Configuraciones realizadas dentro del contenedor de nginx
Instalar Certbot dentro del contenedor de nginx
$ docker-compose exec nginx bash
#Instalar certbot
$ apk add certbot certbot-nginx
Crear los certificados y siga las opciones
certbot certonly --email your-rafa.developers@gmail.com --no-eff-email -d ralphdev.tech -d www.ralphdev.tech
Configuración .conf nginx
-
default.conf
server { listen 80 default_server; #listen [::]:80 default_server ipv6only=on; # For https # listen 443 ssl default_server; # listen [::]:443 ssl default_server ipv6only=on; # ssl_certificate /etc/nginx/ssl/default.crt; # ssl_certificate_key /etc/nginx/ssl/default.key; server_name ralphdev.tech; root /var/www/ralphdev; index index.php index.html index.htm; location / { try_files $uri $uri/ /index.php$is_args$args; } location ~ \.php$ { try_files $uri /index.php =404; fastcgi_pass php-upstream; fastcgi_index index.php; fastcgi_buffers 16 16k; fastcgi_buffer_size 32k; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; #fixes timeouts fastcgi_read_timeout 600; include fastcgi_params; } location ~ /\.ht { deny all; } location /.well-known/acme-challenge/ { root /var/www/letsencrypt/; log_not_found off; } return 301 https://ralphdev.tech$request_uri; }
-
ralphdev.tech.conf
server { #listen 80; #listen [::]:80; # For https listen 443 ssl http2; #listen [::]:443 ssl ipv6only=on; ssl_certificate /etc/letsencrypt/live/ralphdev.tech/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ralphdev.tech/privkey.pem; server_name www.ralphdev.tech; root /var/www/ralphdev; index index.php index.html index.htm; # Additional Nginx options include /etc/letsencrypt/options-ssl-nginx.conf; # Diffie-Hellman parameter for DHE ciphersuites ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # Security headers add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; add_header Referrer-Policy "no-referrer-when-downgrade" always; add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; location / { try_files $uri $uri/ /index.php$is_args$args; } location ~ \.php$ { try_files $uri /index.php =404; fastcgi_pass php-upstream; fastcgi_index index.php; fastcgi_buffers 16 16k; fastcgi_buffer_size 32k; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; #fixes timeouts fastcgi_read_timeout 600; include fastcgi_params; } location ~ /\.ht { deny all; } # SEO files location = /robots.txt { log_not_found off; } location = /sitemap.xml { log_not_found off; } location = /favicon.ico { log_not_found off; } # Assets, media location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ { expires 7d; } # SVG, fonts location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ { add_header Access-Control-Allow-Origin "*"; expires 7d; } location /.well-known/acme-challenge/ { root /var/www/letsencrypt/; log_not_found off; } error_log /var/log/nginx/ralphdev_error.log; access_log /var/log/nginx/ralphdev_access.log; }
-
Rutas del cronjob
- etc/periodic/
- chmod a+x /etc/periodic/[path/scriptname]
- echo '#!/bin/sh' >> scriptname
- rc-service crond start && rc-update add crond
#!/bin/sh # min hour day month weekday command * 12 * * * /usr/bin/certbot renew --quiet
Adicional
// Install vim
$ apk add vim
$ vi --version
Top comments (0)