From 6c890253274779690e982ac707dbec6962074860 Mon Sep 17 00:00:00 2001 From: Qwerty Date: Sun, 25 Aug 2024 00:48:25 +0300 Subject: [PATCH 1/7] ssl --- docker-compose.yml | 13 +++++++++++++ nginx.conf | 18 +++++++++++++++++- 2 files changed, 30 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 30e0535..c1bfea7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,6 +5,19 @@ services: container_name: nginx-reverse-proxy ports: - "80:80" + - "443:443" volumes: - ./nginx.conf:/etc/nginx/nginx.conf + - ./certs:/etc/letsencrypt + - ./html:/var/www/html restart: always + + certbot: + image: certbot/certbot + container_name: certbot + volumes: + - ./certs:/etc/letsencrypt + - ./html:/var/www/html + command: certonly --webroot --webroot-path=/var/www/html --email prbigoon@gmail.com --agree-tos --staged --no-eff-email -d git.evil-bird.ru + depends_on: + - nginx diff --git a/nginx.conf b/nginx.conf index 51b5ea0..90a5bdb 100644 --- a/nginx.conf +++ b/nginx.conf @@ -5,6 +5,22 @@ http { listen 80; server_name git.evil-bird.ru; + location /.well-known/acme-challenge/ { + root /var/www/html; + } + + location / { + return 301 https://$host$request_uri; + } + } + + server { + listen 443 ssl; + server_name git.evil-bird.ru; + + ssl_certificate /etc/letsencrypt/live/git.evil-bird.ru/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/git.evil-bird.ru/privkey.pem; + location / { proxy_pass http://10.10.1.10:3000; proxy_set_header Host $host; @@ -13,4 +29,4 @@ http { proxy_set_header X-Forwarded-Proto $scheme; } } -} +} \ No newline at end of file From b2e892a6a6ff1e16caadd77a06e673d9cb345bd9 Mon Sep 17 00:00:00 2001 From: Qwerty Date: Sun, 25 Aug 2024 00:55:19 +0300 Subject: [PATCH 2/7] fix --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index c1bfea7..b6acc90 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -18,6 +18,6 @@ services: volumes: - ./certs:/etc/letsencrypt - ./html:/var/www/html - command: certonly --webroot --webroot-path=/var/www/html --email prbigoon@gmail.com --agree-tos --staged --no-eff-email -d git.evil-bird.ru + command: certonly --webroot --webroot-path=/var/www/html --email prbigoon@gmail.com --agree-tos --staging --no-eff-email -d git.evil-bird.ru depends_on: - nginx From bf323d406e5c1c15625ae0f5526d82917fff0d8c Mon Sep 17 00:00:00 2001 From: Qwerty Date: Sun, 25 Aug 2024 01:03:41 +0300 Subject: [PATCH 3/7] test --- html/index.html | 1 + nginx.conf | 10 ++++------ 2 files changed, 5 insertions(+), 6 deletions(-) create mode 100644 html/index.html diff --git a/html/index.html b/html/index.html new file mode 100644 index 0000000..c9b76f1 --- /dev/null +++ b/html/index.html @@ -0,0 +1 @@ +

Test Page

diff --git a/nginx.conf b/nginx.conf index 90a5bdb..40e5e0b 100644 --- a/nginx.conf +++ b/nginx.conf @@ -10,7 +10,8 @@ http { } location / { - return 301 https://$host$request_uri; + root /var/www/html; + index index.html; } } @@ -22,11 +23,8 @@ http { ssl_certificate_key /etc/letsencrypt/live/git.evil-bird.ru/privkey.pem; location / { - proxy_pass http://10.10.1.10:3000; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; + root /var/www/html; + index index.html; } } } \ No newline at end of file From 7adf8f3daf3e709f7c311436b77410384382a924 Mon Sep 17 00:00:00 2001 From: Prod Date: Sat, 24 Aug 2024 22:23:19 +0000 Subject: [PATCH 4/7] works --- .gitignore | 1 + docker-compose.yml | 4 +++- html/index.html | 1 + nginx.conf | 2 +- 4 files changed, 6 insertions(+), 2 deletions(-) create mode 100644 .gitignore create mode 100644 html/index.html diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..df91287 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +certs/ diff --git a/docker-compose.yml b/docker-compose.yml index b6acc90..75824d4 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -18,6 +18,8 @@ services: volumes: - ./certs:/etc/letsencrypt - ./html:/var/www/html - command: certonly --webroot --webroot-path=/var/www/html --email prbigoon@gmail.com --agree-tos --staging --no-eff-email -d git.evil-bird.ru +# command: certonly --webroot --webroot-path=/var/www/html --email prbigoon@gmail.com --agree-tos --no-eff-email -d git.evil-bird.ru + command: renew --webroot --webroot-path=/var/www/html + entrypoint: /bin/sh -c "trap exit TERM; while :; do certbot renew --webroot --webroot-path=/var/www/html; sleep 12h & wait $${!}; done;" depends_on: - nginx diff --git a/html/index.html b/html/index.html new file mode 100644 index 0000000..c9b76f1 --- /dev/null +++ b/html/index.html @@ -0,0 +1 @@ +

