Update certbot

Signed-off-by: Bensuperpc <bensuperpc@gmail.com>
2025-01-02 22:04:26 +01:00 · 2023-03-19 18:45:36 +01:00 · 2023-03-19 18:45:36 +01:00 · ccde63ba1b
commit ccde63ba1b
parent 2f03b7e120
6 changed files with 40 additions and 40 deletions
--- a/README.md
+++ b/README.md
@ -14,12 +14,10 @@ If you have any **questions** or **suggestions**, feel free to open an issue or
 - [x] Nginx reverse proxy
 - [x] Docker / docker-compose
 - [x] Letsencrypt / Certbot
- [x] Flask (Via UWSGI/NGINX)
 - [x] Wordpress (Via FASTCGI/NGINX)
 - [x] PHPMyAdmin (MariaDB)
 - [x] PGAdmin (PostgreSQL)
 - [x] Qbittorrent
- [ ] Use Flask instead of wordpress as default blog
 - [x] Jellyfin
 - [ ] Gitea
 - [ ] Mastodon
@ -37,7 +35,6 @@ If you have any **questions** or **suggestions**, feel free to open an issue or
 - [Git](https://git-scm.com/book/en/v2/Getting-Started-Installing-Git)
 - [Web domain](https://www.ovh.com/world/domains/) (I use OVH)
 - [Open port 80 and 443 on your router](http://192.168.0.1/) (I use a Orange box with default IP)
- **All requirements for my Flask website (See [README.md](bensuperpc_website/README.md))**

 ### Clone

@ -81,14 +78,20 @@ cp -r nginx/conf.d-cert nginx/conf.d

 Replace certbot commands in _docker-compose.yml_, and replace _bensuperpc.org_ by your domain

-```sh
-command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --domain www.bensuperpc.org --domain bensuperpc.org
+```yaml
+    command: >
+      certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --webroot 
+      --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
+      --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
 ```

 With to get the SSL certificate

-```sh
-command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --domain www.bensuperpc.org --domain bensuperpc.org
+```yaml
+    command: >
+      certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --webroot
+      --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
+      --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org 
 ```

 Run the docker-compose and exit with CTRL+C and when you have the SSL certificate
@ -100,7 +103,10 @@ make start-at
 Replace certbot commands in _docker-compose.yml_ to update and renew the SSL certificate

 ```sh
-command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --force-renewal --domain www.bensuperpc.org --domain bensuperpc.org
+    command: >
+      certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --force-renewal --webroot
+      --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
+      --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org 
 ```

 Run the docker-compose to update and renew the SSL certificate and exit with CTRL+C when you have the SSL certificate
@ -111,8 +117,11 @@ make start-at

 Now you can replace the certbot commands in _docker-compose.yml_ with the original one

