Compare commits
2 Commits
93ca21daa6
...
minus-lets
Author | SHA1 | Date |
---|---|---|
3wc | bcec18a66f | |
decentral1se | 216b077127 |
|
@ -22,7 +22,6 @@ ADD nginx/nginx.conf /etc/nginx/nginx.conf
|
||||||
ADD nginx/snikket-common.template /etc/nginx/templates/snikket-common
|
ADD nginx/snikket-common.template /etc/nginx/templates/snikket-common
|
||||||
ADD nginx/startup.template /etc/nginx/templates/startup
|
ADD nginx/startup.template /etc/nginx/templates/startup
|
||||||
ADD nginx/http.template /etc/nginx/templates/http
|
ADD nginx/http.template /etc/nginx/templates/http
|
||||||
ADD nginx/https.template /etc/nginx/templates/https
|
|
||||||
ADD supervisord.conf /etc/supervisord/supervisord.conf
|
ADD supervisord.conf /etc/supervisord/supervisord.conf
|
||||||
ADD cert-monitor.sh /usr/local/bin/cert-monitor.sh
|
ADD cert-monitor.sh /usr/local/bin/cert-monitor.sh
|
||||||
ADD static /var/www/html/static
|
ADD static /var/www/html/static
|
||||||
|
|
|
@ -1,20 +1,11 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
CERT_PATH="/snikket/letsencrypt/live/$SNIKKET_DOMAIN/cert.pem"
|
if test -f /etc/nginx/sites-enabled/startup; then
|
||||||
|
|
||||||
while sleep 10; do
|
|
||||||
if test -f "$CERT_PATH"; then
|
|
||||||
if test -f /etc/nginx/sites-enabled/startup; then
|
|
||||||
rm /etc/nginx/sites-enabled/startup;
|
rm /etc/nginx/sites-enabled/startup;
|
||||||
fi
|
fi
|
||||||
/usr/local/bin/render-template.sh "/etc/nginx/templates/snikket-common" "/etc/nginx/snippets/snikket-common.conf"
|
/usr/local/bin/render-template.sh "/etc/nginx/templates/snikket-common" "/etc/nginx/snippets/snikket-common.conf"
|
||||||
for proto in http https; do
|
proto=http
|
||||||
/usr/local/bin/render-template.sh "/etc/nginx/templates/$proto" "/etc/nginx/sites-enabled/$proto";
|
/usr/local/bin/render-template.sh "/etc/nginx/templates/$proto" "/etc/nginx/sites-enabled/$proto";
|
||||||
done
|
/usr/sbin/nginx -s reload
|
||||||
/usr/sbin/nginx -s reload
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
while sleep 86400; do
|
sleep inf
|
||||||
/usr/sbin/nginx -s reload;
|
|
||||||
done
|
|
||||||
|
|
|
@ -4,14 +4,24 @@ server {
|
||||||
|
|
||||||
server_name ${SNIKKET_DOMAIN};
|
server_name ${SNIKKET_DOMAIN};
|
||||||
server_name groups.${SNIKKET_DOMAIN};
|
server_name groups.${SNIKKET_DOMAIN};
|
||||||
|
|
||||||
|
include "/etc/nginx/snippets/snikket-common.conf";
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen ${SNIKKET_TWEAK_HTTP_PORT};
|
||||||
|
listen [::]:${SNIKKET_TWEAK_HTTP_PORT};
|
||||||
|
|
||||||
server_name share.${SNIKKET_DOMAIN};
|
server_name share.${SNIKKET_DOMAIN};
|
||||||
|
|
||||||
location /.well-known/acme-challenge {
|
root /var/www/html;
|
||||||
alias /var/www/html/.well-known/acme-challenge;
|
|
||||||
}
|
|
||||||
|
|
||||||
location / {
|
location /upload/ {
|
||||||
return 301 https://$host$request_uri;
|
client_max_body_size 16M;
|
||||||
|
proxy_pass http://${SNIKKET_TWEAK_INTERNAL_HTTP_HOST}:${SNIKKET_TWEAK_INTERNAL_HTTP_PORT};
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,70 +0,0 @@
|
||||||
server {
|
|
||||||
listen ${SNIKKET_TWEAK_HTTPS_PORT} ssl;
|
|
||||||
listen [::]:${SNIKKET_TWEAK_HTTPS_PORT} ssl;
|
|
||||||
|
|
||||||
ssl_certificate /snikket/letsencrypt/live/${SNIKKET_DOMAIN}/fullchain.pem;
|
|
||||||
ssl_certificate_key /snikket/letsencrypt/live/${SNIKKET_DOMAIN}/privkey.pem;
|
|
||||||
|
|
||||||
ssl_session_cache shared:le_nginx_SSL:1m;
|
|
||||||
ssl_session_timeout 1440m;
|
|
||||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
||||||
ssl_prefer_server_ciphers on;
|
|
||||||
ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
|
|
||||||
|
|
||||||
server_name ${SNIKKET_DOMAIN};
|
|
||||||
server_name groups.${SNIKKET_DOMAIN};
|
|
||||||
|
|
||||||
include "/etc/nginx/snippets/snikket-common.conf";
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen ${SNIKKET_TWEAK_HTTPS_PORT} ssl;
|
|
||||||
listen [::]:${SNIKKET_TWEAK_HTTPS_PORT} ssl;
|
|
||||||
|
|
||||||
ssl_certificate /snikket/letsencrypt/live/${SNIKKET_DOMAIN}/fullchain.pem;
|
|
||||||
ssl_certificate_key /snikket/letsencrypt/live/${SNIKKET_DOMAIN}/privkey.pem;
|
|
||||||
|
|
||||||
ssl_session_cache shared:le_nginx_SSL:1m;
|
|
||||||
ssl_session_timeout 1440m;
|
|
||||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
||||||
ssl_prefer_server_ciphers on;
|
|
||||||
ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
|
|
||||||
|
|
||||||
server_name share.${SNIKKET_DOMAIN};
|
|
||||||
|
|
||||||
