me/env-docker
me/env-docker
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ReverseProxy Fixes, Nextcloud MariaDB Upgrade (#7)

Browse Source 
* Working on getting Reverse Proxy certs to work.

* Upgrade mariadb to 10.6.

* Checking if anything has missed a check in.

* Let's Encrypt is working now after moving the location directive to the conf.d files. Unsure why nginx.conf is not passing it along, so added it to the examples too.
This commit is contained in:
Hyperling 2023-07-21 22:23:46 -07:00 committed by GitHub
parent 3c46dfec01
commit 4c24c30526
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 64 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.gitignore vendored
View File

@ -8,9 +8,12 @@ Volumes/*
logs/* logs/*
# Ignore private reverse proxy configurations. # Ignore private reverse proxy configurations.
Config/ReverseProxy/config/conf.d/*.* Config/ReverseProxy/config/conf.d/*
Config/ReverseProxy/config/html/*.* Config/ReverseProxy/config/html/*
Config/ReverseProxy/config/hosts/*.* Config/ReverseProxy/config/hosts/*
Config/ReverseProxy/config/load.conf.d/*
Config/ReverseProxy/config/mail.conf.d/*
# Ignore MailServer Files # Ignore MailServer Files
Config/MailServer/setup.sh Config/MailServer/setup.sh

5
Config/Nextcloud/docker-compose.yml
View File

@ -2,11 +2,14 @@
# This is a revised version of the original work here: # This is a revised version of the original work here:
# https://hub.docker.com/_/nextcloud # https://hub.docker.com/_/nextcloud
# Changelog:
# 2023-07-16 Change from mariadb:10.5 to 10.6.
version: '2' version: '2'
services: services:
db: db:
image: mariadb:10.5 image: mariadb:10.6
restart: always restart: always
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
volumes: volumes:

2
Config/Nextcloud/fixes.sh
View File

@ -3,7 +3,7 @@
# Put fixes in a file so they do not need remembered. # Put fixes in a file so they do not need remembered.
docker exec -it nextcloud-app-1 apt update -y docker exec -it nextcloud-app-1 apt update -y
docker exec -it nextcloud-app-1 apt install -y sudo libmagickcore-6.q16-6-extra docker exec -it nextcloud-app-1 apt install -y sudo libmagickcore-6.q16-6-extra htop
# 2022-10-30 More additions after moving to Nextcloud version 25. # 2022-10-30 More additions after moving to Nextcloud version 25.
docker exec -itu www-data nextcloud-app-1 ./occ db:add-missing-columns docker exec -itu www-data nextcloud-app-1 ./occ db:add-missing-columns

7
Config/ReverseProxy/Dockerfile
View File

@ -10,7 +10,7 @@ RUN rm -rfv /etc/nginx/conf.d
# Add all the configuration files to the environment. # Add all the configuration files to the environment.
COPY ./config/nginx.conf /etc/nginx/nginx.conf COPY ./config/nginx.conf /etc/nginx/nginx.conf
COPY ./config/conf.d /etc/nginx/conf.d COPY ./config/conf.d /etc/nginx/conf.d
RUN rm -rfv /etc/nginx/nginx.conf/README* RUN rm -rfv /etc/nginx/conf.d/README*
## Hosted Sites ## ## Hosted Sites ##
# Clear old sites. # Clear old sites.
@ -24,3 +24,8 @@ RUN rm -rfv /etc/nginx/hosts
COPY ./config/hosts /etc/nginx/hosts COPY ./config/hosts /etc/nginx/hosts
RUN rm -rfv /etc/nginx/hosts/README* RUN rm -rfv /etc/nginx/hosts/README*
## Load Balancing and Host-Based Port Forwarding ##
RUN rm -rfv /etc/nginx/load.conf.d
COPY ./config/load.conf.d /etc/nginx/load.conf.d
RUN rm -rfv /etc/nginx/load.conf.d/README*

