From e71daaf11496a1bc501b6e7289326be40255a51f Mon Sep 17 00:00:00 2001
From: peter_rabbit <pierrejarriges@gmail.com>
Date: Mon, 25 Jan 2021 10:04:07 +0100
Subject: [PATCH] letsencrypt new try...
---
.gitignore | 3 ++-
Dockerfile | 2 +-
data/nginx/app.conf | 39 +++++++++++++++++++++++++++
docker-compose.yml | 11 +++++---
nginx.conf | 65 ---------------------------------------------
5 files changed, 49 insertions(+), 71 deletions(-)
create mode 100644 data/nginx/app.conf
delete mode 100644 nginx.conf
diff --git a/.gitignore b/.gitignore
index 6b3bdab..4bd38e2 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,4 +2,5 @@ bundle.js
*.map
*.css.map
src/**/*.css
-node_modules
\ No newline at end of file
+node_modules
+/data/certbot
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index ff8ea10..01b0c1a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -10,4 +10,4 @@ WORKDIR /usr/share/nginx/html
COPY . .
-RUN cp nginx.conf /etc/nginx/nginx.conf
\ No newline at end of file
+# RUN cp nginx.conf /etc/nginx/nginx.conf
\ No newline at end of file
diff --git a/data/nginx/app.conf b/data/nginx/app.conf
new file mode 100644
index 0000000..b55d4bd
--- /dev/null
+++ b/data/nginx/app.conf
@@ -0,0 +1,39 @@
+server {
+ listen 80;
+
+ root /usr/share/nginx/html;
+ index index.html index.htm;
+
+ server_name kuadrado-software.fr www.kuadrado-software.fr;
+ server_tokens off;
+
+ location /.well-known/acme-challenge/ {
+ root /var/www/certbot;
+ }
+
+ location / {
+ return 301 https://$host$request_uri;
+ }
+}
+
+server {
+ listen 443 ssl;
+
+ root /usr/share/nginx/html;
+ index index.html index.htm;
+
+ server_name kuadrado-software.fr www.kuadrado-software.fr;
+ server_tokens off;
+
+ ssl_certificate /etc/letsencrypt/live/kuadrado-software.fr/fullchain.pem;
+ ssl_certificate_key /etc/letsencrypt/live/kuadrado-software.fr/privkey.pem;
+ include /etc/letsencrypt/options-ssl-nginx.conf;
+ ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+ location / {
+ proxy_pass http://kuadrado-software.fr;
+ proxy_set_header Host $http_host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ }
+}
diff --git a/docker-compose.yml b/docker-compose.yml
index bf821cf..fe086bd 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,19 +1,22 @@
version: "3.9"
services:
web:
- build: .
container_name: "kuadrado"
+ build: .
+ restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./public:/usr/share/nginx/html
+ - ./data/nginx:/etc/nginx/conf.d
- ./data/certbot/conf:/etc/letsencrypt
- ./data/certbot/www:/var/www/certbot
- command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
+ command: '/bin/sh -c ''while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g "daemon off;"'''
certbot:
image: certbot/certbot
+ restart: unless-stopped
volumes:
- - ./data/certbot/conf:/etc/letsencrypt
- - ./data/certbot/www:/var/www/certbot
+ - ./data/certbot/conf:/etc/letsencrypt
+ - ./data/certbot/www:/var/www/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
diff --git a/nginx.conf b/nginx.conf
deleted file mode 100644
index f24359b..0000000
--- a/nginx.conf
+++ /dev/null
@@ -1,65 +0,0 @@
-user nginx;
-worker_processes 1;
-
-error_log /var/log/nginx/error.log warn;
-pid /var/run/nginx.pid;
-
-
-events {
- worker_connections 1024;
-}
-
-http {
- include /etc/nginx/mime.types;
- default_type application/octet-stream;
-
- log_format main '$remote_addr - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"$http_user_agent" "$http_x_forwarded_for"';
-
- access_log /var/log/nginx/access.log main;
-
- sendfile on;
- #tcp_nopush on;
-
- keepalive_timeout 65;
-
- #gzip on;
-
- include /etc/nginx/conf.d/*.conf;
-
- server {
- listen 80;
- root /usr/share/nginx/html;
- index index.html index.htm;
- server_name kuadrado-software.fr www.kuadrado-software.fr;
- location / {
- return 301 https://$host$request_uri;
- }
- location /.well-known/acme-challenge/ {
- root /var/www/certbot;
- }
- }
-
- server {
- listen 443 ssl;
- root /usr/share/nginx/html;
- server_name kuadrado-software.fr www.kuadrado-software.fr;
- index index.html index.htm;
- ssl_certificate /etc/letsencrypt/live/kuadrado-software.fr/fullchain.pem;
- ssl_certificate_key /etc/letsencrypt/live/kuadrado-software.fr/privkey.pem;
-
- # https://github.com/certbot/certbot/blob/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf
- ssl_session_cache shared:le_nginx_SSL:10m;
- ssl_session_timeout 1440m;
- ssl_session_tickets off;
- ssl_protocols TLSv1.2 TLSv1.3;
- ssl_prefer_server_ciphers off;
- ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
- ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
- location / {
- proxy_pass http://kuadrado-software.fr;
- }
- }
-}
-
--
GitLab