Fixes flask website and wordpress

Signed-off-by: Bensuperpc <bensuperpc@gmail.com>

bensuperpc_website

@@ -1 +1 @@
-Subproject commit 859f5d387432f5e327f7f6208bda384ec8777121
+Subproject commit a83b09c8143dc681be72385e7948288c6e005941

docker-compose.yml

@@ -13,7 +13,7 @@ services:
       - "80:80"
       - "443:443"
     volumes:
-      - wordpress:/var/www/worpress
+      - wordpress:/var/www/wordpress
       - jellyfin:/var/www/jellyfin
       - ./nginx-conf:/etc/nginx/conf.d
       - certbot-cert:/etc/letsencrypt:ro
@@ -133,11 +133,11 @@ services:
       - certbot
     volumes:
       - certbot-cert:/etc/letsencrypt
-      - wordpress:/var/www/worpress
+      - wordpress:/var/www/wordpress
       - jellyfin:/var/www/jellyfin
-    #command: certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --webroot --webroot-path=/var/www/worpress --domain bensuperpc.org --domain www.bensuperpc.org --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
+    #command: certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --webroot --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
-    #command: certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --force-renewal --webroot --webroot-path=/var/www/worpress --domain bensuperpc.org --domain www.bensuperpc.org --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
+    #command: certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --force-renewal --webroot --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
-    command: certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --webroot --webroot-path=/var/www/worpress --domain bensuperpc.org --domain www.bensuperpc.org --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
+    command: certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --webroot --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
   phpmyadmin:
     image: phpmyadmin:5.2.0
     container_name: phpmyadmin

nginx-conf/flask_wsgi.conf

@@ -8,17 +8,41 @@ upstream flask_server {
         # Or: server unix:/app/flask_server.sock;
 }
 
-
+# Redirect all http requests to the main server wordpress_server
 server {
         listen 80;
         listen [::]:80;
-        #listen 443;
-        #listen [::]:443;
 
-        server_name flask.bensuperpc.org www.flask.bensuperpc.org;
+        server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org;
+
+        location ~ /.well-known/acme-challenge {
+                allow all;
+                root /var/www/flask;
+        }
+
+        location / {
+                return 301 https://$host$request_uri;
+        }
+}
+
+
+server {
+        listen 443;
+        listen [::]:443;
+
+        server_name bensuperpc.org www.bensuperpc.org flask.bensuperpc.org www.flask.bensuperpc.org;
 
         include /etc/nginx/conf.d/sub/gzip.conf;
 
+        # All things related to SSL
+        ssl_certificate /etc/letsencrypt/live/bensuperpc.org/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/bensuperpc.org/privkey.pem;
+        ssl_trusted_certificate /etc/letsencrypt/live/bensuperpc.org/chain.pem;
+        #ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+        #add_header Strict-Transport-Security "max-age=31536000" always;
+
+        include /etc/nginx/conf.d/sub/options-ssl-nginx.conf;
+
         location / { try_files $uri @flask_app; }
 
         location @flask_app {
@@ -34,12 +58,23 @@ server {
                 uwsgi_cache_valid any 1m;
                 uwsgi_cache_lock on;
 
-                #uwsgi_ignore_headers Cache-Control X-Accel-Expires Expires Vary Set-Cookie;
+                #uwsgi_ignore_headers Vary;
                 #uwsgi_hide_header Vary;
 
-                uwsgi_ignore_headers Vary;
+                uwsgi_ignore_headers Expires Cache-Control Set-Cookie Vary;
                 uwsgi_hide_header Vary;
 
                 add_header X-cache $upstream_cache_status;
         }
+
+        # Don't write to accesslog for these files
+        location = /favicon.ico {
+                log_not_found off;
+                access_log off;
+        }
+        location = /robots.txt {
+                allow all;
+                log_not_found off;
+                access_log off;
+        }
 }

nginx-conf/jellyfin.conf

@@ -97,7 +97,8 @@ server {
 
         # Cache images
         location ~ /Items/(.*)/Images {
-                proxy_pass http://127.0.0.1:8096;
+                #proxy_pass http://127.0.0.1:8096;
+                proxy_pass http://jellyfin_server;
                 proxy_set_header Host $host;
                 proxy_set_header X-Real-IP $remote_addr;
                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -129,7 +130,8 @@ server {
                 proxy_cache_lock on;
                 proxy_cache_lock_age 60s;
 
-                proxy_pass http://$jellyfin:8096;
+                #proxy_pass http://$jellyfin:8096;
+                proxy_pass http://jellyfin_server;
                 proxy_cache_key "jellyvideo$uri?MediaSourceId=$arg_MediaSourceId&VideoCodec=$arg_VideoCodec&AudioCodec=$arg_AudioCodec&AudioStreamIndex=$arg_AudioStreamIndex&VideoBitrate=$arg_VideoBitrate&AudioBitrate=$arg_AudioBitrate&SubtitleMethod=$arg_SubtitleMethod&TranscodingMaxAudioChannels=$arg_TranscodingMaxAudioChannels&RequireAvc=$arg_RequireAvc&SegmentContainer=$arg_SegmentContainer&MinSegments=$arg_MinSegments&BreakOnNonKeyFrames=$arg_BreakOnNonKeyFrames&h264-profile=$h264Profile&h264-level=$h264Level&slicerange=$slice_range";
 
                 add_header X-Cache-Status $upstream_cache_status; # This is only for debugging cache

nginx-conf/wordpress.conf

@@ -12,11 +12,11 @@ server {
         listen 80;
         listen [::]:80;
 
-        server_name bensuperpc.org www.bensuperpc.org wordpress.bensuperpc.org www.wordpress.bensuperpc.org;
+        server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org;
 
         location ~ /.well-known/acme-challenge {
                 allow all;
-                root /var/www/worpress;
+                root /var/www/wordpress;
         }
 
         location / {
@@ -28,9 +28,9 @@ server {
 server {
         listen 443 ssl http2;
         listen [::]:443 ssl http2;
-        server_name bensuperpc.org www.bensuperpc.org wordpress.bensuperpc.org www.wordpress.bensuperpc.org;
+        server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org;
 
-        root /var/www/worpress;
+        root /var/www/wordpress;
         index index.php index.html index.htm;
 
         # Keepalive for 70 seconds