2025-02-07 00:15:26 +00:00
5 changed files with 115 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@ -128,5 +128,7 @@ dist
 # MacOS finder preferences
 .DS_store

+# https stuff
 .crt
-.key
+.key
+certbot/
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -1,5 +1,45 @@
 version: '3.9'
+networks:
+  proxy:
+    driver: bridge   
+  default:
+    name: automatisch_network
+    enable_ipv6: ${ENABLE_IPV6}
+    ipam:
+      config:
+        - subnet: 2001:db8::/64
 services:
+  # for local https development using self-signed certs via openssl
+  # nginx:
+  #   image: nginx:latest
+  #   depends_on:
+  #     - main    
+  #   ports:
+  #     - "443:443"
+  #   volumes:
+  #     - ./https/certs/${SSL_SELF_SIGNED_CRT}:/etc/nginx/certs/${SSL_SELF_SIGNED_CRT}:ro
+  #     - ./https/certs/${SSL_SELF_SIGNED_KEY}:/etc/nginx/certs/${SSL_SELF_SIGNED_KEY}:ro
+  #     - ./https/nginx/automatisch_self_signed_nginx.conf:/etc/nginx/conf.d/
+  # for production using letsencrypt and certbot
+  nginx:
+    image: nginx:latest
+    depends_on:
+      - main      
+    restart: unless-stopped
+    volumes:
+      - ./https/nginx/automatisch_letsencrypt_nginx.conf:/etc/nginx/conf.d/
+      - ./certbot/conf:/etc/letsencrypt
+      - ./certbot/www:/var/www/certbot
+    ports:
+      - ${PORT}:${PORT}
+      - 443:443
+  
+  certbot:
+     image: certbot/certbot:latest
+     volumes:
+       - ./certbot/conf:/etc/letsencrypt
+       - ./certbot/www:/var/www/certbot     
+     command: certonly --webroot -w /var/www/certbot --keep-until-expiring --email ${SSL_CERT_EMAIL} -d ${HOST} --agree-tos
  main:
    build:
      context: ./docker
--- a/https/nginx/automatisch_letsencrypt_nginx.conf
+++ b/https/nginx/automatisch_letsencrypt_nginx.conf
@ -0,0 +1,19 @@
+events {
+    worker_connections  1024;
+}
+
+http {
+
+    server {
+        listen 7757;
+        server_name automatisch.lasthourhosting.org;
+
+        location / {
+            proxy_pass http://main:7757;
+        }               
+
+        location ~ /.well-known/acme-challenge/ {
+            root /var/www/certbot;
+        }        
+    }
+}
--- a/https/nginx/automatisch_self_signed_nginx.conf
+++ b/https/nginx/automatisch_self_signed_nginx.conf
@ -0,0 +1,19 @@
+events {}
+
+http {
+    server {
+        listen 443 ssl;
+        server_name shiloh_automatisch.local;
+
+        ssl_certificate /etc/nginx/certs/shiloh_automatisch.local.crt;
+        ssl_certificate_key /etc/nginx/certs/shiloh_automatisch.local.key;
+
+        location / {
+            proxy_pass http://main:7757;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto https;
+        }
+    }
+}
--- a/https/nginx/temp.conf
+++ b/https/nginx/temp.conf
@ -0,0 +1,34 @@
+events {
+    worker_connections  1024;
+}
+
+http {
+    
+    server {
+        listen 7757;
+        server_name automatisch.lasthourhosting.org;
+
+        location ~ /.well-known/acme-challenge/ {
+            root /var/www/certbot;
+        }
+
+        return 301 https://$host$request_uri;
+    }
+
+    server {
+        listen 443 ssl http2;
+        # use ssl letsencrypt certs
+        ssl_certificate      /etc/letsencrypt/live/automatisch.lasthourhosting.org/fullchain.pem;
+        ssl_certificate_key  /etc/letsencrypt/live/automatisch.lasthourhosting.org/privkey.pem;
+        server_name automatisch.lasthourhosting.org;
+
+
+        location / {
+            proxy_pass http://automatisch.lasthourhosting.org:7757/;
+        }               
+
+        location ~ /.well-known/acme-challenge/ {
+            root /var/www/certbot;
+        }        
+    }    
+}