root/devops-demo
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update Section_07/ssl.sh, Section_07/000-default-ssl.conf, Section_07/reverse_proxy_ssl.conf, Section_07/default_ssl, Section_07/reverse_proxy_ssl

Browse Source
This commit is contained in:
Kishan Takoordyal 2023-05-20 20:49:30 +00:00
parent 6f9c78119d
commit 00c29b07c0
5 changed files with 72 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Section_07/000-default-ssl.conf
View File

@ -19,7 +19,6 @@
SSLProxyCheckPeerCN Off SSLProxyCheckPeerCN Off
SSLProxyVerify none SSLProxyVerify none
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/demo-devops.konnect.dev/fullchain.pem SSLCertificateFile /etc/letsencrypt/live/demo-devops.konnect.dev/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/demo-devops.konnect.dev/privkey.pem SSLCertificateKeyFile /etc/letsencrypt/live/demo-devops.konnect.dev/privkey.pem

37
Section_07/default_ssl Normal file
View File

@ -0,0 +1,37 @@
server {
listen 80;
listen [::]:80;
server_name demo-devops.konnect.dev;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
server_name demo-devops.konnect.dev;
root /var/www/html;
index index.php index.nginx-debian.html;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
}
location ~ /\.ht {
deny all;
}
access_log /var/log/nginx/default_nginx.log;
error_log /var/log/nginx/default_nginx.log;
ssl_certificate /etc/letsencrypt/live/demo-devops.konnect.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/demo-devops.konnect.dev/privkey.pem;
}

34
Section_07/reverse_proxy_ssl Normal file
View File

@ -0,0 +1,34 @@
server {
listen 80;
listen [::]:80;
server_name demo-devops-api.konnect.dev;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2;
server_name demo-devops-api.konnect.dev;
location / {
proxy_pass http://127.0.0.1:5000;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
}
access_log /var/log/nginx/reverse_proxy_nginx.log;
error_log /var/log/nginx/reverse_proxy_nginx.log;
ssl_certificate /etc/letsencrypt/live/demo-devops-api.konnect.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/demo-devops-api.konnect.dev/privkey.pem;
}

1
Section_07/reverse_proxy_ssl.conf
View File

@ -23,7 +23,6 @@
SSLProxyCheckPeerCN Off SSLProxyCheckPeerCN Off
SSLProxyVerify none SSLProxyVerify none
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/demo-devops-api.konnect.dev/fullchain.pem SSLCertificateFile /etc/letsencrypt/live/demo-devops-api.konnect.dev/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/demo-devops-api.konnect.dev/privkey.pem SSLCertificateKeyFile /etc/letsencrypt/live/demo-devops-api.konnect.dev/privkey.pem

1
Section_07/ssl.sh
View File

@ -4,6 +4,7 @@
sudo apt install certbot python3-certbot-apache python3-certbot-nginx sudo apt install certbot python3-certbot-apache python3-certbot-nginx
# Apache2 # Apache2
sudo a2enmod ssl
sudo certbot certonly -d demo-devops.konnect.dev --apache2 sudo certbot certonly -d demo-devops.konnect.dev --apache2
sudo certbot certonly -d demo-devops-api.konnect.dev --apache2 sudo certbot certonly -d demo-devops-api.konnect.dev --apache2
sudo systemctl enable apache2 --now sudo systemctl enable apache2 --now