From 4030cc2f2660b3e9e953abf75d9317aa85118189 Mon Sep 17 00:00:00 2001
From: philtrep <phil.trepanier@gmail.com>
Date: Sun, 9 Oct 2016 21:01:49 -0400
Subject: [PATCH 1/3] Added certbot container

---
 certbot/Dockerfile                       |  8 ++++++++
 certbot/letsencrypt/.gitkeep             |  0
 certbot/letsencrypt/.well-known/.gitkeep |  0
 certbot/run-certbot.sh                   |  6 ++++++
 docker-compose.yml                       | 13 +++++++++++++
 nginx/nginx.conf                         |  4 ++++
 6 files changed, 31 insertions(+)
 create mode 100644 certbot/Dockerfile
 create mode 100644 certbot/letsencrypt/.gitkeep
 create mode 100644 certbot/letsencrypt/.well-known/.gitkeep
 create mode 100644 certbot/run-certbot.sh

diff --git a/certbot/Dockerfile b/certbot/Dockerfile
new file mode 100644
index 00000000..c62405e9
--- /dev/null
+++ b/certbot/Dockerfile
@@ -0,0 +1,8 @@
+FROM phusion/baseimage:latest
+
+COPY run-certbot.sh /root/certbot/run-certbot.sh
+
+RUN apt-get update
+RUN apt-get install -y letsencrypt
+
+ENTRYPOINT bash -c "bash /root/certbot/run-certbot.sh && sleep infinity"
diff --git a/certbot/letsencrypt/.gitkeep b/certbot/letsencrypt/.gitkeep
new file mode 100644
index 00000000..e69de29b
diff --git a/certbot/letsencrypt/.well-known/.gitkeep b/certbot/letsencrypt/.well-known/.gitkeep
new file mode 100644
index 00000000..e69de29b
diff --git a/certbot/run-certbot.sh b/certbot/run-certbot.sh
new file mode 100644
index 00000000..26be75c7
--- /dev/null
+++ b/certbot/run-certbot.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+letsencrypt certonly --webroot -w /var/www/letsencrypt -d "$CN" --agree-tos --email "$EMAIL" --non-interactive --text
+
+cp /etc/letsencrypt/archive/"$CN"/cert1.pem /var/certs/cert1.pem
+cp /etc/letsencrypt/archive/"$CN"/privkey1.pem /var/certs/privkey1.pem
diff --git a/docker-compose.yml b/docker-compose.yml
index b7eed65b..223d449d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -311,9 +311,22 @@ services:
             - "9300:9300"
         links:
             - php-fpm
+            
+### Certbot Container ##################################
+            
+    certbot:
+        build:
+            context: ./certbot
+        volumes:
+            - ./data/certbot/certs/:/var/certs
+            - ./certbot/letsencrypt/:/var/www/letsencrypt
+        environment:
+            CN: "fake.domain.com"
+            EMAIL: "fake.email@gmail.com"
 
 ### Volumes Setup ###########################################
 
+
 volumes:
     mysql:
         driver: "local"
diff --git a/nginx/nginx.conf b/nginx/nginx.conf
index 97e5a0ed..40cb9d7c 100644
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@@ -23,6 +23,10 @@ http {
   error_log /var/log/nginx/error.log;
   gzip on;
   gzip_disable "msie6";
+  
+  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+  ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
+  
   include /etc/nginx/conf.d/*.conf;
   include /etc/nginx/sites-available/*;
   open_file_cache max=100;

From 48f8f3c02da989fd1f13f6f39a2c21a5776faaed Mon Sep 17 00:00:00 2001
From: philtrep <phil.trepanier@gmail.com>
Date: Sat, 15 Oct 2016 10:40:22 -0400
Subject: [PATCH 2/3] Added certbot serving in laravel conf

---
 nginx/sites/default.conf | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/nginx/sites/default.conf b/nginx/sites/default.conf
index d5058bd5..78f85cb2 100644
--- a/nginx/sites/default.conf
+++ b/nginx/sites/default.conf
@@ -22,6 +22,11 @@ server {
     location ~ /\.ht {
         deny all;
     }
+    
+    location /.well-known/acme-challenge/ {
+        root /var/www/letsencrypt/;
+        log_not_found off;
+    }
 }
 
 

From d89a944e224c4246c6ee7da86e90464e7c158ddd Mon Sep 17 00:00:00 2001
From: philtrep <phil.trepanier@gmail.com>
Date: Sat, 15 Oct 2016 10:47:00 -0400
Subject: [PATCH 3/3] Added nginx config for certbot

---
 docker-compose.yml             |  1 -
 nginx/sites/laravel-https.conf | 30 ++++++++++++++++++++++++++++++
 2 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 nginx/sites/laravel-https.conf

diff --git a/docker-compose.yml b/docker-compose.yml
index 223d449d..54a3f135 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -326,7 +326,6 @@ services:
 
 ### Volumes Setup ###########################################
 
-
 volumes:
     mysql:
         driver: "local"
diff --git a/nginx/sites/laravel-https.conf b/nginx/sites/laravel-https.conf
new file mode 100644
index 00000000..0704dbf8
--- /dev/null
+++ b/nginx/sites/laravel-https.conf
@@ -0,0 +1,30 @@
+server {
+
+    listen 443 default_server;
+    listen [::]:443 default_server ipv6only=on;
+
+    ssl on;
+    ssl_certificate /var/certs/cert1.pem;
+    ssl_certificate_key /var/certs/privkey1.pem;
+
+    server_name laravel;
+    root /var/www/laravel/public;
+    index index.php index.html index.htm;
+
+    location / {
+         try_files $uri $uri/ /index.php$is_args$args;
+    }
+
+    location ~ \.php$ {
+        try_files $uri /index.php =404;
+        fastcgi_pass php-upstream;
+        fastcgi_index index.php;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        include fastcgi_params;
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+    
+}