From 00c29b07c0e1a543d7b1091e9dd47e8e73bb5c19 Mon Sep 17 00:00:00 2001 From: Kishan Takoordyal Date: Sat, 20 May 2023 20:49:30 +0000 Subject: [PATCH] Update Section_07/ssl.sh, Section_07/000-default-ssl.conf, Section_07/reverse_proxy_ssl.conf, Section_07/default_ssl, Section_07/reverse_proxy_ssl --- Section_07/000-default-ssl.conf | 1 - Section_07/default_ssl | 37 +++++++++++++++++++++++++++++++ Section_07/reverse_proxy_ssl | 34 ++++++++++++++++++++++++++++ Section_07/reverse_proxy_ssl.conf | 1 - Section_07/ssl.sh | 1 + 5 files changed, 72 insertions(+), 2 deletions(-) create mode 100644 Section_07/default_ssl create mode 100644 Section_07/reverse_proxy_ssl diff --git a/Section_07/000-default-ssl.conf b/Section_07/000-default-ssl.conf index d2f5d67..49a57eb 100644 --- a/Section_07/000-default-ssl.conf +++ b/Section_07/000-default-ssl.conf @@ -19,7 +19,6 @@ SSLProxyCheckPeerCN Off SSLProxyVerify none - Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/demo-devops.konnect.dev/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/demo-devops.konnect.dev/privkey.pem diff --git a/Section_07/default_ssl b/Section_07/default_ssl new file mode 100644 index 0000000..08d5814 --- /dev/null +++ b/Section_07/default_ssl @@ -0,0 +1,37 @@ +server { + listen 80; + listen [::]:80; + + server_name demo-devops.konnect.dev; + + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl http2; + server_name demo-devops.konnect.dev; + + root /var/www/html; + index index.php index.nginx-debian.html; + + location / { + try_files $uri $uri/ =404; + } + + location ~ \.php$ { + include snippets/fastcgi-php.conf; + fastcgi_pass unix:/run/php/php8.1-fpm.sock; + } + + location ~ /\.ht { + deny all; + } + + access_log /var/log/nginx/default_nginx.log; + error_log /var/log/nginx/default_nginx.log; + + ssl_certificate /etc/letsencrypt/live/demo-devops.konnect.dev/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/demo-devops.konnect.dev/privkey.pem; +} diff --git a/Section_07/reverse_proxy_ssl b/Section_07/reverse_proxy_ssl new file mode 100644 index 0000000..06ad536 --- /dev/null +++ b/Section_07/reverse_proxy_ssl @@ -0,0 +1,34 @@ +server { + listen 80; + listen [::]:80; + + server_name demo-devops-api.konnect.dev; + + location / { + return 301 https://$host$request_uri; + } +} + +server { + listen 443 ssl http2; + server_name demo-devops-api.konnect.dev; + + location / { + proxy_pass http://127.0.0.1:5000; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Forwarded-Port 443; + proxy_buffer_size 128k; + proxy_buffers 4 256k; + proxy_busy_buffers_size 256k; + } + + access_log /var/log/nginx/reverse_proxy_nginx.log; + error_log /var/log/nginx/reverse_proxy_nginx.log; + + ssl_certificate /etc/letsencrypt/live/demo-devops-api.konnect.dev/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/demo-devops-api.konnect.dev/privkey.pem; +} diff --git a/Section_07/reverse_proxy_ssl.conf b/Section_07/reverse_proxy_ssl.conf index 5d6a684..176a5fc 100644 --- a/Section_07/reverse_proxy_ssl.conf +++ b/Section_07/reverse_proxy_ssl.conf @@ -23,7 +23,6 @@ SSLProxyCheckPeerCN Off SSLProxyVerify none - Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateFile /etc/letsencrypt/live/demo-devops-api.konnect.dev/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/demo-devops-api.konnect.dev/privkey.pem diff --git a/Section_07/ssl.sh b/Section_07/ssl.sh index cb1331e..17422b3 100644 --- a/Section_07/ssl.sh +++ b/Section_07/ssl.sh @@ -4,6 +4,7 @@ sudo apt install certbot python3-certbot-apache python3-certbot-nginx # Apache2 +sudo a2enmod ssl sudo certbot certonly -d demo-devops.konnect.dev --apache2 sudo certbot certonly -d demo-devops-api.konnect.dev --apache2 sudo systemctl enable apache2 --now