YunoHost/yunohost_demo
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost_demo.git synced 2024-09-03 19:56:44 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #11 from YunoHost/fixes

Browse source 
Fix no "ssl_certificate" is defined for the "listen ... ssl" directive
This commit is contained in:
yalh76 2022-10-08 01:08:22 +02:00 committed by GitHub
commit b9346ae4f2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 49 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

78
demo_lxc_build_init.sh
View file

@ -85,34 +85,6 @@ server {
access_log /var/log/nginx/$DOMAIN-access.log;
error_log /var/log/nginx/$DOMAIN-error.log;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name $DOMAIN;
# ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM;
add_header Strict-Transport-Security "max-age=31536000;";
location / {
proxy_pass https://$DOMAIN;
proxy_redirect off;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host \$server_name;
}
access_log /var/log/nginx/$DOMAIN-access.log;
error_log /var/log/nginx/$DOMAIN-error.log;
}
EOF
sudo service nginx reload
@ -158,7 +130,55 @@ sudo certbot certonly --config /etc/letsencrypt/conf.ini -d $DOMAIN --no-eff-ema
# sudo sed -i "s/#\tssl_certificate/\tssl_certificate/g" /etc/nginx/conf.d/$DOMAIN.conf
# Supprime les commentaires dans la conf nginx
sudo sed -i "s/^#//g" /etc/nginx/conf.d/$DOMAIN.conf
echo | sudo tee /etc/nginx/conf.d/$DOMAIN.conf <<EOF >> "$LOG_BUILD_LXC" 2>&1
#upstream $DOMAIN {
# server $IP_LXC1:443 ;
# server $IP_LXC2:443 ;
#}
server {
listen 80;
listen [::]:80;
server_name $DOMAIN;
location '/.well-known/acme-challenge' {
default_type "text/plain";
root /tmp/letsencrypt-auto;
}
access_log /var/log/nginx/$DOMAIN-access.log;
error_log /var/log/nginx/$DOMAIN-error.log;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name $DOMAIN;
ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM;
add_header Strict-Transport-Security "max-age=31536000;";
location / {
proxy_pass https://$DOMAIN;
proxy_redirect off;
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-Proto \$scheme;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host \$server_name;
}
access_log /var/log/nginx/$DOMAIN-access.log;
error_log /var/log/nginx/$DOMAIN-error.log;
}
EOF
sudo service nginx reload
echo -e "\e[1mLe serveur est prêt à déployer les conteneurs de demo.\e[0m"