me/env-docker
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ReverseProxy Fixes, Nextcloud MariaDB Upgrade (#7)

Browse Source 
* Working on getting Reverse Proxy certs to work.

* Upgrade mariadb to 10.6.

* Checking if anything has missed a check in.

* Let's Encrypt is working now after moving the location directive to the conf.d files. Unsure why nginx.conf is not passing it along, so added it to the examples too.
This commit is contained in:
Hyperling
2023-07-21 22:23:46 -07:00
committed by GitHub
parent 3c46dfec01
commit 4c24c30526
9 changed files with 64 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
Config/ReverseProxy/config/conf.d/html.example.com
View File

@ -21,8 +21,15 @@ server {
listen 80;
server_name html.example.com;
location /.well-known/acme-challenge/ {
default_type "text/plain";
root /etc/nginx/letsencrypt/;
}
# Redirect to a more secure protocol.
return 301 https://$host$request_uri;
location / {
return 301 https://$host$request_uri;
}
}
@ -36,7 +43,14 @@ server {
ssl_certificate /etc/nginx/certs/html.example.com/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/html.example.com/privkey.pem;
location /.well-known/acme-challenge/ {
default_type "text/plain";
root /etc/nginx/letsencrypt/;
}
# Load the static web content.
root /etc/nginx/html/html.example.com;
location / {
root /etc/nginx/html/html.example.com;
}
}

14
Config/ReverseProxy/config/conf.d/proxy.example.com
View File

@ -21,8 +21,15 @@ server {
listen 80;
server_name proxy.example.com;
location /.well-known/acme-challenge/ {
default_type "text/plain";
root /etc/nginx/letsencrypt/;
}
# Redirect to a more secure protocol.
return 301 https://$host$request_uri;
location / {
return 301 https://$host$request_uri;
}
}
@ -36,6 +43,11 @@ server {
ssl_certificate /etc/nginx/certs/proxy.example.com/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/proxy.example.com/privkey.pem;
location /.well-known/acme-challenge/ {
default_type "text/plain";
root /etc/nginx/letsencrypt/;
}
# Send traffic to upstream server
location / {
## General format is PROTOCOL://SERVER:PORT. For example:

10
Config/ReverseProxy/config/nginx.conf
View File

@ -50,9 +50,12 @@ http {
## LetsEncrypt Certbot Setup ##
# Allow nginx to fulfill LetsEncrypt Certbot challenges.
# This is not working from here, but is working from the individual conf files for some reason.
# Have tried adding listen and server_name directives here with no change in functionality.
server {
location /.well-known/acme-challenge/ {
root /etc/nginx/letsencrypt;
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /etc/nginx/letsencrypt/;
}
}
@ -69,11 +72,10 @@ mail {
#include /etc/nginx/mail.conf.d/*;
}
# TBD, going live with HTTP first.
stream {
## Service Forwarding and Load Balancing ##
# If this supports the `listen` and `server_name` directives then this may
# be a better choice than mail{} since it will not require an auth server.
# It could also be useful as a frontend for ssh, databases, APIs, etc.
#include /etc/nginx/load.conf.d/*;
include /etc/nginx/load.conf.d/*;
}