Initial commit

TODO: change api.conf URL references to use environment variables and add these variables to the docker-compose configuration for host domain
2023-03-28 00:08:50 -07:00
parent 2d6d44b89f
commit 9f2473801c
82 changed files with 13974 additions and 1 deletions
--- a/nginx/conf/api.conf
+++ b/nginx/conf/api.conf
@@ -0,0 +1,40 @@
+server {
+  listen 9229;
+  listen [::]:9229;
+
+  server_name example.org;
+  server_tokens off;
+
+  location /.well-known/acme-challenge/ {
+    root /var/www/certbot;
+  }
+
+  location / {
+    # redirect to 9230
+    return 301 https://example.org:9230$request_uri;
+  }
+
+}
+
+server {
+  listen 9230 default_server ssl http2;
+  listen [::]:9230 ssl http2;
+
+  server_name example.org;
+  ssl_certificate /etc/nginx/ssl/live/example.org/fullchain.pem;
+  ssl_certificate_key /etc/nginx/ssl/live/example.org/privkey.pem;
+  location / {
+    # send to api container
+    proxy_pass http://api:3000;
+    proxy_set_header Host $host;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-Host $host;
+    proxy_set_header X-Forwarded-Port $server_port;
+    proxy_set_header X-Forwarded-Server $host;
+    proxy_set_header X-Forwarded-Uri $request_uri;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection "upgrade";
+  }
+}
--- a/nginx/conf/certmgmt.txt
+++ b/nginx/conf/certmgmt.txt
@@ -0,0 +1,9 @@
+# DRY RUN - ensure certificates CAN be created
+docker compose run --rm  certbot certonly --webroot --webroot-path /var/www/certbot/ --dry-run -d example.org
+
+# PROD RUN - generate certificates for the provided site
+docker compose run --rm  certbot certonly --webroot --webroot-path /var/www/certbot/ -d example.org
+
+
+# RENEW CERTIFICATES - run every 3 months
+docker compose run --rm certbot renew