Let's encrypt working

docker-compose.yml

@@ -7,6 +7,7 @@ volumes:
   vol_gitlab_config:
   vol_gitlab_logs:
   vol_gitlab_data:
+  vol_letsencrypt:
 
 services:
 
@@ -79,6 +80,8 @@ services:
       GITLAB_OMNIBUS_CONFIG: |
         external_url 'http://gitlab.wojciechkozlowski.eu'
         # Add any other gitlab.rb configuration here, each on its own line
+    ports:
+      - 2770:22
     volumes:
       - vol_gitlab_config:/etc/gitlab
       - vol_gitlab_logs:/var/log/gitlab
@@ -91,14 +94,18 @@ services:
 
   proxy:
     container_name: proxy
-    image: nginx
+    build: proxy
+    image: proxy
     ports:
       - 80:80
+      - 443:443
     links:
       - html
       - wiki
       - nextcloud
       - gitlab
     volumes:
-      - ./proxy/nginx-conf.d:/etc/nginx/conf.d
+      - ./proxy/nginx.conf:/etc/nginx/nginx.conf:ro
+      - ./proxy/nginx-conf.d:/etc/nginx/conf.d:ro
+      - vol_letsencrypt:/etc/letsencrypt
     restart: always

proxy/Dockerfile

@@ -0,0 +1,6 @@
+FROM nginx
+
+RUN apt update && apt install -y certbot
+RUN mkdir -p /var/www/html
+
+VOLUME ["/etc/letsencrypt"]

proxy/nginx-conf.d/cloud.wojciechkozlowski.eu.conf

@@ -1,5 +1,5 @@
 server {
-    listen       80;
+    listen       443;
     server_name  cloud.wojciechkozlowski.eu;
 
     location / {

proxy/nginx-conf.d/default.conf

@@ -0,0 +1,24 @@
+# server {
+#         listen 443 ssl http2;
+
+#         ssl_certificate /etc/nginx/cert/bjornjohansen.no.certchain.crt;
+#         ssl_certificate_key /etc/nginx/cert/bjornjohansen.no.key;
+
+#         ssl_session_cache shared:SSL:20m;
+#         ssl_session_timeout 60m;
+
+#         ssl_prefer_server_ciphers on;
+
+#         ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DHE+AES128:!ADH:!AECDH:!MD5;
+
+#         ssl_dhparam /etc/nginx/cert/dhparam.pem;
+
+#         ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+
+#         ssl_stapling on;
+#         ssl_stapling_verify on;
+#         ssl_trusted_certificate /etc/nginx/cert/trustchain.crt;
+#         resolver 8.8.8.8 8.8.4.4;
+
+#         add_header Strict-Transport-Security "max-age=31536000" always;
+# }

proxy/nginx-conf.d/gitlab.wojciechkozlowski.eu.conf

@@ -1,5 +1,5 @@
 server {
-    listen       80;
+    listen       443;
     server_name  gitlab.wojciechkozlowski.eu;
 
     location / {

proxy/nginx-conf.d/wiki.wojciechkozlowski.eu.conf

@@ -1,5 +1,5 @@
 server {
-    listen       80;
+    listen       443;
     server_name  wiki.wojciechkozlowski.eu;
 
     location / {

proxy/nginx-conf.d/wojciechkozlowski.eu.conf

@@ -1,5 +1,5 @@
 server {
-    listen       80;
+    listen       443;
     server_name  wojciechkozlowski.eu;
 
     location / {

proxy/nginx.conf

@@ -0,0 +1,46 @@
+user  nginx;
+worker_processes  1;
+
+error_log  /var/log/nginx/error.log warn;
+pid        /var/run/nginx.pid;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       /etc/nginx/mime.types;
+    default_type  application/octet-stream;
+
+    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                      '$status $body_bytes_sent "$http_referer" '
+                      '"$http_user_agent" "$http_x_forwarded_for"';
+
+    access_log  /var/log/nginx/access.log  main;
+
+    sendfile        on;
+    #tcp_nopush     on;
+
+    keepalive_timeout  65;
+
+    #gzip  on;
+
+    server {
+        listen       80;
+        server_name  wojciechkozlowski.eu
+                     cloud.wojciechkozlowski.eu
+                     gitlab.wojciechkozlowski.eu
+                     wiki.wojciechkozlowski.eu;
+
+        location ^~ /.well-known {
+            allow all;
+            root /var/www/html;
+        }
+
+        location / {
+            return 301 https://$server_name$request_uri;
+        }
+    }
+
+    include /etc/nginx/conf.d/*.conf;
+}