refactor(NGINX): update letsencrypt integration
- actually create letsencrypt challenge directory - point default server-blocks to proper LE directory - fix access and error logging for LE requests - update server-block configuration comment headers
This commit is contained in:
parent
4901116443
commit
0609c680e0
@ -22,7 +22,8 @@ RUN apk --no-cache add libcap \
|
|||||||
&& wget -O /tmp/errorpages.tar.gz https://git.asifbacchus.app/asif/fun-errorpages/archive/v1.0.tar.gz \
|
&& wget -O /tmp/errorpages.tar.gz https://git.asifbacchus.app/asif/fun-errorpages/archive/v1.0.tar.gz \
|
||||||
&& tar -xzf /tmp/errorpages.tar.gz -C /tmp \
|
&& tar -xzf /tmp/errorpages.tar.gz -C /tmp \
|
||||||
&& mv /tmp/fun-errorpages/errorpages ./ \
|
&& mv /tmp/fun-errorpages/errorpages ./ \
|
||||||
&& rm -rf /tmp/*
|
&& rm -rf /tmp/* \
|
||||||
|
&& mkdir /usr/share/nginx/letsencrypt
|
||||||
|
|
||||||
# health check
|
# health check
|
||||||
HEALTHCHECK --interval=60s --timeout=5s --start-period=30s --retries=3 \
|
HEALTHCHECK --interval=60s --timeout=5s --start-period=30s --retries=3 \
|
||||||
|
@ -1,4 +1,6 @@
|
|||||||
### UNsecured test page
|
#
|
||||||
|
# Default server block with LetsEncrypt support
|
||||||
|
#
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
@ -11,11 +13,11 @@ server {
|
|||||||
# process Let's Encrypt challenges
|
# process Let's Encrypt challenges
|
||||||
location ^~ /.well-known/acme-challenge {
|
location ^~ /.well-known/acme-challenge {
|
||||||
# log requests for security reasons
|
# log requests for security reasons
|
||||||
access_log /var/log/nginx/LetsEncrypt_access.log main;
|
access_log /var/log/nginx/access.log main;
|
||||||
error_log /var/log/nginx/LetsEncrypt_error.log warn;
|
error_log /var/log/nginx/error.log warn;
|
||||||
|
|
||||||
default_type text/plain;
|
default_type text/plain;
|
||||||
root /LEChallenge;
|
root /usr/share/nginx/letsencrypt;
|
||||||
autoindex on;
|
autoindex on;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1,4 +1,6 @@
|
|||||||
### UNsecured test page
|
#
|
||||||
|
# Default SECURED server block with LetsEncrypt support
|
||||||
|
#
|
||||||
|
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
@ -12,11 +14,11 @@ server {
|
|||||||
# process Let's Encrypt challenges
|
# process Let's Encrypt challenges
|
||||||
location ^~ /.well-known/acme-challenge {
|
location ^~ /.well-known/acme-challenge {
|
||||||
# log requests for security reasons
|
# log requests for security reasons
|
||||||
access_log /var/log/nginx/LetsEncrypt_access.log main;
|
access_log /var/log/nginx/access.log main;
|
||||||
error_log /var/log/nginx/LetsEncrypt_error.log warn;
|
error_log /var/log/nginx/error.log warn;
|
||||||
|
|
||||||
default_type text/plain;
|
default_type text/plain;
|
||||||
root /LEChallenge;
|
root /usr/share/nginx/letsencrypt;
|
||||||
autoindex on;
|
autoindex on;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user