full-install: add letsencrypt cert gen script

2026-05-02 00:47:11 +00:00 · 2024-01-26 15:26:51 +05:30
parent 818f8082be
commit ea8662a4e1
12 changed files with 134 additions and 13 deletions
--- a/docker-compose/full-install/nginx/conf-templates/certbot_conf.template
+++ b/docker-compose/full-install/nginx/conf-templates/certbot_conf.template
@@ -0,0 +1,15 @@
+server {
+    listen 80;
+    listen [::]:80;
+    
+    # chantge server_name while generating cert
+    server_name <SERVER_NAME>;
+
+    #access_log  /var/log/nginx/host.access.log  main;
+
+    # this is required for cert generation. 
+    # change server_name as well with cname of required cert
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }                     
+}
--- a/docker-compose/full-install/nginx/conf-templates/ssl_server_name_conf.template
+++ b/docker-compose/full-install/nginx/conf-templates/ssl_server_name_conf.template
@@ -0,0 +1,41 @@
+server {
+    listen 80;
+    listen [::]:80 ;
+    listen 443 default_server ssl;
+    listen [::]:443 ssl ;
+    # chantge server_name while generating cert
+    server_name <SERVER_NAME>;
+
+    # force https-redirects
+    if ($scheme = http) {
+        return 301 https://$server_name$request_uri;
+    }
+    
+    ssl_certificate /etc/nginx/ssl/live/<SERVER_NAME>/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/<SERVER_NAME>/privkey.pem;
+
+    #access_log  /var/log/nginx/host.access.log  main;
+    location / {
+        include  /etc/nginx/mime.types;
+        root   /opt/nocohub/nginx/data/<SERVER_NAME>/;
+        index  index.html index.htm;
+        auth_basic "Restricted Access";
+        auth_basic_user_file /opt/nocohub/nginx/conf/.htpasswd;        
+    }
+
+    location /proxy {
+        proxy_pass http://nocohub-001:8080;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+
+        auth_basic "Restricted Access";
+        auth_basic_user_file /opt/nocohub/nginx/conf/.htpasswd;       
+    }    
+
+    # deny access to .htaccess files, if Apache's document root
+    # concurs with nginx's one
+    #
+    location ~ /\.ht {
+       deny  all;
+    }
+}
--- a/docker-compose/full-install/nginx/conf.d/default.conf
+++ b/docker-compose/full-install/nginx/conf.d/default.conf
@@ -3,11 +3,6 @@ server {
    listen       80;
    listen  [::]:80;
    server_name  localhost;
-    # server_name my.nocodb.com;
-    # listen 443 default_server ssl;
-    # listen [::]:443 ssl ;
-    # ssl_certificate /etc/nginx/ssl/live/status.nocodb.com/fullchain.pem;
-    # ssl_certificate_key /etc/nginx/ssl/live/status.nocodb.com/privkey.pem;

    location / {    	
        proxy_pass http://nocodb_backend;
--- a/docker-compose/full-install/nginx/conf/nginx.conf
+++ b/docker-compose/full-install/nginx/conf/nginx.conf
@@ -4,4 +4,5 @@ events {

 http {
    include /etc/nginx/conf.d/*.conf;
-    }
+    include /etc/nginx/custom-conf.d/*.conf;
+}