viveksantayana/ska-referee-test
viveksantayana/ska-referee-test
1
0
Fork 0
Code Issues 1 Pull Requests Projects Releases 19 Wiki Activity

Production debug

Browse Source
This commit is contained in:
Vivek Santayana 2022-06-17 12:58:46 +01:00
parent 73f31016fd
commit 067ef4fd7f
4 changed files with 39 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
README.md
View File

@ -70,7 +70,7 @@ Also make sure that the various entries for usernames and passwords match.
#### Input Specific Values for Your Installation
There are some values in the following three files you will need to configure to reflect the domain you are installing this app.
There are some values in the following four files you will need to configure to reflect the domain you are installing this app.
```
# .env
@ -85,7 +85,17 @@ domains=(example.org www.example.org)
email="" # Adding a valid address is strongly recommended
```
And four locations in the following file, two for the regular version of the domain and two for the www version:
Substitute the domain name `domain_name` in the two file paths in the following file:
```
# nginx/ssl.conf
ssl_certificate /etc/letsencrypt/live/domain_name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain_name/privkey.pem;
...
```
And **six** locations in the following file, two for the regular version of the domain and two for the www version:
```
# nginx/conf.d/ref-test-app.conf
@ -105,13 +115,20 @@ server {
server {
server_name www.domain_name;
listen 80;
...
listen [::]:80;
# Redirect to non-www
return 301 $scheme://domain_name$request_uri; ...
}
server {
server_name www.domain_name;
listen 443 ssl http2;
listen [::]:443 ssl http2;
...
# Redirect to non-www
return 301 $scheme://domain_name$request_uri;
}
```
@ -127,6 +144,8 @@ $ chmod +x install-script.sh
$ sudo ./install-script.sh
```
This will take a long time to run the first time because it will try and generate a fairly sizeable cypher.
When we later run the server, Certbot will check for renewals of the SSL certificates every 12 hours, and Nginx will reload the configurations every 6 hours, to make sure everything runs smoothly and stays live.
#### Run the Stack

4
docker-compose.yml
View File

@ -18,7 +18,7 @@ services:
networks:
- frontend
depends_on:
- ref_test_app
- app
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
app:
@ -36,7 +36,7 @@ services:
- frontend
- backend
depends_on:
- ref_test_postfix
- postfix
postfix:
container_name: ref_test_postfix

15
install-script.sh
View File

@ -23,13 +23,13 @@ fi
if [ ! -e "$data_path/ssl-dhparams.pem" ]; then
echo "### Generating ssl-dhparams.pem ..."
docker compose run --rm --entrypoint "\
openssl dhparam 4096 -out /etc/letsencrypt/ssl-dhparams.pem" certbot
openssl dhparam -out /etc/letsencrypt/ssl-dhparams.pem 4096" certbot
echo
fi
echo "### Creating dummy certificate for $domains ..."
path="/etc/letsencrypt/live/$domains"
mkdir -p "$data_path/conf/live/$domains"
mkdir -p "$data_path/live/$domains"
docker compose run --rm --entrypoint "\
openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 1\
-keyout '$path/privkey.pem' \
@ -37,6 +37,15 @@ docker compose run --rm --entrypoint "\
-subj '/CN=localhost'" certbot
echo
if [ ! -e "$data_path/lets-encrypt-x3-cross-signed.pem" ]; then
echo "### Downloading lets-encrypt-x3-cross-signed.pem ..."
wget -O $data_path/lets-encrypt-x3-cross-signed.pem \
"https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem"
docker compose run --rm --entrypoint "\
openssl dhparam -out /etc/letsencrypt/ssl-dhparams.pem 4096" certbot
echo
fi
echo "### Starting nginx ..."
docker compose up --force-recreate -d nginx
echo
@ -65,7 +74,7 @@ esac
if [ $staging != "0" ]; then staging_arg="--staging"; fi
docker compose run --rm --entrypoint "\
certbot certonly --webroot -w /var/www/certbot \
certbot certonly --webroot -w /var/www/html \
$staging_arg \
$email_arg \
$domain_args \

6
nginx/conf.d/ref-test-app.conf
View File

@ -30,7 +30,7 @@ server {
}
location / {
include /etc/nginx/conf.d/common-location.conf;
include /etc/nginx/conf.d/proxy_headers.conf;
proxy_pass http://reftest;
}
}
@ -40,7 +40,7 @@ server {
listen 80;
listen [::]:80;
# Redirect to non-www
return 301 $scheme://example.com$request_uri;
return 301 $scheme://domain_name$request_uri;
}
server {
@ -53,5 +53,5 @@ server {
include /etc/nginx/certbot-challenge.conf;
# Redirect to non-www
return 301 $scheme://example.com$request_uri;
return 301 $scheme://domain_name$request_uri;
}