Honour SNIKKET_TWEAK_HTTP/S_PORT variables
This commit is contained in:
parent
d748e19538
commit
c3018b06cf
|
@ -2,11 +2,16 @@
|
|||
|
||||
CERT_PATH="/snikket/letsencrypt/live/$SNIKKET_DOMAIN/cert.pem"
|
||||
|
||||
export SNIKKET_TWEAK_HTTP_PORT=${SNIKKET_TWEAK_HTTP_PORT-80}
|
||||
export SNIKKET_TWEAK_HTTPS_PORT=${SNIKKET_TWEAK_HTTP_PORT-443}
|
||||
export SNIKKET_TWEAK_INTERNAL_HTTP_PORT=${SNIKKET_TWEAK_INTERNAL_HTTP_PORT-5280}
|
||||
|
||||
while sleep 10; do
|
||||
if test -f "$CERT_PATH"; then
|
||||
for proto in http https; do
|
||||
sed "s/SNIKKET_DOMAIN/$SNIKKET_DOMAIN/g" /etc/nginx/templates/$proto \
|
||||
> /etc/nginx/sites-enabled/$proto;
|
||||
envsubst '$SNIKKET_DOMAIN $SNIKKET_TWEAK_HTTP_PORT $SNIKKET_TWEAK_HTTPS_PORT $SNIKKET_TWEAK_INTERNAL_HTTP_PORT' \
|
||||
< /etc/nginx/templates/$proto \
|
||||
> /etc/nginx/sites-enabled/$proto;
|
||||
done
|
||||
/usr/sbin/nginx -s reload
|
||||
exit 0;
|
||||
|
|
|
@ -2,11 +2,16 @@
|
|||
|
||||
CERT_PATH="/snikket/letsencrypt/live/$SNIKKET_DOMAIN/cert.pem"
|
||||
|
||||
export SNIKKET_TWEAK_HTTP_PORT=${SNIKKET_TWEAK_HTTP_PORT-80}
|
||||
export SNIKKET_TWEAK_HTTPS_PORT=${SNIKKET_TWEAK_HTTP_PORT-443}
|
||||
export SNIKKET_TWEAK_INTERNAL_HTTP_PORT=${SNIKKET_TWEAK_INTERNAL_HTTP_PORT-5280}
|
||||
|
||||
if test -f "$CERT_PATH"; then
|
||||
## Certs already exist - render and deploy configs
|
||||
for proto in http https; do
|
||||
sed "s/SNIKKET_DOMAIN/$SNIKKET_DOMAIN/g" /etc/nginx/templates/$proto \
|
||||
> /etc/nginx/sites-enabled/$proto;
|
||||
envsubst '$SNIKKET_DOMAIN $SNIKKET_TWEAK_HTTP_PORT $SNIKKET_TWEAK_HTTPS_PORT $SNIKKET_TWEAK_INTERNAL_HTTP_PORT' \
|
||||
< /etc/nginx/templates/$proto \
|
||||
> /etc/nginx/sites-enabled/$proto;
|
||||
done
|
||||
fi
|
||||
|
||||
|
|
|
@ -1,13 +1,13 @@
|
|||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
listen ${SNIKKET_TWEAK_HTTP_PORT};
|
||||
listen [::]:${SNIKKET_TWEAK_HTTP_PORT};
|
||||
|
||||
server_name SNIKKET_DOMAIN;
|
||||
server_name groups.SNIKKET_DOMAIN;
|
||||
server_name share.SNIKKET_DOMAIN;
|
||||
server_name ${SNIKKET_DOMAIN};
|
||||
server_name groups.${SNIKKET_DOMAIN};
|
||||
server_name share.${SNIKKET_DOMAIN};
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:5280/;
|
||||
proxy_pass http://localhost:${SNIKKET_TWEAK_INTERNAL_HTTP_PORT}/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto http;
|
||||
|
|
|
@ -1,9 +1,9 @@
|
|||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl ipv6only=on;
|
||||
listen ${SNIKKET_TWEAK_HTTPS_PORT} ssl;
|
||||
listen [::]:${SNIKKET_TWEAK_HTTPS_PORT} ssl ipv6only=on;
|
||||
|
||||
ssl_certificate /snikket/letsencrypt/live/SNIKKET_DOMAIN/fullchain.pem;
|
||||
ssl_certificate_key /snikket/letsencrypt/live/SNIKKET_DOMAIN/privkey.pem;
|
||||
ssl_certificate /snikket/letsencrypt/live/${SNIKKET_DOMAIN}/fullchain.pem;
|
||||
ssl_certificate_key /snikket/letsencrypt/live/${SNIKKET_DOMAIN}/privkey.pem;
|
||||
|
||||
ssl_session_cache shared:le_nginx_SSL:1m;
|
||||
ssl_session_timeout 1440m;
|
||||
|
@ -11,12 +11,12 @@ server {
|
|||
ssl_prefer_server_ciphers on;
|
||||
ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
|
||||
|
||||
server_name SNIKKET_DOMAIN;
|
||||
server_name groups.SNIKKET_DOMAIN;
|
||||
server_name share.SNIKKET_DOMAIN;
|
||||
server_name ${SNIKKET_DOMAIN};
|
||||
server_name groups.${SNIKKET_DOMAIN};
|
||||
server_name share.${SNIKKET_DOMAIN};
|
||||
|
||||
location / {
|
||||
proxy_pass http://localhost:5280/;
|
||||
proxy_pass http://localhost:${SNIKKET_TWEAK_INTERNAL_HTTP_PORT}/;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
|
|
Loading…
Reference in New Issue