refactor(NGINX): update letsencrypt integration

- actually create letsencrypt challenge directory
- point default server-blocks to proper LE directory
- fix access and error logging for LE requests
- update server-block configuration comment headers
This commit is contained in:
Asif Bacchus 2021-01-07 10:16:24 -07:00
parent 4901116443
commit 0609c680e0
3 changed files with 19 additions and 14 deletions

View File

@ -22,7 +22,8 @@ RUN apk --no-cache add libcap \
&& wget -O /tmp/errorpages.tar.gz https://git.asifbacchus.app/asif/fun-errorpages/archive/v1.0.tar.gz \ && wget -O /tmp/errorpages.tar.gz https://git.asifbacchus.app/asif/fun-errorpages/archive/v1.0.tar.gz \
&& tar -xzf /tmp/errorpages.tar.gz -C /tmp \ && tar -xzf /tmp/errorpages.tar.gz -C /tmp \
&& mv /tmp/fun-errorpages/errorpages ./ \ && mv /tmp/fun-errorpages/errorpages ./ \
&& rm -rf /tmp/* && rm -rf /tmp/* \
&& mkdir /usr/share/nginx/letsencrypt
# health check # health check
HEALTHCHECK --interval=60s --timeout=5s --start-period=30s --retries=3 \ HEALTHCHECK --interval=60s --timeout=5s --start-period=30s --retries=3 \

View File

@ -1,4 +1,6 @@
### UNsecured test page #
# Default server block with LetsEncrypt support
#
server { server {
listen 80; listen 80;
@ -11,11 +13,11 @@ server {
# process Let's Encrypt challenges # process Let's Encrypt challenges
location ^~ /.well-known/acme-challenge { location ^~ /.well-known/acme-challenge {
# log requests for security reasons # log requests for security reasons
access_log /var/log/nginx/LetsEncrypt_access.log main; access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/LetsEncrypt_error.log warn; error_log /var/log/nginx/error.log warn;
default_type text/plain; default_type text/plain;
root /LEChallenge; root /usr/share/nginx/letsencrypt;
autoindex on; autoindex on;
} }

View File

@ -1,4 +1,6 @@
### UNsecured test page #
# Default SECURED server block with LetsEncrypt support
#
server { server {
listen 80; listen 80;
@ -12,11 +14,11 @@ server {
# process Let's Encrypt challenges # process Let's Encrypt challenges
location ^~ /.well-known/acme-challenge { location ^~ /.well-known/acme-challenge {
# log requests for security reasons # log requests for security reasons
access_log /var/log/nginx/LetsEncrypt_access.log main; access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/LetsEncrypt_error.log warn; error_log /var/log/nginx/error.log warn;
default_type text/plain; default_type text/plain;
root /LEChallenge; root /usr/share/nginx/letsencrypt;
autoindex on; autoindex on;
} }