commit
73a3745cc3
8
certbot/Dockerfile
Normal file
8
certbot/Dockerfile
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
FROM phusion/baseimage:latest
|
||||||
|
|
||||||
|
COPY run-certbot.sh /root/certbot/run-certbot.sh
|
||||||
|
|
||||||
|
RUN apt-get update
|
||||||
|
RUN apt-get install -y letsencrypt
|
||||||
|
|
||||||
|
ENTRYPOINT bash -c "bash /root/certbot/run-certbot.sh && sleep infinity"
|
0
certbot/letsencrypt/.gitkeep
Normal file
0
certbot/letsencrypt/.gitkeep
Normal file
0
certbot/letsencrypt/.well-known/.gitkeep
Normal file
0
certbot/letsencrypt/.well-known/.gitkeep
Normal file
6
certbot/run-certbot.sh
Normal file
6
certbot/run-certbot.sh
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
letsencrypt certonly --webroot -w /var/www/letsencrypt -d "$CN" --agree-tos --email "$EMAIL" --non-interactive --text
|
||||||
|
|
||||||
|
cp /etc/letsencrypt/archive/"$CN"/cert1.pem /var/certs/cert1.pem
|
||||||
|
cp /etc/letsencrypt/archive/"$CN"/privkey1.pem /var/certs/privkey1.pem
|
@ -343,6 +343,18 @@ services:
|
|||||||
- "9300:9300"
|
- "9300:9300"
|
||||||
links:
|
links:
|
||||||
- php-fpm
|
- php-fpm
|
||||||
|
|
||||||
|
### Certbot Container ##################################
|
||||||
|
|
||||||
|
certbot:
|
||||||
|
build:
|
||||||
|
context: ./certbot
|
||||||
|
volumes:
|
||||||
|
- ./data/certbot/certs/:/var/certs
|
||||||
|
- ./certbot/letsencrypt/:/var/www/letsencrypt
|
||||||
|
environment:
|
||||||
|
CN: "fake.domain.com"
|
||||||
|
EMAIL: "fake.email@gmail.com"
|
||||||
|
|
||||||
### Mailhog Container #########################################
|
### Mailhog Container #########################################
|
||||||
|
|
||||||
|
@ -23,6 +23,10 @@ http {
|
|||||||
error_log /var/log/nginx/error.log;
|
error_log /var/log/nginx/error.log;
|
||||||
gzip on;
|
gzip on;
|
||||||
gzip_disable "msie6";
|
gzip_disable "msie6";
|
||||||
|
|
||||||
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||||
|
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
|
||||||
|
|
||||||
include /etc/nginx/conf.d/*.conf;
|
include /etc/nginx/conf.d/*.conf;
|
||||||
include /etc/nginx/sites-available/*;
|
include /etc/nginx/sites-available/*;
|
||||||
open_file_cache off; # Disabled for issue 619
|
open_file_cache off; # Disabled for issue 619
|
||||||
|
@ -24,6 +24,11 @@ server {
|
|||||||
location ~ /\.ht {
|
location ~ /\.ht {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
location /.well-known/acme-challenge/ {
|
||||||
|
root /var/www/letsencrypt/;
|
||||||
|
log_not_found off;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
30
nginx/sites/laravel-https.conf
Normal file
30
nginx/sites/laravel-https.conf
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
server {
|
||||||
|
|
||||||
|
listen 443 default_server;
|
||||||
|
listen [::]:443 default_server ipv6only=on;
|
||||||
|
|
||||||
|
ssl on;
|
||||||
|
ssl_certificate /var/certs/cert1.pem;
|
||||||
|
ssl_certificate_key /var/certs/privkey1.pem;
|
||||||
|
|
||||||
|
server_name laravel;
|
||||||
|
root /var/www/laravel/public;
|
||||||
|
index index.php index.html index.htm;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ /index.php$is_args$args;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ \.php$ {
|
||||||
|
try_files $uri /index.php =404;
|
||||||
|
fastcgi_pass php-upstream;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||||
|
include fastcgi_params;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ /\.ht {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user