Test Page

diff --git a/nginx.conf b/nginx.conf index 90a5bdb..7b28a3a 100644 --- a/nginx.conf +++ b/nginx.conf @@ -29,4 +29,4 @@ http { proxy_set_header X-Forwarded-Proto $scheme; } } -} \ No newline at end of file +} From 16f98386acb7e12f0b450b5b626ab9fc6dd79cd0 Mon Sep 17 00:00:00 2001 From: Qwerty Date: Sun, 25 Aug 2024 01:29:24 +0300 Subject: [PATCH 5/7] stagging conf --- html/stagged_nginx.conf | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 html/stagged_nginx.conf diff --git a/html/stagged_nginx.conf b/html/stagged_nginx.conf new file mode 100644 index 0000000..9eabd87 --- /dev/null +++ b/html/stagged_nginx.conf @@ -0,0 +1,30 @@ +events {} + +http { + server { + listen 80; + server_name git.evil-bird.ru; + + location /.well-known/acme-challenge/ { + root /var/www/html; + } + + location / { + root /var/www/html; + index index.html; + } + } + + server { + listen 443; # ssl; + server_name git.evil-bird.ru; + + # ssl_certificate /etc/letsencrypt/live/git.evil-bird.ru/fullchain.pem; + # ssl_certificate_key /etc/letsencrypt/live/git.evil-bird.ru/privkey.pem; + + location / { + root /var/www/html; + index index.html; + } + } +} \ No newline at end of file From dd75d1a1fc827a1114032956e4d20fc937e3e46b Mon Sep 17 00:00:00 2001 From: Qwerty Date: Sun, 25 Aug 2024 01:30:35 +0300 Subject: [PATCH 6/7] fix conf --- nginx.conf | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/nginx.conf b/nginx.conf index 4dde836..90a5bdb 100644 --- a/nginx.conf +++ b/nginx.conf @@ -10,8 +10,7 @@ http { } location / { - root /var/www/html; - index index.html; + return 301 https://$host$request_uri; } } @@ -23,8 +22,11 @@ http { ssl_certificate_key /etc/letsencrypt/live/git.evil-bird.ru/privkey.pem; location / { - root /var/www/html; - index index.html; + proxy_pass http://10.10.1.10:3000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; } } -} +} \ No newline at end of file From 52d3dbb6098b23bc9df6d1cccb7a5dd42b354a8c Mon Sep 17 00:00:00 2001 From: Qwerty Date: Sun, 25 Aug 2024 01:33:21 +0300 Subject: [PATCH 7/7] logs --- docker-compose.yml | 1 + nginx.conf | 3 +++ 2 files changed, 4 insertions(+) diff --git a/docker-compose.yml b/docker-compose.yml index 75824d4..766864f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -10,6 +10,7 @@ services: - ./nginx.conf:/etc/nginx/nginx.conf - ./certs:/etc/letsencrypt - ./html:/var/www/html + - ./logs/nginx:/var/log/nginx restart: always certbot: diff --git a/nginx.conf b/nginx.conf index 90a5bdb..0e7240d 100644 --- a/nginx.conf +++ b/nginx.conf @@ -1,6 +1,9 @@ events {} http { + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; server { listen 80; server_name git.evil-bird.ru;