Update certbot

Signed-off-by: Bensuperpc <bensuperpc@gmail.com>

README.md

@@ -14,12 +14,10 @@ If you have any **questions** or **suggestions**, feel free to open an issue or
 - [x] Nginx reverse proxy
 - [x] Docker / docker-compose
 - [x] Letsencrypt / Certbot
-- [x] Flask (Via UWSGI/NGINX)
 - [x] Wordpress (Via FASTCGI/NGINX)
 - [x] PHPMyAdmin (MariaDB)
 - [x] PGAdmin (PostgreSQL)
 - [x] Qbittorrent
-- [ ] Use Flask instead of wordpress as default blog
 - [x] Jellyfin
 - [ ] Gitea
 - [ ] Mastodon
@@ -37,7 +35,6 @@ If you have any **questions** or **suggestions**, feel free to open an issue or
 - [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
 - [Web domain](https://www.ovh.com/world/domains/) (I use OVH)
 - [Open port 80 and 443 on your router](http://192.168.0.1/) (I use a Orange box with default IP)
-- **All requirements for my Flask website (See [README.md](bensuperpc_website/README.md))**
 
 ### Clone
 
@@ -81,14 +78,20 @@ cp -r nginx/conf.d-cert nginx/conf.d
 
 Replace certbot commands in _docker-compose.yml_, and replace _bensuperpc.org_ by your domain
 
-```sh
+```yaml
-command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --domain www.bensuperpc.org --domain bensuperpc.org
+    command: >
+      certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --webroot 
+      --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
+      --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
 ```
 
 With to get the SSL certificate
 
-```sh
+```yaml
-command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --domain www.bensuperpc.org --domain bensuperpc.org
+    command: >
+      certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --webroot
+      --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
+      --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org 
 ```
 
 Run the docker-compose and exit with CTRL+C and when you have the SSL certificate
@@ -100,7 +103,10 @@ make start-at
 Replace certbot commands in _docker-compose.yml_ to update and renew the SSL certificate
 
 ```sh
-command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --force-renewal --domain www.bensuperpc.org --domain bensuperpc.org
+    command: >
+      certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --force-renewal --webroot
+      --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
+      --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org 
 ```
 
 Run the docker-compose to update and renew the SSL certificate and exit with CTRL+C when you have the SSL certificate
@@ -111,8 +117,11 @@ make start-at
 
 Now you can replace the certbot commands in _docker-compose.yml_ with the original one
 
-```sh
+```yaml
-command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --domain www.bensuperpc.org --domain bensuperpc.org
+    command: >
+      certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --webroot 
+      --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
+      --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
 ```
 
 Remove the cert config file
@@ -160,7 +169,6 @@ make stop
 You can access to the website with:
 
 - [bensuperpc.org](https://bensuperpc.org) and [www.bensuperpc.org](https://www.bensuperpc.org) (Wordpress for now)
-- [flask.bensuperpc.org](http://flask.bensuperpc.org) and [www.flask.bensuperpc.org](http://www.bensuperpc.org) (Flask website, no SSL for now)
 - [phpmyadmin.bensuperpc.org](http://phpmyadmin.bensuperpc.org) and [www.phpmyadmin.bensuperpc.org](http://www.phpmyadmin.bensuperpc.org) (PHPMyAdmin for MariaDB)
 - [pgadmin.bensuperpc.org](http://pgadmin.bensuperpc.org) and [www.pgadmin.bensuperpc.org](http://www.pgadmin.bensuperpc.org) (PGAdmin for PostgreSQL)
 - [qbittorrent.bensuperpc.org](http://qbittorrent.bensuperpc.org) and [www.qbittorrent.bensuperpc.org](http://www.qbittorrent.bensuperpc.org) (Qbittorrent)

docker-compose.certbot.yml

@@ -13,14 +13,21 @@ services:
       - wordpress:/var/www/wordpress
       - jellyfin:/var/www/jellyfin
       - ./bensuperpc_website:/var/www/flask
-    #command: certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --webroot \
+    #command: >
-    #command: certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --force-renewal --webroot \
+    #  certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --webroot
-    # --expand
+    #  --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
+    #  --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org 
+
+    #command: >
+    #  certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --force-renewal --webroot
+    #  --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
+    #  --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org 
+
     command: >
-      certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --webroot 
+      certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --expand --webroot 
-      --webroot-path=/var/www/flask --domain bensuperpc.org --domain www.bensuperpc.org 
+      --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
-      --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org 
+      --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
-      --webroot-path=/var/www/wordpress --domain wordpress.bensuperpc.org --domain www.wordpress.bensuperpc.org
+      --webroot-path=/var/www/flask --domain flask.bensuperpc.org --domain www.flask.bensuperpc.org
 
 volumes:
   certbot-cert:

docker-compose.flask.yml

@@ -11,7 +11,7 @@ services:
     depends_on:
       - flask_db
     volumes:
-      - ./bensuperpc_website:/app:rw
+      - ./bensuperpc_website:/var/www/flask:rw
     env_file:
       - env/flask_website.env
     restart: unless-stopped

nginx/conf.d/flask_wsgi.conf

@@ -13,7 +13,7 @@ server {
         listen 80;
         listen [::]:80;
 
-        server_name bensuperpc.org www.bensuperpc.org flask.bensuperpc.org www.flask.bensuperpc.org;
+        server_name flask.bensuperpc.org www.flask.bensuperpc.org;
 
         location ~ /.well-known/acme-challenge {
                 allow all;
@@ -30,7 +30,7 @@ server {
         listen 443 ssl http2;
         listen [::]:443 ssl http2;
 
-        server_name bensuperpc.org www.bensuperpc.org flask.bensuperpc.org www.flask.bensuperpc.org;
+        server_name flask.bensuperpc.org www.flask.bensuperpc.org;
 
         include /etc/nginx/conf.d/sub/gzip.conf;
 
@@ -61,7 +61,8 @@ server {
         #        set $skip_reason "${skip_reason}-http_cookie";
         #}
 
-        location / { try_files $uri @flask_app; }
+        location / { try_files $uri @flask_app; 
+        }
 
         location @flask_app {
                 include uwsgi_params;

nginx/conf.d/test.conf

@@ -1,16 +0,0 @@
-server {
-        listen 80;
-        listen [::]:80;
-        #listen 443;
-        #listen [::]:443;
-        server_name test.bensuperpc.org www.test.bensuperpc.org;
-
-        location ~ /.well-known/acme-challenge {
-                allow all;
-                root /var/www/html;
-        }
-
-        location / {
-                return 301 https://www.bensuperpc.org$request_uri;
-        }
-}

nginx/conf.d/wordpress.conf

@@ -12,7 +12,7 @@ server {
         listen 80;
         listen [::]:80;
 
-        server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org;
+        server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org bensuperpc.org www.bensuperpc.org;
 
         location ~ /.well-known/acme-challenge {
                 allow all;
@@ -28,7 +28,7 @@ server {
 server {
         listen 443 ssl http2;
         listen [::]:443 ssl http2;
-        server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org;
+        server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org bensuperpc.org www.bensuperpc.org;
 
         root /var/www/wordpress;
         index index.php index.html index.htm;