diff --git a/.gitignore b/.gitignore index f7cae68..b9b9fc2 100644 --- a/.gitignore +++ b/.gitignore @@ -128,5 +128,7 @@ dist # MacOS finder preferences .DS_store +# https stuff .crt -.key \ No newline at end of file +.key +certbot/ \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 07f4523..4d1c981 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,5 +1,45 @@ version: '3.9' +networks: + proxy: + driver: bridge + default: + name: automatisch_network + enable_ipv6: ${ENABLE_IPV6} + ipam: + config: + - subnet: 2001:db8::/64 services: + # for local https development using self-signed certs via openssl + # nginx: + # image: nginx:latest + # depends_on: + # - main + # ports: + # - "443:443" + # volumes: + # - ./https/certs/${SSL_SELF_SIGNED_CRT}:/etc/nginx/certs/${SSL_SELF_SIGNED_CRT}:ro + # - ./https/certs/${SSL_SELF_SIGNED_KEY}:/etc/nginx/certs/${SSL_SELF_SIGNED_KEY}:ro + # - ./https/nginx/automatisch_self_signed_nginx.conf:/etc/nginx/conf.d/ + # for production using letsencrypt and certbot + nginx: + image: nginx:latest + depends_on: + - main + restart: unless-stopped + volumes: + - ./https/nginx/automatisch_letsencrypt_nginx.conf:/etc/nginx/conf.d/ + - ./certbot/conf:/etc/letsencrypt + - ./certbot/www:/var/www/certbot + ports: + - ${PORT}:${PORT} + - 443:443 + + certbot: + image: certbot/certbot:latest + volumes: + - ./certbot/conf:/etc/letsencrypt + - ./certbot/www:/var/www/certbot + command: certonly --webroot -w /var/www/certbot --keep-until-expiring --email ${SSL_CERT_EMAIL} -d ${HOST} --agree-tos main: build: context: ./docker diff --git a/https/nginx/automatisch_letsencrypt_nginx.conf b/https/nginx/automatisch_letsencrypt_nginx.conf new file mode 100644 index 0000000..d49e548 --- /dev/null +++ b/https/nginx/automatisch_letsencrypt_nginx.conf @@ -0,0 +1,19 @@ +events { + worker_connections 1024; +} + +http { + + server { + listen 7757; + server_name automatisch.lasthourhosting.org; + + location / { + proxy_pass http://main:7757; + } + + location ~ /.well-known/acme-challenge/ { + root /var/www/certbot; + } + } +} diff --git a/https/nginx/automatisch_self_signed_nginx.conf b/https/nginx/automatisch_self_signed_nginx.conf new file mode 100644 index 0000000..4b833fe --- /dev/null +++ b/https/nginx/automatisch_self_signed_nginx.conf @@ -0,0 +1,19 @@ +events {} + +http { + server { + listen 443 ssl; + server_name shiloh_automatisch.local; + + ssl_certificate /etc/nginx/certs/shiloh_automatisch.local.crt; + ssl_certificate_key /etc/nginx/certs/shiloh_automatisch.local.key; + + location / { + proxy_pass http://main:7757; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + } + } +} diff --git a/https/nginx/temp.conf b/https/nginx/temp.conf new file mode 100644 index 0000000..42f48ec --- /dev/null +++ b/https/nginx/temp.conf @@ -0,0 +1,34 @@ +events { + worker_connections 1024; +} + +http { + + server { + listen 7757; + server_name automatisch.lasthourhosting.org; + + location ~ /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + return 301 https://$host$request_uri; + } + + server { + listen 443 ssl http2; + # use ssl letsencrypt certs + ssl_certificate /etc/letsencrypt/live/automatisch.lasthourhosting.org/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/automatisch.lasthourhosting.org/privkey.pem; + server_name automatisch.lasthourhosting.org; + + + location / { + proxy_pass http://automatisch.lasthourhosting.org:7757/; + } + + location ~ /.well-known/acme-challenge/ { + root /var/www/certbot; + } + } +}