Shiloh/shiloh_automatisch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Production HTTPS Setup

Linden Crandall 2025-02-08 00:04:05 +00:00
parent 0569a3b3e0
commit 2ec3505405
1 changed files with 59 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

125
Production-HTTPS-Setup.md

@ -7,8 +7,8 @@ ex):
``` ```
ENABLE_IPV6=true ENABLE_IPV6=true
MAIN_HTTP_PORT=7757 MAIN_HTTP_PORT=7757
NGINX_HTTP_PORT=7758 NGINX_HTTP_PORT=80
NGINX_HTTPS_PORT=7759 NGINX_HTTPS_PORT=443
HOST=automatisch.lasthourhosting.org HOST=automatisch.lasthourhosting.org
PROTOCOL=https PROTOCOL=https
APP_ENV=production APP_ENV=production
@ -29,12 +29,12 @@ IPV6_SUBNET=2001:db8:2::/64
- main - main
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- ./https/nginx/automatisch_letsencrypt_nginx.conf:/etc/nginx/conf.d/ - ./https/nginx/automatisch_letsencrypt_nginx.conf:/etc/nginx/conf.d/automatisch_letsencrypt_nginx.conf
- ./certbot/conf:/etc/letsencrypt - ./certbot/conf:/etc/letsencrypt
- ./certbot/www:/var/www/certbot - ./certbot/www:/var/www/certbot
ports: ports:
- ${PORT}:${PORT} - ${NGINX_HTTP_PORT}:${NGINX_HTTP_PORT}
- 443:443 - ${NGINX_HTTPS_PORT}:443
certbot: certbot:
image: certbot/certbot:latest image: certbot/certbot:latest
@ -71,84 +71,77 @@ SSL_CERT_EMAIL=support@shilohcode.com
# initial nginx conf file needed when running certbot container the first time to generate ssl certs # initial nginx conf file needed when running certbot container the first time to generate ssl certs
# replace <HOSTNAME> with your DNS i.e.automatisch.lasthourhosting.org # replace <HOSTNAME> with your DNS i.e.automatisch.lasthourhosting.org
events { server {
worker_connections 1024;
} # nginx http port
listen 80;
listen [::]:80;
server_name <HOSTNAME>;
http { location / {
# Forward to Automatisch site which is running on port 7757
proxy_pass http://main:7757;
}
server { location ~ /.well-known/acme-challenge/ {
listen 7757; root /var/www/certbot;
server_name <HOSTNAME>; }
location / {
proxy_pass http://<HOSTNAME>:7757;
}
location ~ /.well-known/acme-challenge/ {
root /var/www/certbot;
}
}
} }
``` ```
- Run `sudo docker compose up` to generate SSL cert - Run `sudo docker compose up` to generate SSL cert
- There should be a new /certbot folder created at the project root, and the cert and key `.pem` files should be created at `/etc/letsencrypt/live` - There should be a new /certbot folder created at the project root, and the cert and key `.pem` files should be created at `/etc/letsencrypt/live`
- After this completes, stop the containers `ctrl+c` and overwrite the `automatisch_letsencrypt_nginx.conf` file with the `secondary_automatisch_letsencrypt_nginx.conf` file's contents which has the 443 https and SSL configs: `cp https/nginx/secondary_automatisch_letsencrypt_nginx.conf https/nginx/automatisch_letsencrypt_nginx.conf` - After this completes, stop the containers `ctrl+c` and overwrite the `automatisch_letsencrypt_nginx.conf` file with the `secondary_automatisch_letsencrypt_nginx.conf` file's contents which has the 443 https and SSL configs:
- `automatisch_letsencrypt_nginx.conf` should then look like this:
``` ```
nginx: cp https/nginx/secondary_automatisch_letsencrypt_nginx.conf https/nginx/automatisch_letsencrypt_nginx.conf
image: nginx:latest
depends_on:
- main
restart: unless-stopped
volumes:
- ./https/nginx/secondary_automatisch_letsencrypt_nginx.conf:/etc/nginx/conf.d/
- ./certbot/conf:/etc/letsencrypt
- ./certbot/www:/var/www/certbot
ports:
- ${PORT}:${PORT}
- 443:443
``` ```
- Add the HOST entries to `automatisch_letsencrypt_nginx.conf` and save before continuing: - Add the HOST entries again to `automatisch_letsencrypt_nginx.conf` and save before continuing:
``` ```
# nginx conf file to use after LetsEncrypt SSL certs have been created # nginx conf file to use after LetsEncrypt SSL certs have been created
# replace<HOSTNAME> with your DNS i.e.automatisch.lasthourhosting.org # replace <HOSTNAME> with your DNS i.e.automatisch.lasthourhosting.org
events {
worker_connections 1024; server {
}
http { # nginx http port
listen 80;
server { listen [::]:80;
listen 7757; server_name <HOSTNAME>;
server_name <HOSTNAME>;
location ~ /.well-known/acme-challenge/ { location ~ /.well-known/acme-challenge/ {
root /var/www/certbot; root /var/www/certbot;
}
return 301 https://$host$request_uri;
} }
server { return 301 https://$host$request_uri;
listen 443 ssl http2;
# use ssl letsencrypt certs
ssl_certificate /etc/letsencrypt/live/<HOSTNAME>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<HOSTNAME>/privkey.pem;
server_name <HOSTNAME>;
location / {
proxy_pass http://<HOSTNAME>:7757/;
}
location ~ /.well-known/acme-challenge/ {
root /var/www/certbot;
}
}
} }
server {
# nginx https port
listen 443 ssl http2;
listen [::]:443 ssl http2;
# use ssl letsencrypt certs
ssl_certificate /etc/letsencrypt/live/<HOSTNAME>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/<HOSTNAME>/privkey.pem;
server_name <HOSTNAME>;
location / {
# Forward to Automatisch site which is running on port 7757
proxy_pass http://main:7757/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
location ~ /.well-known/acme-challenge/ {
root /var/www/certbot;
}
}
``` ```
- Then rebuild the containers: `docker compose up -d`. After it is rebuilt we should be able to pull up Automatisch at (staging) `https://automatisch.lasthourhosting.org` with a valid cert - Then rebuild the containers: `docker compose up -d`. After it is rebuilt we should be able to pull up Automatisch at (staging) `https://automatisch.lasthourhosting.org` with a valid cert
## Cronjob for auto SSL Cert renewals ## Cronjob for auto SSL Cert renewals