From ccde63ba1b6f1518ca1327c82d37dfe1291b41ab Mon Sep 17 00:00:00 2001 From: Bensuperpc Date: Sun, 19 Mar 2023 18:45:36 +0100 Subject: [PATCH] Update certbot Signed-off-by: Bensuperpc --- README.md | 30 +++++++++++++++++++----------- docker-compose.certbot.yml | 21 ++++++++++++++------- docker-compose.flask.yml | 2 +- nginx/conf.d/flask_wsgi.conf | 7 ++++--- nginx/conf.d/test.conf | 16 ---------------- nginx/conf.d/wordpress.conf | 4 ++-- 6 files changed, 40 insertions(+), 40 deletions(-) delete mode 100644 nginx/conf.d/test.conf diff --git a/README.md b/README.md index 521e6cb..d047c67 100644 --- a/README.md +++ b/README.md @@ -14,12 +14,10 @@ If you have any **questions** or **suggestions**, feel free to open an issue or - [x] Nginx reverse proxy - [x] Docker / docker-compose - [x] Letsencrypt / Certbot -- [x] Flask (Via UWSGI/NGINX) - [x] Wordpress (Via FASTCGI/NGINX) - [x] PHPMyAdmin (MariaDB) - [x] PGAdmin (PostgreSQL) - [x] Qbittorrent -- [ ] Use Flask instead of wordpress as default blog - [x] Jellyfin - [ ] Gitea - [ ] Mastodon @@ -37,7 +35,6 @@ If you have any **questions** or **suggestions**, feel free to open an issue or - [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git) - [Web domain](https://www.ovh.com/world/domains/) (I use OVH) - [Open port 80 and 443 on your router](http://192.168.0.1/) (I use a Orange box with default IP) -- **All requirements for my Flask website (See [README.md](bensuperpc_website/README.md))** ### Clone @@ -81,14 +78,20 @@ cp -r nginx/conf.d-cert nginx/conf.d Replace certbot commands in _docker-compose.yml_, and replace _bensuperpc.org_ by your domain -```sh -command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --domain www.bensuperpc.org --domain bensuperpc.org +```yaml + command: > + certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --webroot + --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org + --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org ``` With to get the SSL certificate -```sh -command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --domain www.bensuperpc.org --domain bensuperpc.org +```yaml + command: > + certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --webroot + --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org + --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org ``` Run the docker-compose and exit with CTRL+C and when you have the SSL certificate @@ -100,7 +103,10 @@ make start-at Replace certbot commands in _docker-compose.yml_ to update and renew the SSL certificate ```sh -command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --force-renewal --domain www.bensuperpc.org --domain bensuperpc.org + command: > + certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --force-renewal --webroot + --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org + --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org ``` Run the docker-compose to update and renew the SSL certificate and exit with CTRL+C when you have the SSL certificate @@ -111,8 +117,11 @@ make start-at Now you can replace the certbot commands in _docker-compose.yml_ with the original one -```sh -command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --domain www.bensuperpc.org --domain bensuperpc.org +```yaml + command: > + certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --webroot + --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org + --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org ``` Remove the cert config file @@ -160,7 +169,6 @@ make stop You can access to the website with: - [bensuperpc.org](https://bensuperpc.org) and [www.bensuperpc.org](https://www.bensuperpc.org) (Wordpress for now) -- [flask.bensuperpc.org](http://flask.bensuperpc.org) and [www.flask.bensuperpc.org](http://www.bensuperpc.org) (Flask website, no SSL for now) - [phpmyadmin.bensuperpc.org](http://phpmyadmin.bensuperpc.org) and [www.phpmyadmin.bensuperpc.org](http://www.phpmyadmin.bensuperpc.org) (PHPMyAdmin for MariaDB) - [pgadmin.bensuperpc.org](http://pgadmin.bensuperpc.org) and [www.pgadmin.bensuperpc.org](http://www.pgadmin.bensuperpc.org) (PGAdmin for