wip

2025-06-04 16:56:56 +00:00 · 2020-09-04 14:11:53 +10:00 · 2020-09-04 14:11:53 +10:00 · 8bc1f100f3
commit 8bc1f100f3
parent 23cbd8cf83
3 changed files with 65 additions and 11 deletions
--- a/security/letsencrypt/introduction/certs/readme.txt
+++ b/security/letsencrypt/introduction/certs/readme.txt
@ -0,0 +1 @@
+certs will be generated here
--- a/security/letsencrypt/introduction/nginx.conf
+++ b/security/letsencrypt/introduction/nginx.conf
@ -24,20 +24,31 @@ http {
    server {
      listen 80;

-      if ($request_uri ~* "([^/]*$)" ) {
-        set  $last_path_component  $1;
-      }
-
      location /.well-known/acme-challenge/ {
-            root /letsencrypt/;
-            try_files $last_path_component $uri/ =404;
+        root /letsencrypt/;
      }

      location / {
-            gzip off;
-            root /usr/share/nginx/html/;
-            index  index.html;
-        }
+        gzip off;
+        root /usr/share/nginx/html/;
+        index  index.html;
+      }
+
+    }
+
+    server {
+      listen 443 ssl default_server;
+      listen [::]:443 ssl default_server ;
+      server_name marcel.guru;
+      ssl_certificate /etc/letsencrypt/live/marcel.guru/fullchain.pem;
+      ssl_certificate_key /etc/letsencrypt/live/marcel.guru/privkey.pem;
+      root /usr/share/nginx/html/;
+
+      location / {
+        gzip off;
+        root /usr/share/nginx/html/;
+        index  index.html;
+      }

    }
   
--- a/security/letsencrypt/readme.md
+++ b/security/letsencrypt/readme.md
@ -5,6 +5,48 @@ docker run -it -v ${PWD}:/work -w /work nginx bash
 ```

 ```
-docker run -it -v ${PWD}/nginx.conf:/etc/nginx/nginx.conf -p 80:80 nginx
+docker run -it --rm --name nginx -v ${PWD}/nginx.conf:/etc/nginx/nginx.conf `
+-v ${PWD}:/letsencrypt `
+-v ${PWD}/certs:/etc/letsencrypt `
+-p 80:80 `
+-p 443:443 `
+nginx
+
 ```

+
+```
+docker build . -t certbot
+
+docker run -it --rm --name certbot `
+-v ${PWD}:/letsencrypt `
+-v ${PWD}/certs:/etc/letsencrypt `
+certbot bash
+
+certbot certonly --webroot
+```
+
+
+```
+IMPORTANT NOTES:
+ - Congratulations! Your certificate and chain have been saved at:
+   /etc/letsencrypt/live/marcel.guru/fullchain.pem
+   Your key file has been saved at:
+   /etc/letsencrypt/live/marcel.guru/privkey.pem
+   Your cert will expire on 2020-12-03. To obtain a new or tweaked
+   version of this certificate in the future, simply run certbot
+   again. To non-interactively renew *all* of your certificates, run
+   "certbot renew"
+ - Your account credentials have been saved in your Certbot
+   configuration directory at /etc/letsencrypt. You should make a
+   secure backup of this folder now. This configuration directory will
+   also contain certificates and private keys obtained by Certbot so
+   making regular backups of this folder is ideal.
+ - If you like Certbot, please consider supporting our work by:
+
+   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
+   Donating to EFF:                    https://eff.org/donate-le
+
+```
+
+