Update Section_07/ssl.sh, Section_07/000-default-ssl.conf, Section_07/reverse_proxy_ssl.conf, Section_07/default_ssl, Section_07/reverse_proxy_ssl

2023-05-20 20:49:30 +00:00 · 2023-05-20 20:49:30 +00:00 · 00c29b07c0
commit 00c29b07c0
parent 6f9c78119d
5 changed files with 72 additions and 2 deletions
--- a/Section_07/000-default-ssl.conf
+++ b/Section_07/000-default-ssl.conf
@ -19,7 +19,6 @@
      SSLProxyCheckPeerCN Off
      SSLProxyVerify none

-      Include /etc/letsencrypt/options-ssl-apache.conf
      SSLCertificateFile /etc/letsencrypt/live/demo-devops.konnect.dev/fullchain.pem
      SSLCertificateKeyFile /etc/letsencrypt/live/demo-devops.konnect.dev/privkey.pem
      
--- a/Section_07/default_ssl
+++ b/Section_07/default_ssl
@ -0,0 +1,37 @@
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name demo-devops.konnect.dev;
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    server_name demo-devops.konnect.dev;
+
+    root /var/www/html;
+    index index.php index.nginx-debian.html;
+
+    location / {
+        try_files $uri $uri/ =404;
+    }
+        
+    location ~ \.php$ {
+        include snippets/fastcgi-php.conf;
+        fastcgi_pass unix:/run/php/php8.1-fpm.sock;
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+
+    access_log /var/log/nginx/default_nginx.log;
+    error_log /var/log/nginx/default_nginx.log;
+
+    ssl_certificate /etc/letsencrypt/live/demo-devops.konnect.dev/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/demo-devops.konnect.dev/privkey.pem;
+}
--- a/Section_07/reverse_proxy_ssl
+++ b/Section_07/reverse_proxy_ssl
@ -0,0 +1,34 @@
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name demo-devops-api.konnect.dev;
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    server_name demo-devops-api.konnect.dev;
+
+    location / {
+        proxy_pass                          http://127.0.0.1:5000;
+        proxy_set_header Host               $http_host;
+        proxy_set_header X-Forwarded-Host   $http_host;
+        proxy_set_header X-Real-IP          $remote_addr;
+        proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto  https;
+        proxy_set_header X-Forwarded-Port   443;
+        proxy_buffer_size                   128k;
+        proxy_buffers                       4 256k;
+        proxy_busy_buffers_size             256k;
+    }
+
+    access_log /var/log/nginx/reverse_proxy_nginx.log;
+    error_log /var/log/nginx/reverse_proxy_nginx.log;
+
+    ssl_certificate /etc/letsencrypt/live/demo-devops-api.konnect.dev/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/demo-devops-api.konnect.dev/privkey.pem;
+}
--- a/Section_07/reverse_proxy_ssl.conf
+++ b/Section_07/reverse_proxy_ssl.conf
@ -23,7 +23,6 @@
      SSLProxyCheckPeerCN Off
      SSLProxyVerify none

-      Include /etc/letsencrypt/options-ssl-apache.conf
      SSLCertificateFile /etc/letsencrypt/live/demo-devops-api.konnect.dev/fullchain.pem
      SSLCertificateKeyFile /etc/letsencrypt/live/demo-devops-api.konnect.dev/privkey.pem
      
--- a/Section_07/ssl.sh
+++ b/Section_07/ssl.sh
@ -4,6 +4,7 @@
 sudo apt install certbot python3-certbot-apache python3-certbot-nginx

 # Apache2
+sudo a2enmod ssl
 sudo certbot certonly -d demo-devops.konnect.dev --apache2
 sudo certbot certonly -d demo-devops-api.konnect.dev --apache2
 sudo systemctl enable apache2 --now