Shiloh/shiloh_automatisch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Production HTTPS Setup

Linden Crandall 2025-02-07 18:49:04 +00:00
parent 3da66339c9
commit cad33daa5f
1 changed files with 26 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
Production-HTTPS-Setup.md

@ -8,7 +8,7 @@
- main - main
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- ./https/nginx/automatisch_letsencrypt_nginx.conf:/etc/nginx/conf.d/ - ./https/nginx/initial_automatisch_letsencrypt_nginx.conf:/etc/nginx/conf.d/
- ./certbot/conf:/etc/letsencrypt - ./certbot/conf:/etc/letsencrypt
- ./certbot/www:/var/www/certbot - ./certbot/www:/var/www/certbot
ports: ports:
@ -47,8 +47,27 @@ SSL_CERT_EMAIL=support@shilohcode.com
``` ```
- Run `sudo docker compose up` to generate SSL cert - Run `sudo docker compose up` to generate SSL cert
- There should be a new /certbot folder created at the project root, and the cert and key `.pem` files should be created at `/etc/letsencrypt/live` - There should be a new /certbot folder created at the project root, and the cert and key `.pem` files should be created at `/etc/letsencrypt/live`
- After this completes, stop the containers `ctrl+c` and edit the `/https/nginx/automatisch_letsencrypt_nginx.conf` file to use the new SSL certs. Copy the configs in `/https/nginx/temp.conf` and overwrite `/https/nginx/automatisch_letsencrypt_nginx.conf`. It should look like this (using staging as an example): - After this completes, stop the containers `ctrl+c` and change the `nginx` service's `initial_automatisch_letsencrypt_nginx.conf` volume to `secondary_automatisch_letsencrypt_nginx.conf` which has the nginx configs for https/SSL:
``` ```
nginx:
image: nginx:latest
depends_on:
- main
restart: unless-stopped
volumes:
- ./https/nginx/initial_automatisch_letsencrypt_nginx.conf:/etc/nginx/conf.d/
- ./certbot/conf:/etc/letsencrypt
- ./certbot/www:/var/www/certbot
ports:
- ${PORT}:${PORT}
- 443:443
```
- secondary_automatisch_letsencrypt_nginx.conf:
```
# nginx conf file to use after LetsEncrypt SSL certs have been created
# replace<HOSTNAME> with your DNS i.e.automatisch.lasthourhosting.org
events { events {
worker_connections 1024; worker_connections 1024;
} }
@ -57,7 +76,7 @@ http {
server { server {
listen 7757; listen 7757;
server_name automatisch.lasthourhosting.org; server_name <HOSTNAME>;
location ~ /.well-known/acme-challenge/ { location ~ /.well-known/acme-challenge/ {
root /var/www/certbot; root /var/www/certbot;
@ -69,13 +88,13 @@ http {
server { server {
listen 443 ssl http2; listen 443 ssl http2;
# use ssl letsencrypt certs # use ssl letsencrypt certs
ssl_certificate /etc/letsencrypt/live/automatisch.lasthourhosting.org/fullchain.pem; ssl_certificate /etc/letsencrypt/live/<HOSTNAME>/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/automatisch.lasthourhosting.org/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/<HOSTNAME>/privkey.pem;
server_name automatisch.lasthourhosting.org; server_name <HOSTNAME>;
location / { location / {
proxy_pass http://automatisch.lasthourhosting.org:7757/; proxy_pass http://<HOSTNAME>:7757/;
} }
location ~ /.well-known/acme-challenge/ { location ~ /.well-known/acme-challenge/ {