Projekt

Obecné

Profil

« Předchozí | Další » 

Revize 43cc50af

Přidáno uživatelem Tomáš Ballák před asi 4 roky(ů)

redirect to https only + fix renew script and sites ...

Zobrazit rozdíly:

docker-compose-prod.yml
7 7 
              ports:
8 8 
                     - "443:443"
9 9 
              volumes:
10 
                     - /acme:/root/.acme.sh/heatmap.zcu.cz
10 11 
                     - /etc/certificate:/certificate
11 
                     - ./docker/nginx/sites-dev:/etc/nginx/sites-available
12 
                     - ./docker/nginx/sites:/etc/nginx/sites-available
12 13 
                     - /acme-challenge:/var/www/symfony/public/.well-known/acme-challenge/
13 14 
       crawler:
14 15 
              volumes:
docker/nginx/sites/default.conf
4 4 
    listen [::]:80 default_server ipv6only=on;
5 5 

  		




  6
  6
  
    
    server_name heatmap.zcu.cz www.heatmap.zcu.cz;


  		




  7
  
  
    
    ssl_certificate /certificate/key.pem;


  		




  8
  
  
    
    ssl_certificate_key /certificate/cert.pem;


  		




  
  7
  
    
    ssl_certificate /certificate/cert.pem;


  		




  
  8
  
    
    ssl_certificate_key /certificate/key.pem;


  		




  9
  9
  
    

  		




  10
  10
  
    
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;


  		




  11
  11
  
    
    ssl_prefer_server_ciphers on;


  		




  ......




  34
  34
  
    
        deny all;


  		




  35
  35
  
    
    }


  		




  36
  36
  
    
}


  		




  
  37
  
    
server {


  		




  
  38
  
    
    listen 80 ;


  		




  
  39
  
    
    listen [::]:80;


  		




  
  40
  
    
    server_name heatmap.zcu.cz www.heatmap.zcu.cz;


  		




  
  41
  
    

  		




  
  42
  
    
    # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.


  		




  
  43
  
    
    return 301 https://$host$request_uri;


  		




  
  44
  
    
}


  		












  

    
      scripts/renew_certificate.sh
    
  





  6
  6
  
    
if [ "$1" = "new" ]; then


  		




  7
  7
  
    
    docker-compose exec nginx /bin/sh -c "


  		




  8
  8
  
    
    cd /root/.acme.sh; \


  		




  9
  
  
    
    bash acme.sh  --issue  -d www.heatmap.zcu.cz  --nginx /etc/nginx/sites-available/default.conf --debug 2; \


  		




  
  9
  
    
    bash acme.sh  --issue  -d heatmap.zcu.cz  --nginx /etc/nginx/sites-available/default.conf --debug 2; \


  		




  10
  10
  
    
    bash acme.sh --installcert -d heatmap.zcu.cz \


  		




  11
  11
  
    
    --key-file /certificate/key.pem \


  		




  12
  12
  
    
    --fullchain-file /certificate/cert.pem \


  		




  13
  13
  
    
    --reloadcmd 'bash /etc/init.d/nginx reload';


  		




  14
  14
  
    
    ";


  		




  15
  15
  
    
else


  		




  16
  
  
    
    docker-compose exec nginx /bin/sh -c "acme.sh --renew -d heatmap.zcu.cz";


  		




  
  16
  
    
    docker-compose exec nginx /bin/sh -c "cd root/.acme.sh && bash acme.sh --renew -d heatmap.zcu.cz";


  		




  17
  17
  
    
fi


  		












Také k dispozici:  Unified diff