Switch from certbot to traefik

2021-03-10 21:24:49 +01:00
parent 9344017322
commit ca58b4852a
8 changed files with 220 additions and 71 deletions
--- a/ldap-overleaf-sl/nginx/nginx-cert.sh
+++ b/ldap-overleaf-sl/nginx/nginx-cert.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+less /etc/letsencrypt/acme.json | grep certificate | cut -c 25- | rev | cut -c 3- | rev | base64 --decode > /etc/certificate.crt
+less /etc/letsencrypt/acme.json | grep key | cut -c 17- | rev | cut -c 3- | rev | base64 --decode > /etc/key.crt
--- a/ldap-overleaf-sl/nginx/sharelatex.conf
+++ b/ldap-overleaf-sl/nginx/sharelatex.conf
@@ -1,31 +1,31 @@
 server {
 	listen         80;
 	server_name    _; # Catch all, see http://nginx.org/en/docs/http/server_names.html
-        location /.well-known/acme-challenge/ {
-	    root /var/www/certbot;
-	}
-        location / {
-          return 301 https://$host$request_uri;
-        }    
-}
+#        location / {
+#          return 301 https://$host$request_uri;
+#        }    
+#}
+#
+#
+#server {
+#        
+#	listen 443 ssl default_server;
+#        listen [::]:443 ssl default_server;
+#        server_name    _; # Catch all

-
-server {
-        
-	listen 443 ssl default_server;
-        listen [::]:443 ssl default_server;
-        server_name    _; # Catch all
+        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
+        server_tokens off;
+        add_header X-Frame-Options SAMEORIGIN;
+        add_header X-Content-Type-Options nosniff;

 	set $static_path /var/www/sharelatex/web/public;
-        ssl_certificate /etc/letsencrypt/certs/domain/fullchain.pem;
-        ssl_certificate_key /etc/letsencrypt/certs/domain/privkey.pem;
- 	include /etc/nginx/options-ssl-nginx.conf;
-        ssl_dhparam /etc/nginx/ssl-dhparams.pem;
-
-        location /.well-known/acme-challenge/ {
-	    root /var/www/certbot;
-	}
-
+#        ssl_certificate /etc/certificate.crt;
+#        ssl_certificate_key /etc/key.crt;
+#        ssl_certificate /etc/letsencrypt/certs/domain/fullchain.pem;
+#        ssl_certificate_key /etc/letsencrypt/certs/domain/privkey.pem;
+# 	include /etc/nginx/options-ssl-nginx.conf;
+#        ssl_dhparam /etc/nginx/ssl-dhparams.pem;
+#
 	location / {
 		proxy_pass http://127.0.0.1:3000;
 		proxy_http_version 1.1;