refactor(NGINX): update letsencrypt integration

- actually create letsencrypt challenge directory - point default server-blocks to proper LE directory - fix access and error logging for LE requests - update server-block configuration comment headers
2021-01-07 10:16:24 -07:00 · 2021-01-07 10:16:24 -07:00 · 0609c680e0
parent 4901116443
commit 0609c680e0
3 changed files with 19 additions and 14 deletions
--- a/build/Dockerfile
+++ b/build/Dockerfile
@ -22,7 +22,8 @@ RUN apk --no-cache add libcap \
    && wget -O /tmp/errorpages.tar.gz https://git.asifbacchus.app/asif/fun-errorpages/archive/v1.0.tar.gz \
    && tar -xzf /tmp/errorpages.tar.gz -C /tmp \
    && mv /tmp/fun-errorpages/errorpages ./ \
-    && rm -rf /tmp/*
+    && rm -rf /tmp/* \
+    && mkdir /usr/share/nginx/letsencrypt

 # health check
 HEALTHCHECK --interval=60s --timeout=5s --start-period=30s --retries=3 \
--- a/build/sites/05-nonsecured.conf
+++ b/build/sites/05-nonsecured.conf
@ -1,24 +1,26 @@
-### UNsecured test page
+#
+# Default server block with LetsEncrypt support
+#

 server {
    listen 80;
    server_name default_server;

    location / {
-        try_files $uri $uri/ =404;        
+        try_files $uri $uri/ =404;
    }

    # process Let's Encrypt challenges
    location ^~ /.well-known/acme-challenge {
        # log requests for security reasons
-        access_log /var/log/nginx/LetsEncrypt_access.log main;
-        error_log /var/log/nginx/LetsEncrypt_error.log warn;
+        access_log /var/log/nginx/access.log main;
+        error_log /var/log/nginx/error.log warn;

        default_type text/plain;
-        root /LEChallenge;
+        root /usr/share/nginx/letsencrypt;
        autoindex on;
    }

    # error pages
    include /etc/nginx/errorpages.conf;
-}
+}
--- a/build/sites/05-secured.conf.disabled
+++ b/build/sites/05-secured.conf.disabled
@ -1,4 +1,6 @@
-### UNsecured test page
+#
+# Default SECURED server block with LetsEncrypt support
+#

 server {
    listen 80;
@ -8,15 +10,15 @@ server {
    location / {
        return 301 https://$host:<HTTPS_PORT>$request_uri;
    }
-    
+
    # process Let's Encrypt challenges
    location ^~ /.well-known/acme-challenge {
        # log requests for security reasons
-        access_log /var/log/nginx/LetsEncrypt_access.log main;
-        error_log /var/log/nginx/LetsEncrypt_error.log warn;
+        access_log /var/log/nginx/access.log main;
+        error_log /var/log/nginx/error.log warn;

        default_type text/plain;
-        root /LEChallenge;
+        root /usr/share/nginx/letsencrypt;
        autoindex on;
    }

@ -32,9 +34,9 @@ server {
    include /etc/nginx/ssl_certs.conf;

    location / {
-        try_files $uri $uri/ =404;        
+        try_files $uri $uri/ =404;
    }

    # error pages
    include /etc/nginx/errorpages.conf;
-}
+}