Merge pull request #370 from philtrep/certbot

Certbot container
This commit is contained in:
Mahmoud Zalt 2017-03-16 13:25:15 -04:00 committed by GitHub
commit 73a3745cc3
8 changed files with 65 additions and 0 deletions

8
certbot/Dockerfile Normal file
View File

@ -0,0 +1,8 @@
FROM phusion/baseimage:latest
COPY run-certbot.sh /root/certbot/run-certbot.sh
RUN apt-get update
RUN apt-get install -y letsencrypt
ENTRYPOINT bash -c "bash /root/certbot/run-certbot.sh && sleep infinity"

View File

View File

6
certbot/run-certbot.sh Normal file
View File

@ -0,0 +1,6 @@
#!/bin/bash
letsencrypt certonly --webroot -w /var/www/letsencrypt -d "$CN" --agree-tos --email "$EMAIL" --non-interactive --text
cp /etc/letsencrypt/archive/"$CN"/cert1.pem /var/certs/cert1.pem
cp /etc/letsencrypt/archive/"$CN"/privkey1.pem /var/certs/privkey1.pem

View File

@ -343,6 +343,18 @@ services:
- "9300:9300" - "9300:9300"
links: links:
- php-fpm - php-fpm
### Certbot Container ##################################
certbot:
build:
context: ./certbot
volumes:
- ./data/certbot/certs/:/var/certs
- ./certbot/letsencrypt/:/var/www/letsencrypt
environment:
CN: "fake.domain.com"
EMAIL: "fake.email@gmail.com"
### Mailhog Container ######################################### ### Mailhog Container #########################################

View File

@ -23,6 +23,10 @@ http {
error_log /var/log/nginx/error.log; error_log /var/log/nginx/error.log;
gzip on; gzip on;
gzip_disable "msie6"; gzip_disable "msie6";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
include /etc/nginx/conf.d/*.conf; include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-available/*; include /etc/nginx/sites-available/*;
open_file_cache off; # Disabled for issue 619 open_file_cache off; # Disabled for issue 619

View File

@ -24,6 +24,11 @@ server {
location ~ /\.ht { location ~ /\.ht {
deny all; deny all;
} }
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt/;
log_not_found off;
}
} }

View File

@ -0,0 +1,30 @@
server {
listen 443 default_server;
listen [::]:443 default_server ipv6only=on;
ssl on;
ssl_certificate /var/certs/cert1.pem;
ssl_certificate_key /var/certs/privkey1.pem;
server_name laravel;
root /var/www/laravel/public;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_pass php-upstream;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}