From 64ac70f1d6f1c5ee269ff907b581841821314eb9 Mon Sep 17 00:00:00 2001 From: Wojciech Kozlowski Date: Sun, 15 Dec 2019 10:58:56 +0000 Subject: [PATCH] Regenerate certificates without wiki --- .../cloud.wojciechkozlowski.eu.conf | 4 +++ .../gitlab.wojciechkozlowski.eu.conf | 4 +++ .../registry.wojciechkozlowski.eu.conf | 4 +++ .../wiki.wojciechkozlowski.eu.conf | 9 ------ proxy/nginx-conf.d/wojciechkozlowski.eu.conf | 28 ++++++++++++++++++- proxy/nginx.conf | 12 ++------ 6 files changed, 41 insertions(+), 20 deletions(-) delete mode 100644 proxy/nginx-conf.d/wiki.wojciechkozlowski.eu.conf diff --git a/proxy/nginx-conf.d/cloud.wojciechkozlowski.eu.conf b/proxy/nginx-conf.d/cloud.wojciechkozlowski.eu.conf index 31d9903..a1520c8 100644 --- a/proxy/nginx-conf.d/cloud.wojciechkozlowski.eu.conf +++ b/proxy/nginx-conf.d/cloud.wojciechkozlowski.eu.conf @@ -16,6 +16,10 @@ server { listen 443 ssl; server_name cloud.wojciechkozlowski.eu; + ssl_certificate /etc/letsencrypt/live/cloud.wojciechkozlowski.eu/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/cloud.wojciechkozlowski.eu/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/cloud.wojciechkozlowski.eu/chain.pem; + client_max_body_size 10G; # 0=unlimited - set max upload size location / { diff --git a/proxy/nginx-conf.d/gitlab.wojciechkozlowski.eu.conf b/proxy/nginx-conf.d/gitlab.wojciechkozlowski.eu.conf index 7bc3090..7a59bd8 100644 --- a/proxy/nginx-conf.d/gitlab.wojciechkozlowski.eu.conf +++ b/proxy/nginx-conf.d/gitlab.wojciechkozlowski.eu.conf @@ -16,6 +16,10 @@ server { listen 443 ssl; server_name gitlab.wojciechkozlowski.eu; + ssl_certificate /etc/letsencrypt/live/gitlab.wojciechkozlowski.eu/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/gitlab.wojciechkozlowski.eu/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/gitlab.wojciechkozlowski.eu/chain.pem; + client_max_body_size 10G; # 0=unlimited - set max upload size location / { diff --git a/proxy/nginx-conf.d/registry.wojciechkozlowski.eu.conf b/proxy/nginx-conf.d/registry.wojciechkozlowski.eu.conf index 343e807..fe018e2 100644 --- a/proxy/nginx-conf.d/registry.wojciechkozlowski.eu.conf +++ b/proxy/nginx-conf.d/registry.wojciechkozlowski.eu.conf @@ -16,6 +16,10 @@ server { listen 443 ssl; server_name registry.wojciechkozlowski.eu; + ssl_certificate /etc/letsencrypt/live/registry.wojciechkozlowski.eu/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/registry.wojciechkozlowski.eu/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/registry.wojciechkozlowski.eu/chain.pem; + client_max_body_size 10G; # 0=unlimited - set max upload size location / { diff --git a/proxy/nginx-conf.d/wiki.wojciechkozlowski.eu.conf b/proxy/nginx-conf.d/wiki.wojciechkozlowski.eu.conf deleted file mode 100644 index 736f065..0000000 --- a/proxy/nginx-conf.d/wiki.wojciechkozlowski.eu.conf +++ /dev/null @@ -1,9 +0,0 @@ -server { - listen 80; - server_name wiki.wojciechkozlowski.eu; - - location ^~ /.well-known { - allow all; - root /var/www/html; - } -} diff --git a/proxy/nginx-conf.d/wojciechkozlowski.eu.conf b/proxy/nginx-conf.d/wojciechkozlowski.eu.conf index 3ea1296..d70dc58 100644 --- a/proxy/nginx-conf.d/wojciechkozlowski.eu.conf +++ b/proxy/nginx-conf.d/wojciechkozlowski.eu.conf @@ -14,7 +14,33 @@ server { server { listen 443 ssl; - server_name wojciechkozlowski.eu www.wojciechkozlowski.eu; + server_name wojciechkozlowski.eu; + + ssl_certificate /etc/letsencrypt/live/wojciechkozlowski.eu/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/wojciechkozlowski.eu/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/wojciechkozlowski.eu/chain.pem; + + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $remote_addr; + proxy_set_header Host $host; + proxy_pass http://html; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + +} + +server { + listen 443 ssl; + server_name www.wojciechkozlowski.eu; + + ssl_certificate /etc/letsencrypt/live/www.wojciechkozlowski.eu/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/www.wojciechkozlowski.eu/privkey.pem; + ssl_trusted_certificate /etc/letsencrypt/live/www.wojciechkozlowski.eu/chain.pem; location / { proxy_set_header X-Real-IP $remote_addr; diff --git a/proxy/nginx.conf b/proxy/nginx.conf index d1f255b..f16deb1 100644 --- a/proxy/nginx.conf +++ b/proxy/nginx.conf @@ -25,26 +25,18 @@ http { #gzip on; - ssl_certificate /etc/letsencrypt/live/wojciechkozlowski.eu/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/wojciechkozlowski.eu/privkey.pem; - ssl_session_cache shared:SSL:20m; ssl_session_timeout 60m; - ssl_prefer_server_ciphers on; - ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5; - ssl_dhparam /etc/nginx/cert/dhparam.pem; - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; - ssl_stapling on; ssl_stapling_verify on; - ssl_trusted_certificate /etc/letsencrypt/live/wojciechkozlowski.eu/chain.pem; + resolver 208.67.222.222 208.67.220.220; add_header Strict-Transport-Security "max-age=31536000" always; include /etc/nginx/conf.d/*.conf; -} \ No newline at end of file +}