PostgreSQL) - [qbittorrent.bensuperpc.org](http://qbittorrent.bensuperpc.org) and [www.qbittorrent.bensuperpc.org](http://www.qbittorrent.bensuperpc.org) (Qbittorrent) diff --git a/docker-compose.certbot.yml b/docker-compose.certbot.yml index 8650264..1bce3b7 100644 --- a/docker-compose.certbot.yml +++ b/docker-compose.certbot.yml @@ -13,14 +13,21 @@ services: - wordpress:/var/www/wordpress - jellyfin:/var/www/jellyfin - ./bensuperpc_website:/var/www/flask - #command: certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --webroot \ - #command: certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --force-renewal --webroot \ - # --expand + #command: > + # certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --webroot + # --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org + # --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org + + #command: > + # certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --force-renewal --webroot + # --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org + # --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org + command: > - certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --webroot - --webroot-path=/var/www/flask --domain bensuperpc.org --domain www.bensuperpc.org - --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org - --webroot-path=/var/www/wordpress --domain wordpress.bensuperpc.org --domain www.wordpress.bensuperpc.org + certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --expand --webroot + --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org + --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org + --webroot-path=/var/www/flask --domain flask.bensuperpc.org --domain www.flask.bensuperpc.org volumes: certbot-cert: diff --git a/docker-compose.flask.yml b/docker-compose.flask.yml index 836cd98..b076e18 100644 --- a/docker-compose.flask.yml +++ b/docker-compose.flask.yml @@ -11,7 +11,7 @@ services: depends_on: - flask_db volumes: - - ./bensuperpc_website:/app:rw + - ./bensuperpc_website:/var/www/flask:rw env_file: - env/flask_website.env restart: unless-stopped diff --git a/nginx/conf.d/flask_wsgi.conf b/nginx/conf.d/flask_wsgi.conf index 238fccc..1d34ebe 100644 --- a/nginx/conf.d/flask_wsgi.conf +++ b/nginx/conf.d/flask_wsgi.conf @@ -13,7 +13,7 @@ server { listen 80; listen [::]:80; - server_name bensuperpc.org www.bensuperpc.org flask.bensuperpc.org www.flask.bensuperpc.org; + server_name flask.bensuperpc.org www.flask.bensuperpc.org; location ~ /.well-known/acme-challenge { allow all; @@ -30,7 +30,7 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name bensuperpc.org www.bensuperpc.org flask.bensuperpc.org www.flask.bensuperpc.org; + server_name flask.bensuperpc.org www.flask.bensuperpc.org; include /etc/nginx/conf.d/sub/gzip.conf; @@ -61,7 +61,8 @@ server { # set $skip_reason "${skip_reason}-http_cookie"; #} - location / { try_files $uri @flask_app; } + location / { try_files $uri @flask_app; + } location @flask_app { include uwsgi_params; diff --git a/nginx/conf.d/test.conf b/nginx/conf.d/test.conf deleted file mode 100644 index 39b9680..0000000 --- a/nginx/conf.d/test.conf +++ /dev/null @@ -1,16 +0,0 @@ -server { - listen 80; - listen [::]:80; - #listen 443; - #listen [::]:443; - server_name test.bensuperpc.org www.test.bensuperpc.org; - - location ~ /.well-known/acme-challenge { - allow all; - root /var/www/html; - } - - location / { - return 301 https://www.bensuperpc.org$request_uri; - } -} diff --git a/nginx/conf.d/wordpress.conf b/nginx/conf.d/wordpress.conf index c49b05d..36e196a 100644 --- a/nginx/conf.d/wordpress.conf +++ b/nginx/conf.d/wordpress.conf @@ -12,7 +12,7 @@ server { listen 80; listen [::]:80; - server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org; + server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org bensuperpc.org www.bensuperpc.org; location ~ /.well-known/acme-challenge { allow all; @@ -28,7 +28,7 @@ server { server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org; + server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org bensuperpc.org www.bensuperpc.org; root /var/www/wordpress; index index.php index.html index.htm;