From 0609c680e0c58b825cc2acce1d178c6798cf4387 Mon Sep 17 00:00:00 2001 From: Asif Bacchus Date: Thu, 7 Jan 2021 10:16:24 -0700 Subject: [PATCH] refactor(NGINX): update letsencrypt integration - actually create letsencrypt challenge directory - point default server-blocks to proper LE directory - fix access and error logging for LE requests - update server-block configuration comment headers --- build/Dockerfile | 3 ++- build/sites/05-nonsecured.conf | 14 ++++++++------ build/sites/05-secured.conf.disabled | 16 +++++++++------- 3 files changed, 19 insertions(+), 14 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index 04799c1..626fea1 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -22,7 +22,8 @@ RUN apk --no-cache add libcap \ && wget -O /tmp/errorpages.tar.gz https://git.asifbacchus.app/asif/fun-errorpages/archive/v1.0.tar.gz \ && tar -xzf /tmp/errorpages.tar.gz -C /tmp \ && mv /tmp/fun-errorpages/errorpages ./ \ - && rm -rf /tmp/* + && rm -rf /tmp/* \ + && mkdir /usr/share/nginx/letsencrypt # health check HEALTHCHECK --interval=60s --timeout=5s --start-period=30s --retries=3 \ diff --git a/build/sites/05-nonsecured.conf b/build/sites/05-nonsecured.conf index 345b155..e0925d0 100644 --- a/build/sites/05-nonsecured.conf +++ b/build/sites/05-nonsecured.conf @@ -1,24 +1,26 @@ -### UNsecured test page +# +# Default server block with LetsEncrypt support +# server { listen 80; server_name default_server; location / { - try_files $uri $uri/ =404; + try_files $uri $uri/ =404; } # process Let's Encrypt challenges location ^~ /.well-known/acme-challenge { # log requests for security reasons - access_log /var/log/nginx/LetsEncrypt_access.log main; - error_log /var/log/nginx/LetsEncrypt_error.log warn; + access_log /var/log/nginx/access.log main; + error_log /var/log/nginx/error.log warn; default_type text/plain; - root /LEChallenge; + root /usr/share/nginx/letsencrypt; autoindex on; } # error pages include /etc/nginx/errorpages.conf; -} +} \ No newline at end of file diff --git a/build/sites/05-secured.conf.disabled b/build/sites/05-secured.conf.disabled index 24a4665..5e73166 100644 --- a/build/sites/05-secured.conf.disabled +++ b/build/sites/05-secured.conf.disabled @@ -1,4 +1,6 @@ -### UNsecured test page +# +# Default SECURED server block with LetsEncrypt support +# server { listen 80; @@ -8,15 +10,15 @@ server { location / { return 301 https://$host:$request_uri; } - + # process Let's Encrypt challenges location ^~ /.well-known/acme-challenge { # log requests for security reasons - access_log /var/log/nginx/LetsEncrypt_access.log main; - error_log /var/log/nginx/LetsEncrypt_error.log warn; + access_log /var/log/nginx/access.log main; + error_log /var/log/nginx/error.log warn; default_type text/plain; - root /LEChallenge; + root /usr/share/nginx/letsencrypt; autoindex on; } @@ -32,9 +34,9 @@ server { include /etc/nginx/ssl_certs.conf; location / { - try_files $uri $uri/ =404; + try_files $uri $uri/ =404; } # error pages include /etc/nginx/errorpages.conf; -} +} \ No newline at end of file