location / {
# rewrite ^ https://$host$request_uri? permanent;
# }
# # Certbot for HTTPS cert renewal
# location ^~ /.well-known {
# allow all;
# root /data/letsencrypt/;
# }
}
# Website and PHPBB forum over HTTP
# server {
# server_name ${NGINX_HOST};
#HTTPS
#server {
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
# server_name ${NGINX_HOST};
# ssl on;
# add_header Strict-Transport-Security "max-age=31536000" always;
# ssl_session_cache shared:SSL:20m;
# ssl_session_timeout 10m;
# ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ssl_prefer_server_ciphers on;
# ssl_ciphers "ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;";
# ssl_stapling on;
# ssl_stapling_verify on;
# resolver 8.8.8.8 1.1.1.1;
# ssl_certificate /etc/letsencrypt/live/openrsc.com/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/openrsc.com/privkey.pem;
# ssl_trusted_certificate /etc/letsencrypt/live/openrsc.com/chain.pem;
# index index.php index.html index.jsp;
# error_log /var/log/nginx/error.log;
# access_log /var/log/nginx/access.log;
# root /var/www/html/public;
# listen 443 ssl;
# fastcgi_param HTTPS on;
# ssl_certificate /etc/ssl/server.pem;
# ssl_certificate_key /etc/ssl/server.key;
# ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
# index index.php index.html;
# error_log /var/log/nginx/error.log;
# access_log /var/log/nginx/access.log;
# root /var/www/html/public;
# location ~ \.php$ {
# try_files $uri =404;
# fastcgi_split_path_info ^(.+\.php)(/.+)$;
# fastcgi_pass php:9000;
# fastcgi_index index.php;
# include fastcgi_params;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_param PATH_INFO $fastcgi_path_info;
# }
# }
# location ~ \.php$ {
# try_files $uri =404;
# fastcgi_split_path_info ^(.+\.php)(/.+)$;
# fastcgi_pass php:9000;
# fastcgi_index index.php;
# include fastcgi_params;
# fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_param PATH_INFO $fastcgi_path_info;
# }
#}