-```sh
-command: certonly --webroot --webroot-path=/var/www/html --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --domain www.bensuperpc.org --domain bensuperpc.org
+```yaml
+    command: >
+      certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --webroot 
+      --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
+      --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
 ```

 Remove the cert config file
@ -160,7 +169,6 @@ make stop
 You can access to the website with:

 - [bensuperpc.org](https://bensuperpc.org) and [www.bensuperpc.org](https://www.bensuperpc.org) (Wordpress for now)
- [flask.bensuperpc.org](http://flask.bensuperpc.org) and [www.flask.bensuperpc.org](http://www.bensuperpc.org) (Flask website, no SSL for now)
 - [phpmyadmin.bensuperpc.org](http://phpmyadmin.bensuperpc.org) and [www.phpmyadmin.bensuperpc.org](http://www.phpmyadmin.bensuperpc.org) (PHPMyAdmin for MariaDB)
 - [pgadmin.bensuperpc.org](http://pgadmin.bensuperpc.org) and [www.pgadmin.bensuperpc.org](http://www.pgadmin.bensuperpc.org) (PGAdmin for PostgreSQL)
 - [qbittorrent.bensuperpc.org](http://qbittorrent.bensuperpc.org) and [www.qbittorrent.bensuperpc.org](http://www.qbittorrent.bensuperpc.org) (Qbittorrent)
--- a/docker-compose.certbot.yml
+++ b/docker-compose.certbot.yml
@ -13,14 +13,21 @@ services:
      - wordpress:/var/www/wordpress
      - jellyfin:/var/www/jellyfin
      - ./bensuperpc_website:/var/www/flask
-    #command: certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --webroot \
-    #command: certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --force-renewal --webroot \
-    # --expand
+    #command: >
+    #  certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --staging --webroot
+    #  --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
+    #  --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org 
+
+    #command: >
+    #  certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --force-renewal --webroot
+    #  --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
+    #  --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org 
+
    command: >
-      certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --webroot 
-      --webroot-path=/var/www/flask --domain bensuperpc.org --domain www.bensuperpc.org 
+      certonly --email bensuperpc@bensuperpc.fr --agree-tos --rsa-key-size 4096 --no-eff-email --verbose --noninteractive --keep-until-expiring --expand --webroot 
+      --webroot-path=/var/www/wordpress --domain bensuperpc.org --domain www.bensuperpc.org
      --webroot-path=/var/www/jellyfin --domain jellyfin.bensuperpc.org --domain www.jellyfin.bensuperpc.org
-      --webroot-path=/var/www/wordpress --domain wordpress.bensuperpc.org --domain www.wordpress.bensuperpc.org
+      --webroot-path=/var/www/flask --domain flask.bensuperpc.org --domain www.flask.bensuperpc.org

 volumes:
  certbot-cert:
--- a/docker-compose.flask.yml
+++ b/docker-compose.flask.yml
@ -11,7 +11,7 @@ services:
    depends_on:
      - flask_db
    volumes:
-      - ./bensuperpc_website:/app:rw
+      - ./bensuperpc_website:/var/www/flask:rw
    env_file:
      - env/flask_website.env
    restart: unless-stopped
--- a/nginx/conf.d/flask_wsgi.conf
+++ b/nginx/conf.d/flask_wsgi.conf
@ -13,7 +13,7 @@ server {
        listen 80;
        listen [::]:80;

-        server_name bensuperpc.org www.bensuperpc.org flask.bensuperpc.org www.flask.bensuperpc.org;
+        server_name flask.bensuperpc.org www.flask.bensuperpc.org;

        location ~ /.well-known/acme-challenge {
                allow all;
@ -30,7 +30,7 @@ server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;

-        server_name bensuperpc.org www.bensuperpc.org flask.bensuperpc.org www.flask.bensuperpc.org;
+        server_name flask.bensuperpc.org www.flask.bensuperpc.org;

        include /etc/nginx/conf.d/sub/gzip.conf;

@ -61,7 +61,8 @@ server {
        #        set $skip_reason "${skip_reason}-http_cookie";
        #}

-        location / { try_files $uri @flask_app; }
+        location / { try_files $uri @flask_app; 
+        }

        location @flask_app {
                include uwsgi_params;
--- a/nginx/conf.d/test.conf
+++ b/nginx/conf.d/test.conf
@ -1,16 +0,0 @@
-server {
-        listen 80;
-        listen [::]:80;
-        #listen 443;
-        #listen [::]:443;
-        server_name test.bensuperpc.org www.test.bensuperpc.org;
-
-        location ~ /.well-known/acme-challenge {
-                allow all;
-                root /var/www/html;
-        }
-
-        location / {
-                return 301 https://www.bensuperpc.org$request_uri;
-        }
-}
--- a/nginx/conf.d/wordpress.conf
+++ b/nginx/conf.d/wordpress.conf
@ -12,7 +12,7 @@ server {
        listen 80;
        listen [::]:80;

-        server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org;
+        server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org bensuperpc.org www.bensuperpc.org;

        location ~ /.well-known/acme-challenge {
                allow all;
@ -28,7 +28,7 @@ server {
 server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
-        server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org;
+        server_name wordpress.bensuperpc.org www.wordpress.bensuperpc.org bensuperpc.org www.bensuperpc.org;

        root /var/www/wordpress;
        index index.php index.html index.htm;