commit
73a3745cc3
|
@ -0,0 +1,8 @@
|
|||
FROM phusion/baseimage:latest
|
||||
|
||||
COPY run-certbot.sh /root/certbot/run-certbot.sh
|
||||
|
||||
RUN apt-get update
|
||||
RUN apt-get install -y letsencrypt
|
||||
|
||||
ENTRYPOINT bash -c "bash /root/certbot/run-certbot.sh && sleep infinity"
|
|
@ -0,0 +1,6 @@
|
|||
#!/bin/bash
|
||||
|
||||
letsencrypt certonly --webroot -w /var/www/letsencrypt -d "$CN" --agree-tos --email "$EMAIL" --non-interactive --text
|
||||
|
||||
cp /etc/letsencrypt/archive/"$CN"/cert1.pem /var/certs/cert1.pem
|
||||
cp /etc/letsencrypt/archive/"$CN"/privkey1.pem /var/certs/privkey1.pem
|
|
@ -343,6 +343,18 @@ services:
|
|||
- "9300:9300"
|
||||
links:
|
||||
- php-fpm
|
||||
|
||||
### Certbot Container ##################################
|
||||
|
||||
certbot:
|
||||
build:
|
||||
context: ./certbot
|
||||
volumes:
|
||||
- ./data/certbot/certs/:/var/certs
|
||||
- ./certbot/letsencrypt/:/var/www/letsencrypt
|
||||
environment:
|
||||
CN: "fake.domain.com"
|
||||
EMAIL: "fake.email@gmail.com"
|
||||
|
||||
### Mailhog Container #########################################
|
||||
|
||||
|
|
|
@ -23,6 +23,10 @@ http {
|
|||
error_log /var/log/nginx/error.log;
|
||||
gzip on;
|
||||
gzip_disable "msie6";
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-available/*;
|
||||
open_file_cache off; # Disabled for issue 619
|
||||
|
|
|
@ -24,6 +24,11 @@ server {
|
|||
location ~ /\.ht {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location /.well-known/acme-challenge/ {
|
||||
root /var/www/letsencrypt/;
|
||||
log_not_found off;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
|
|
@ -0,0 +1,30 @@
|
|||
server {
|
||||
|
||||
listen 443 default_server;
|
||||
listen [::]:443 default_server ipv6only=on;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /var/certs/cert1.pem;
|
||||
ssl_certificate_key /var/certs/privkey1.pem;
|
||||
|
||||
server_name laravel;
|
||||
root /var/www/laravel/public;
|
||||
index index.php index.html index.htm;
|
||||
|
||||
location / {
|
||||
try_files $uri $uri/ /index.php$is_args$args;
|
||||
}
|
||||
|
||||
location ~ \.php$ {
|
||||
try_files $uri /index.php =404;
|
||||
fastcgi_pass php-upstream;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
|
||||
include fastcgi_params;
|
||||
}
|
||||
|
||||
location ~ /\.ht {
|
||||
deny all;
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in New Issue