9
Config/ReverseProxy/README.md
View File

@ -23,6 +23,15 @@ How to first begin using this subproject.
# docker logs reverseproxy-app-1 # docker logs reverseproxy-app-1
# docker logs reverseproxy-certbot-1 # docker logs reverseproxy-certbot-1
``` ```
1. Create the real certificates.
```
# ./create_letsencrypt_certs.sh
```
1. Add a job to crontab for keeping the certs valid.
```
# crontab -e
X Y * * * docker exec reverseproxy-certbot-1 certbot renew
```
## DO NOT ## DO NOT
* Edit any configurations or website data inside the container. It is destroyed on each build. * Edit any configurations or website data inside the container. It is destroyed on each build.

18
Config/ReverseProxy/config/conf.d/html.example.com
View File

@ -21,8 +21,15 @@ server {
listen 80; listen 80;
server_name html.example.com; server_name html.example.com;
location /.well-known/acme-challenge/ {
default_type "text/plain";
root /etc/nginx/letsencrypt/;
}
# Redirect to a more secure protocol. # Redirect to a more secure protocol.
return 301 https://$host$request_uri; location / {
return 301 https://$host$request_uri;
}
} }
@ -36,7 +43,14 @@ server {
ssl_certificate /etc/nginx/certs/html.example.com/fullchain.pem; ssl_certificate /etc/nginx/certs/html.example.com/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/html.example.com/privkey.pem; ssl_certificate_key /etc/nginx/certs/html.example.com/privkey.pem;
location /.well-known/acme-challenge/ {
default_type "text/plain";
root /etc/nginx/letsencrypt/;
}
# Load the static web content. # Load the static web content.
root /etc/nginx/html/html.example.com; location / {
root /etc/nginx/html/html.example.com;
}
} }

14
Config/ReverseProxy/config/conf.d/proxy.example.com
View File

@ -21,8 +21,15 @@ server {
listen 80; listen 80;
server_name proxy.example.com; server_name proxy.example.com;
location /.well-known/acme-challenge/ {
default_type "text/plain";
root /etc/nginx/letsencrypt/;
}
# Redirect to a more secure protocol. # Redirect to a more secure protocol.
return 301 https://$host$request_uri; location / {
return 301 https://$host$request_uri;
}
} }
@ -36,6 +43,11 @@ server {
ssl_certificate /etc/nginx/certs/proxy.example.com/fullchain.pem; ssl_certificate /etc/nginx/certs/proxy.example.com/fullchain.pem;
ssl_certificate_key /etc/nginx/certs/proxy.example.com/privkey.pem; ssl_certificate_key /etc/nginx/certs/proxy.example.com/privkey.pem;
location /.well-known/acme-challenge/ {
default_type "text/plain";
root /etc/nginx/letsencrypt/;
}
# Send traffic to upstream server # Send traffic to upstream server
location / { location / {
## General format is PROTOCOL://SERVER:PORT. For example: ## General format is PROTOCOL://SERVER:PORT. For example:

10
Config/ReverseProxy/config/nginx.conf
View File

@ -50,9 +50,12 @@ http {
## LetsEncrypt Certbot Setup ## ## LetsEncrypt Certbot Setup ##
# Allow nginx to fulfill LetsEncrypt Certbot challenges. # Allow nginx to fulfill LetsEncrypt Certbot challenges.
# This is not working from here, but is working from the individual conf files for some reason.
# Have tried adding listen and server_name directives here with no change in functionality.
server { server {
location /.well-known/acme-challenge/ { location ^~ /.well-known/acme-challenge/ {
root /etc/nginx/letsencrypt; default_type "text/plain";
root /etc/nginx/letsencrypt/;
} }
} }
@ -69,11 +72,10 @@ mail {
#include /etc/nginx/mail.conf.d/*; #include /etc/nginx/mail.conf.d/*;
} }
# TBD, going live with HTTP first.
stream { stream {
## Service Forwarding and Load Balancing ## ## Service Forwarding and Load Balancing ##
# If this supports the `listen` and `server_name` directives then this may # If this supports the `listen` and `server_name` directives then this may
# be a better choice than mail{} since it will not require an auth server. # be a better choice than mail{} since it will not require an auth server.
# It could also be useful as a frontend for ssh, databases, APIs, etc. # It could also be useful as a frontend for ssh, databases, APIs, etc.
#include /etc/nginx/load.conf.d/*; include /etc/nginx/load.conf.d/*;
} }

6
Config/ReverseProxy/create_letsencrypt_certs.sh
View File

@ -59,7 +59,7 @@ ls $DIR/config/conf.d/*.* | while read file; do
echo "*** Checking $filename ***" echo "*** Checking $filename ***"
if [[ -d $CERT_DIR/$filename ]]; then if [[ -d $CERT_DIR/$filename ]]; then
echo "Getting the domains which need the cert." echo "Getting the domains which need the cert."
domains=`grep server_name $file` domains=`grep -v '$server_name' $file | grep server_name`
# Clean up the data by removing the directive and semi-colon, changing # Clean up the data by removing the directive and semi-colon, changing
# spaces to commas, and making sure there are no gaps. # spaces to commas, and making sure there are no gaps.
@ -70,8 +70,8 @@ ls $DIR/config/conf.d/*.* | while read file; do
echo "Domains='$domains'" echo "Domains='$domains'"
echo "Attempting to create real certs at $CERT_DIR/$filename." echo "Attempting to create real certs at $CERT_DIR/$filename."
docker exec reverseproxy-certbot-1 certbot certonly -n --standalone \ docker exec reverseproxy-certbot-1 certbot certonly -n --webroot \
--agree-tos -m $email -d $filename -w /etc/letsencrypt --agree-tos -m $email -d $filename
ls -lh $CERT_DIR/$filename/* ls -lh $CERT_DIR/$filename/*
else else