From 8bc1f100f3d69534150f2158c02b8fed55e37c27 Mon Sep 17 00:00:00 2001 From: marcel-dempers Date: Fri, 4 Sep 2020 14:11:53 +1000 Subject: [PATCH] wip --- .../letsencrypt/introduction/certs/readme.txt | 1 + security/letsencrypt/introduction/nginx.conf | 31 ++++++++----- security/letsencrypt/readme.md | 44 ++++++++++++++++++- 3 files changed, 65 insertions(+), 11 deletions(-) create mode 100644 security/letsencrypt/introduction/certs/readme.txt diff --git a/security/letsencrypt/introduction/certs/readme.txt b/security/letsencrypt/introduction/certs/readme.txt new file mode 100644 index 0000000..4ce209e --- /dev/null +++ b/security/letsencrypt/introduction/certs/readme.txt @@ -0,0 +1 @@ +certs will be generated here \ No newline at end of file diff --git a/security/letsencrypt/introduction/nginx.conf b/security/letsencrypt/introduction/nginx.conf index 7ae4cfe..ef5d162 100644 --- a/security/letsencrypt/introduction/nginx.conf +++ b/security/letsencrypt/introduction/nginx.conf @@ -24,20 +24,31 @@ http { server { listen 80; - if ($request_uri ~* "([^/]*$)" ) { - set $last_path_component $1; - } - location /.well-known/acme-challenge/ { - root /letsencrypt/; - try_files $last_path_component $uri/ =404; + root /letsencrypt/; } location / { - gzip off; - root /usr/share/nginx/html/; - index index.html; - } + gzip off; + root /usr/share/nginx/html/; + index index.html; + } + + } + + server { + listen 443 ssl default_server; + listen [::]:443 ssl default_server ; + server_name marcel.guru; + ssl_certificate /etc/letsencrypt/live/marcel.guru/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/marcel.guru/privkey.pem; + root /usr/share/nginx/html/; + + location / { + gzip off; + root /usr/share/nginx/html/; + index index.html; + } } diff --git a/security/letsencrypt/readme.md b/security/letsencrypt/readme.md index 9f30e3e..76751cd 100644 --- a/security/letsencrypt/readme.md +++ b/security/letsencrypt/readme.md @@ -5,6 +5,48 @@ docker run -it -v ${PWD}:/work -w /work nginx bash ``` ``` -docker run -it -v ${PWD}/nginx.conf:/etc/nginx/nginx.conf -p 80:80 nginx +docker run -it --rm --name nginx -v ${PWD}/nginx.conf:/etc/nginx/nginx.conf ` +-v ${PWD}:/letsencrypt ` +-v ${PWD}/certs:/etc/letsencrypt ` +-p 80:80 ` +-p 443:443 ` +nginx + ``` + +``` +docker build . -t certbot + +docker run -it --rm --name certbot ` +-v ${PWD}:/letsencrypt ` +-v ${PWD}/certs:/etc/letsencrypt ` +certbot bash + +certbot certonly --webroot +``` + + +``` +IMPORTANT NOTES: + - Congratulations! Your certificate and chain have been saved at: + /etc/letsencrypt/live/marcel.guru/fullchain.pem + Your key file has been saved at: + /etc/letsencrypt/live/marcel.guru/privkey.pem + Your cert will expire on 2020-12-03. To obtain a new or tweaked + version of this certificate in the future, simply run certbot + again. To non-interactively renew *all* of your certificates, run + "certbot renew" + - Your account credentials have been saved in your Certbot + configuration directory at /etc/letsencrypt. You should make a + secure backup of this folder now. This configuration directory will + also contain certificates and private keys obtained by Certbot so + making regular backups of this folder is ideal. + - If you like Certbot, please consider supporting our work by: + + Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate + Donating to EFF: https://eff.org/donate-le + +``` + +