From: Clifton Palmer <clifton.james.palmer@protonmail.com>
Date: Mon, 6 May 2024 07:59:00 +0000 (-0500)
Subject: Updated with letsencrypt SSL
X-Git-Url: http://git.purplebirdman.com/proxy.git/commitdiff_plain/55f228f4c09faf48e39abd9ca07d34890adcb039?hp=2d0ea6a783d1ace311798faae3ddde44e30d02b9

Updated with letsencrypt SSL
---

diff --git a/conf.d/gallery.conf b/conf.d/gallery.conf
index ab755a4..03e52e3 100644
--- a/conf.d/gallery.conf
+++ b/conf.d/gallery.conf
@@ -1,8 +1,8 @@
 server {
     listen               443 ssl;
     server_name          comics.purplebirdman.com;
-    ssl_certificate      /etc/ssl/certs/cert.pem;
-    ssl_certificate_key  /etc/ssl/certs/key.pem;
+    ssl_certificate      /etc/letsencrypt/live/purplebirdman.com-0001/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/purplebirdman.com-0001/privkey.pem;
 
     location / {
         proxy_pass http://gallery_server;
diff --git a/conf.d/go.conf b/conf.d/go.conf
index e98e49f..fecfa06 100644
--- a/conf.d/go.conf
+++ b/conf.d/go.conf
@@ -1,8 +1,8 @@
 server {
     listen               443 ssl;
     server_name          go.purplebirdman.com;
-    ssl_certificate      /etc/ssl/certs/cert.pem;
-    ssl_certificate_key  /etc/ssl/certs/key.pem;
+    ssl_certificate      /etc/letsencrypt/live/purplebirdman.com-0001/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/purplebirdman.com-0001/privkey.pem;
     location / {
         proxy_pass http://go_web;
         proxy_set_header Host $host;
diff --git a/conf.d/kanban.conf b/conf.d/kanban.conf
index 53f3a74..0b5a8ed 100644
--- a/conf.d/kanban.conf
+++ b/conf.d/kanban.conf
@@ -1,8 +1,8 @@
 server {
     listen               443 ssl;
     server_name          kanban.purplebirdman.com;
-    ssl_certificate      /etc/ssl/certs/cert.pem;
-    ssl_certificate_key  /etc/ssl/certs/key.pem;
+    ssl_certificate      /etc/letsencrypt/live/purplebirdman.com-0001/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/purplebirdman.com-0001/privkey.pem;
 
     # for large file uploads
     client_max_body_size 20M;
diff --git a/conf.d/public.conf b/conf.d/public.conf
index dfa048b..3ee420d 100644
--- a/conf.d/public.conf
+++ b/conf.d/public.conf
@@ -1,8 +1,8 @@
 server {
     listen               443 ssl;
     server_name          public.purplebirdman.com;
-    ssl_certificate      /etc/ssl/certs/cert.pem;
-    ssl_certificate_key  /etc/ssl/certs/key.pem;
+    ssl_certificate      /etc/letsencrypt/live/purplebirdman.com-0001/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/purplebirdman.com-0001/privkey.pem;
 
     location / {
         proxy_pass http://public_web;
diff --git a/conf.d/purplebirdman.conf b/conf.d/purplebirdman.conf
index 31133cb..db3287a 100644
--- a/conf.d/purplebirdman.conf
+++ b/conf.d/purplebirdman.conf
@@ -1,8 +1,8 @@
 server {
     listen               443 ssl;
     server_name          purplebirdman.com;
-    ssl_certificate      /etc/ssl/certs/cert.pem;
-    ssl_certificate_key  /etc/ssl/certs/key.pem;
+    ssl_certificate      /etc/letsencrypt/live/purplebirdman.com-0001/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/purplebirdman.com-0001/privkey.pem;
 
     location / {
         proxy_pass http://purplebirdman_web;
diff --git a/deploy.sh b/deploy.sh
deleted file mode 100755
index 9e5489b..0000000
--- a/deploy.sh
+++ /dev/null
@@ -1,2 +0,0 @@
-#!/bin/bash
-docker stack deploy -c <(docker-compose config) proxy
diff --git a/docker-compose.yml b/docker-compose.yml
index 1b2953b..a08d482 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,7 +11,7 @@ services:
     web:
         image: nginx:1.17
         volumes:
-        - /etc/ssl/certs/purplebirdman/:/etc/ssl/certs/
+        - /etc/letsencrypt/:/etc/letsencrypt/
         - ./nginx.conf:/etc/nginx/nginx.conf
         - ./conf.d/:/etc/nginx/conf.d/
         environment:
diff --git a/nginx.conf b/nginx.conf
index 6c145ae..8f66c5c 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -11,8 +11,6 @@ events {
 
 
 http {
-    ssl_password_file /etc/ssl/certs/passphrase.txt;
-
     include       /etc/nginx/mime.types;
     default_type  application/octet-stream;
 
diff --git a/script/certbot-fetch.sh b/script/certbot-fetch.sh
new file mode 100755
index 0000000..9b4267d
--- /dev/null
+++ b/script/certbot-fetch.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+# source: https://eff-certbot.readthedocs.io/en/latest/install.html#alternative-1-docker
+
+docker run -it --rm --name certbot \
+            -v "/etc/letsencrypt:/etc/letsencrypt" \
+            -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
+            -v "$HOME/.aws:/aws" \
+            -e "AWS_CONFIG_FILE=/aws/config" \
+            -e "AWS_SHARED_CREDENTIALS_FILE=/aws/credentials" \
+            -p 80:80 \
+            certbot/dns-route53 certonly
diff --git a/script/deploy.sh b/script/deploy.sh
new file mode 100755
index 0000000..9e5489b
--- /dev/null
+++ b/script/deploy.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+docker stack deploy -c <(docker-compose config) proxy