From bf2bcf78ea01a33c9ad0ea8b0a24c0892e8edc7d Mon Sep 17 00:00:00 2001 From: Hyperling Date: Wed, 5 Jul 2023 20:54:53 -0700 Subject: [PATCH] Begin adding LetsEncrypt. Project runs successfully but still has a slight chicken and egg issue if certs are not copied from another server. --- Config/ReverseProxy/Dockerfile | 2 +- Config/ReverseProxy/config/nginx.conf | 31 +++++++++++++++++--------- Config/ReverseProxy/docker-compose.yml | 18 +++++++++++---- 3 files changed, 35 insertions(+), 16 deletions(-) diff --git a/Config/ReverseProxy/Dockerfile b/Config/ReverseProxy/Dockerfile index c90904b..8da69da 100644 --- a/Config/ReverseProxy/Dockerfile +++ b/Config/ReverseProxy/Dockerfile @@ -6,7 +6,7 @@ FROM nginx # Add all the configuration files to the environment. COPY ./config/nginx.conf /etc/nginx/nginx.conf -COPY ./config/conf.d/* /etc/nginx/conf.d/ +COPY ./config/conf.d/*.* /etc/nginx/conf.d/ # Create "working" certificates for the example configuration file. RUN mkdir -p /etc/nginx/certs/example.com diff --git a/Config/ReverseProxy/config/nginx.conf b/Config/ReverseProxy/config/nginx.conf index 838c81b..3ca84e2 100644 --- a/Config/ReverseProxy/config/nginx.conf +++ b/Config/ReverseProxy/config/nginx.conf @@ -1,20 +1,20 @@ # 2022-10-05 Hyperling -user nginx; -worker_processes auto; - -error_log /var/log/nginx/error.log notice; -pid /var/run/nginx.pid; +user nginx; +worker_processes auto; +error_log /var/log/nginx/error.log notice; +pid /var/run/nginx.pid; events { - worker_connections 1024; + worker_connections 1024; } + http { - include /etc/nginx/mime.types; - default_type application/octet-stream; + include /etc/nginx/mime.types; + default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' @@ -22,12 +22,21 @@ http { access_log /var/log/nginx/access.log main; - sendfile on; - #tcp_nopush on; + sendfile on; + #tcp_nopush on; keepalive_timeout 65; - #gzip on; + #gzip on; + ## LetsEncrypt Certbot Setup ## + # Allow nginx to fulfill LetsEncrypt Certbot challenges. + server { + location /.well-known/acme-challenge/ { + root /etc/nginx/certs-letsencrypt; + } + } + + ## Reverse Proxied Website Configurations ## include /etc/nginx/conf.d/*; } diff --git a/Config/ReverseProxy/docker-compose.yml b/Config/ReverseProxy/docker-compose.yml index 79f542d..f19a990 100644 --- a/Config/ReverseProxy/docker-compose.yml +++ b/Config/ReverseProxy/docker-compose.yml @@ -1,8 +1,9 @@ # 2022-10-05 Hyperling -# Reverse Proxy -# This is a revised version of the original work here: +# Reverse Proxy with LetsEncrypt Certbot. +# This is a revised version of these works: # https://phoenixnap.com/kb/docker-nginx-reverse-proxy # https://www.docker.com/blog/how-to-use-the-official-nginx-docker-image/ +# https://pentacent.medium.com/nginx-and-lets-encrypt-with-docker-in-less-than-5-minutes-b4b8a60d3a71 version: '3' @@ -11,5 +12,14 @@ services: build: . restart: always ports: - - 80:80 - - 443:443 + - "80:80" + - "443:443" + volumes: + - ../../Volumes/ReverseProxy/letsencrypt-certs:/etc/nginx/certs-letsencrypt + command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'" + certbot: + image: certbot/certbot + volumes: + - ../../Volumes/ReverseProxy/letsencrypt-etc:/etc/letsencrypt + - ../../Volumes/ReverseProxy/letsencrypt-certs:/var/www/certbot + entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"