Updated with letsencrypt SSL

diff --git a/conf.d/gallery.conf b/conf.d/gallery.conf
index ab755a41d1f2abc67987c12b2747bb28c25e03af..03e52e35345fa30172ad9c6edc7045cb6f8eb86c 100644 (file)
--- a/conf.d/gallery.conf
+++ b/conf.d/gallery.conf
@@ -1,8 +1,8 @@
 server {
     listen               443 ssl;
     server_name          comics.purplebirdman.com;
-    ssl_certificate      /etc/ssl/certs/cert.pem;
-    ssl_certificate_key  /etc/ssl/certs/key.pem;
+    ssl_certificate      /etc/letsencrypt/live/purplebirdman.com-0001/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/purplebirdman.com-0001/privkey.pem;
 
     location / {
         proxy_pass http://gallery_server;

diff --git a/conf.d/go.conf b/conf.d/go.conf
index e98e49fadc7546d77103a29d34cc73a0ddab80c5..fecfa063f8a6f4e4edf6e8ab94337f4c8b9c6e3a 100644 (file)
--- a/conf.d/go.conf
+++ b/conf.d/go.conf
@@ -1,8 +1,8 @@
 server {
     listen               443 ssl;
     server_name          go.purplebirdman.com;
-    ssl_certificate      /etc/ssl/certs/cert.pem;
-    ssl_certificate_key  /etc/ssl/certs/key.pem;
+    ssl_certificate      /etc/letsencrypt/live/purplebirdman.com-0001/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/purplebirdman.com-0001/privkey.pem;
     location / {
         proxy_pass http://go_web;
         proxy_set_header Host $host;

diff --git a/conf.d/kanban.conf b/conf.d/kanban.conf
index 53f3a74da169c13420cc4fbefd64890a481582de..0b5a8eda4da2b1e5a6de2510fdc1411c4e1af5dc 100644 (file)
--- a/conf.d/kanban.conf
+++ b/conf.d/kanban.conf
@@ -1,8 +1,8 @@
 server {
     listen               443 ssl;
     server_name          kanban.purplebirdman.com;
-    ssl_certificate      /etc/ssl/certs/cert.pem;
-    ssl_certificate_key  /etc/ssl/certs/key.pem;
+    ssl_certificate      /etc/letsencrypt/live/purplebirdman.com-0001/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/purplebirdman.com-0001/privkey.pem;
 
     # for large file uploads
     client_max_body_size 20M;

diff --git a/conf.d/public.conf b/conf.d/public.conf
index dfa048bd328a1a007d3febce58cd99c4b95b26ef..3ee420dd11f6ff85058515cd756b78e6cd02cb8d 100644 (file)
--- a/conf.d/public.conf
+++ b/conf.d/public.conf
@@ -1,8 +1,8 @@
 server {
     listen               443 ssl;
     server_name          public.purplebirdman.com;
-    ssl_certificate      /etc/ssl/certs/cert.pem;
-    ssl_certificate_key  /etc/ssl/certs/key.pem;
+    ssl_certificate      /etc/letsencrypt/live/purplebirdman.com-0001/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/purplebirdman.com-0001/privkey.pem;
 
     location / {
         proxy_pass http://public_web;

diff --git a/conf.d/purplebirdman.conf b/conf.d/purplebirdman.conf
index 31133cb2807c8915ed8f32c41f11a33cf3848a89..db3287a4dd7b0abe4f56964032a3631d590acd64 100644 (file)
--- a/conf.d/purplebirdman.conf
+++ b/conf.d/purplebirdman.conf
@@ -1,8 +1,8 @@
 server {
     listen               443 ssl;
     server_name          purplebirdman.com;
-    ssl_certificate      /etc/ssl/certs/cert.pem;
-    ssl_certificate_key  /etc/ssl/certs/key.pem;
+    ssl_certificate      /etc/letsencrypt/live/purplebirdman.com-0001/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/purplebirdman.com-0001/privkey.pem;
 
     location / {
         proxy_pass http://purplebirdman_web;

diff --git a/deploy.sh b/deploy.sh
deleted file mode 100755 (executable)
index 9e5489b..0000000
--- a/deploy.sh
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/bash
-docker stack deploy -c <(docker-compose config) proxy

diff --git a/docker-compose.yml b/docker-compose.yml
index 1b2953b1799264f349f2f803de64815662db18fc..a08d482fd5fa8ffa2d8cba8bb67f474d3b6064a0 100644 (file)
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,7 +11,7 @@ services:
     web:
         image: nginx:1.17
         volumes:
-        - /etc/ssl/certs/purplebirdman/:/etc/ssl/certs/
+        - /etc/letsencrypt/:/etc/letsencrypt/
         - ./nginx.conf:/etc/nginx/nginx.conf
         - ./conf.d/:/etc/nginx/conf.d/
         environment:

diff --git a/nginx.conf b/nginx.conf
index 6c145aedfe6c2263fa1ae451e61c3a1ca22864cd..8f66c5c5f5245827d50852b686e98dd67fe597b7 100644 (file)
--- a/nginx.conf
+++ b/nginx.conf
@@ -11,8 +11,6 @@ events {
 
 
 http {
-    ssl_password_file /etc/ssl/certs/passphrase.txt;
-
     include       /etc/nginx/mime.types;
     default_type  application/octet-stream;
 

diff --git a/script/certbot-fetch.sh b/script/certbot-fetch.sh
new file mode 100755 (executable)
index 0000000..9b4267d
--- /dev/null
+++ b/script/certbot-fetch.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+# source: https://eff-certbot.readthedocs.io/en/latest/install.html#alternative-1-docker
+
+docker run -it --rm --name certbot \
+            -v "/etc/letsencrypt:/etc/letsencrypt" \
+            -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
+            -v "$HOME/.aws:/aws" \
+            -e "AWS_CONFIG_FILE=/aws/config" \
+            -e "AWS_SHARED_CREDENTIALS_FILE=/aws/credentials" \
+            -p 80:80 \
+            certbot/dns-route53 certonly

diff --git a/script/deploy.sh b/script/deploy.sh
new file mode 100755 (executable)
index 0000000..9e5489b
--- /dev/null
+++ b/script/deploy.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+docker stack deploy -c <(docker-compose config) proxy