root /var/www/html;
|
|
||||||
|
|
||||||
location /upload/ {
|
|
||||||
client_max_body_size 16M;
|
|
||||||
proxy_pass http://${SNIKKET_TWEAK_INTERNAL_HTTP_HOST}:${SNIKKET_TWEAK_INTERNAL_HTTP_PORT};
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto https;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Fail requests to unknown domains
|
|
||||||
server {
|
|
||||||
listen ${SNIKKET_TWEAK_HTTPS_PORT} ssl default_server;
|
|
||||||
listen [::]:${SNIKKET_TWEAK_HTTPS_PORT} ssl default_server;
|
|
||||||
|
|
||||||
ssl_certificate /snikket/letsencrypt/live/${SNIKKET_DOMAIN}/fullchain.pem;
|
|
||||||
ssl_certificate_key /snikket/letsencrypt/live/${SNIKKET_DOMAIN}/privkey.pem;
|
|
||||||
|
|
||||||
ssl_session_cache shared:le_nginx_SSL:1m;
|
|
||||||
ssl_session_timeout 1440m;
|
|
||||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
|
||||||
ssl_prefer_server_ciphers on;
|
|
||||||
ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS";
|
|
||||||
|
|
||||||
error_page 404 /_errors/404_site.html;
|
|
||||||
|
|
||||||
location = /_errors/404_site.html {
|
|
||||||
root /var/www/html;
|
|
||||||
internal;
|
|
||||||
}
|
|
||||||
|
|
||||||
location / {
|
|
||||||
try_files none =404;
|
|
||||||
}
|
|
||||||
}
|
|
56
startup.html
56
startup.html
|
@ -1,34 +1,50 @@
|
||||||
<!DOCTYPE html>
|
<!DOCTYPE html>
|
||||||
<html lang="en" xmlns:xlink="http://www.w3.org/1999/xlink">
|
<html lang="en" xmlns:xlink="http://www.w3.org/1999/xlink">
|
||||||
<head>
|
<head>
|
||||||
<meta charset="utf-8">
|
<meta charset="utf-8" />
|
||||||
|
|
||||||
<meta http-equiv="refresh" content="10">
|
<meta http-equiv="refresh" content="10" />
|
||||||
|
|
||||||
<title>Snikket is starting</title>
|
<title>Snikket is starting</title>
|
||||||
|
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1">
|
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
||||||
|
|
||||||
<link rel="stylesheet" href="/static/css/snikket.css">
|
<link rel="stylesheet" href="/static/css/snikket.css" />
|
||||||
|
|
||||||
<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png">
|
<link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon.png" />
|
||||||
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png">
|
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" />
|
||||||
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png">
|
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png" />
|
||||||
<link rel="manifest" href="/site.webmanifest">
|
<link rel="manifest" href="/site.webmanifest" />
|
||||||
<link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5">
|
<link rel="mask-icon" href="/safari-pinned-tab.svg" color="#5bbad5" />
|
||||||
<meta name="msapplication-TileColor" content="#fbd308">
|
<meta name="msapplication-TileColor" content="#fbd308" />
|
||||||
<meta name="theme-color" content="#fbd308">
|
<meta name="theme-color" content="#fbd308" />
|
||||||
</head>
|
</head>
|
||||||
<body style="background-color: #eee">
|
<body style="background-color: #eee;">
|
||||||
<div style="width: 80%; margin-top: 10%; margin-left: auto; margin-right: auto; background-color: #f8f8f8; padding: 3em;">
|
<div
|
||||||
<img src="/static/img/snikket-logo-text.svg" alt="Snikket" style="width: 60%">
|
style="
|
||||||
|
width: 80%;
|
||||||
|
margin-top: 10%;
|
||||||
|
margin-left: auto;
|
||||||
|
margin-right: auto;
|
||||||
|
background-color: #f8f8f8;
|
||||||
|
padding: 3em;
|
||||||
|
"
|
||||||
|
>
|
||||||
|
<img
|
||||||
|
src="/static/img/snikket-logo-text.svg"
|
||||||
|
alt="Snikket"
|
||||||
|
style="width: 60%;"
|
||||||
|
/>
|
||||||
<h1>Snikket is starting</h1>
|
<h1>Snikket is starting</h1>
|
||||||
<p>We are currently obtaining SSL/TLS certificates to secure your Snikket service.</p>
|
<p>
|
||||||
<p>The login page should appear in a moment. If not, please reload the page.</p>
|
The login page should appear in a moment. If not, please reload the
|
||||||
<br>
|
page.
|
||||||
<p>If this page appears for more than a few minutes, there may be a problem. Check that
|
</p>
|
||||||
all components of Snikket are started properly, that your DNS is correct, and that port
|
<br />
|
||||||
80 is open.
|
<p>
|
||||||
|
If this page appears for more than a few minutes, there may be a
|
||||||
|
problem. Check that all components of Snikket are started properly, that
|
||||||
|
your DNS is correct, and that port 80 is open.
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
</body>
|
</body>
|
||||||
|
|
Loading…
Reference in New Issue