From 55f228f4c09faf48e39abd9ca07d34890adcb039 Mon Sep 17 00:00:00 2001
From: Clifton Palmer <clifton.james.palmer@protonmail.com>
Date: Mon, 6 May 2024 02:59:00 -0500
Subject: [PATCH 1/1] Updated with letsencrypt SSL

---
 conf.d/gallery.conf           |  4 ++--
 conf.d/go.conf                |  4 ++--
 conf.d/kanban.conf            |  4 ++--
 conf.d/public.conf            |  4 ++--
 conf.d/purplebirdman.conf     |  4 ++--
 docker-compose.yml            |  2 +-
 nginx.conf                    |  2 --
 script/certbot-fetch.sh       | 11 +++++++++++
 deploy.sh => script/deploy.sh |  0
 9 files changed, 22 insertions(+), 13 deletions(-)
 create mode 100755 script/certbot-fetch.sh
 rename deploy.sh => script/deploy.sh (100%)

diff --git a/conf.d/gallery.conf b/conf.d/gallery.conf
index ab755a4..03e52e3 100644
--- a/conf.d/gallery.conf
+++ b/conf.d/gallery.conf
@@ -1,8 +1,8 @@
 server {
     listen               443 ssl;
     server_name          comics.purplebirdman.com;
-    ssl_certificate      /etc/ssl/certs/cert.pem;
-    ssl_certificate_key  /etc/ssl/certs/key.pem;
+    ssl_certificate      /etc/letsencrypt/live/purplebirdman.com-0001/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/purplebirdman.com-0001/privkey.pem;
 
     location / {
         proxy_pass http://gallery_server;
diff --git a/conf.d/go.conf b/conf.d/go.conf
index e98e49f..fecfa06 100644
--- a/conf.d/go.conf
+++ b/conf.d/go.conf
@@ -1,8 +1,8 @@
 server {
     listen               443 ssl;
     server_name          go.purplebirdman.com;
-    ssl_certificate      /etc/ssl/certs/cert.pem;
-    ssl_certificate_key  /etc/ssl/certs/key.pem;
+    ssl_certificate      /etc/letsencrypt/live/purplebirdman.com-0001/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/purplebirdman.com-0001/privkey.pem;
     location / {
         proxy_pass http://go_web;
         proxy_set_header Host $host;
diff --git a/conf.d/kanban.conf b/conf.d/kanban.conf
index 53f3a74..0b5a8ed 100644
--- a/conf.d/kanban.conf
+++ b/conf.d/kanban.conf
@@ -1,8 +1,8 @@
 server {
     listen               443 ssl;
     server_name          kanban.purplebirdman.com;
-    ssl_certificate      /etc/ssl/certs/cert.pem;
-    ssl_certificate_key  /etc/ssl/certs/key.pem;
+    ssl_certificate      /etc/letsencrypt/live/purplebirdman.com-0001/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/purplebirdman.com-0001/privkey.pem;
 
     # for large file uploads
     client_max_body_size 20M;
diff --git a/conf.d/public.conf b/conf.d/public.conf
index dfa048b..3ee420d 100644
--- a/conf.d/public.conf
+++ b/conf.d/public.conf
@@ -1,8 +1,8 @@
 server {
     listen               443 ssl;
     server_name          public.purplebirdman.com;
-    ssl_certificate      /etc/ssl/certs/cert.pem;
-    ssl_certificate_key  /etc/ssl/certs/key.pem;
+    ssl_certificate      /etc/letsencrypt/live/purplebirdman.com-0001/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/purplebirdman.com-0001/privkey.pem;
 
     location / {
         proxy_pass http://public_web;
diff --git a/conf.d/purplebirdman.conf b/conf.d/purplebirdman.conf
index 31133cb..db3287a 100644
--- a/conf.d/purplebirdman.conf
+++ b/conf.d/purplebirdman.conf
@@ -1,8 +1,8 @@
 server {
     listen               443 ssl;
     server_name          purplebirdman.com;
-    ssl_certificate      /etc/ssl/certs/cert.pem;
-    ssl_certificate_key  /etc/ssl/certs/key.pem;
+    ssl_certificate      /etc/letsencrypt/live/purplebirdman.com-0001/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/purplebirdman.com-0001/privkey.pem;
 
     location / {
         proxy_pass http://purplebirdman_web;
diff --git a/docker-compose.yml b/docker-compose.yml
index 1b2953b..a08d482 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -11,7 +11,7 @@ services:
     web:
         image: nginx:1.17
         volumes:
-        - /etc/ssl/certs/purplebirdman/:/etc/ssl/certs/
+        - /etc/letsencrypt/:/etc/letsencrypt/
         - ./nginx.conf:/etc/nginx/nginx.conf
         - ./conf.d/:/etc/nginx/conf.d/
         environment:
diff --git a/nginx.conf b/nginx.conf
index 6c145ae..8f66c5c 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -11,8 +11,6 @@ events {
 
 
 http {
-    ssl_password_file /etc/ssl/certs/passphrase.txt;
-
     include       /etc/nginx/mime.types;
     default_type  application/octet-stream;
 
diff --git a/script/certbot-fetch.sh b/script/certbot-fetch.sh
new file mode 100755
index 0000000..9b4267d
--- /dev/null
+++ b/script/certbot-fetch.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+# source: https://eff-certbot.readthedocs.io/en/latest/install.html#alternative-1-docker
+
+docker run -it --rm --name certbot \
+            -v "/etc/letsencrypt:/etc/letsencrypt" \
+            -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
+            -v "$HOME/.aws:/aws" \
+            -e "AWS_CONFIG_FILE=/aws/config" \
+            -e "AWS_SHARED_CREDENTIALS_FILE=/aws/credentials" \
+            -p 80:80 \
+            certbot/dns-route53 certonly
diff --git a/deploy.sh b/script/deploy.sh
similarity index 100%
rename from deploy.sh
rename to script/deploy.sh
-- 
2.47.2