Initial Commit
continuous-integration/drone Build is passing
Details
continuous-integration/drone Build is passing
Details
commit
e7bbb862aa
@ -0,0 +1,14 @@
|
||||
kind: pipeline
|
||||
name: default
|
||||
|
||||
steps:
|
||||
- name: docker-build
|
||||
image: plugins/docker
|
||||
exlude:
|
||||
- master
|
||||
settings:
|
||||
username: hugotty
|
||||
password:
|
||||
from_secret: docker_password
|
||||
repo: "hugotty/nginx"
|
||||
tags: latest
|
||||
@ -0,0 +1,20 @@
|
||||
FROM debian:sid
|
||||
|
||||
# Set the env variables to non-interactive
|
||||
ENV DEBIAN_FRONTEND noninteractive
|
||||
ENV DEBIAN_PRIORITY critical
|
||||
ENV DEBCONF_NOWARNINGS yes
|
||||
|
||||
RUN apt-get update && apt-get -y install nginx
|
||||
|
||||
RUN mkdir -p /var/lib/nginx
|
||||
|
||||
RUN chown -R www-data:www-data /var/lib/nginx
|
||||
|
||||
ADD ./acme-challenge.conf /etc/nginx/snippets/acme-challenge.conf
|
||||
|
||||
ADD ./nginx.conf /etc/nginx/nginx.conf
|
||||
|
||||
RUN mkdir /etc/nginx/streams-enabled && chown -R www-data:www-data /etc/nginx/streams-enabled
|
||||
|
||||
CMD [ "/usr/sbin/nginx", "-g", "daemon off; master_process on;" ]
|
||||
@ -0,0 +1,44 @@
|
||||
#############################################################################
|
||||
# Configuration file for Let's Encrypt ACME Challenge location
|
||||
# This file is already included in listen_xxx.conf files.
|
||||
# Do NOT include it separately!
|
||||
#############################################################################
|
||||
#
|
||||
# This config enables to access /.well-known/acme-challenge/xxxxxxxxxxx
|
||||
# on all our sites (HTTP), including all subdomains.
|
||||
# This is required by ACME Challenge (webroot authentication).
|
||||
# You can check that this location is working by placing ping.txt here:
|
||||
# /var/www/letsencrypt/.well-known/acme-challenge/ping.txt
|
||||
# And pointing your browser to:
|
||||
# http://xxx.domain.tld/.well-known/acme-challenge/ping.txt
|
||||
#
|
||||
# Sources:
|
||||
# https://community.letsencrypt.org/t/howto-easy-cert-generation-and-renewal-with-nginx/3491
|
||||
#
|
||||
#############################################################################
|
||||
|
||||
# Rule for legitimate ACME Challenge requests (like /.well-known/acme-challenge/xxxxxxxxx)
|
||||
# We use ^~ here, so that we don't check other regexes (for speed-up). We actually MUST cancel
|
||||
# other regex checks, because in our other config files have regex rule that denies access to files with dotted names.
|
||||
location ^~ /.well-known/acme-challenge/ {
|
||||
|
||||
# Set correct content type. According to this:
|
||||
# https://community.letsencrypt.org/t/using-the-webroot-domain-verification-method/1445/29
|
||||
# Current specification requires "text/plain" or no content header at all.
|
||||
# It seems that "text/plain" is a safe option.
|
||||
default_type "text/plain";
|
||||
|
||||
# This directory must be the same as in /etc/letsencrypt/cli.ini
|
||||
# as "webroot-path" parameter. Also don't forget to set "authenticator" parameter
|
||||
# there to "webroot".
|
||||
# Do NOT use alias, use root! Target directory is located here:
|
||||
# /var/www/common/letsencrypt/.well-known/acme-challenge/
|
||||
root /var/www/letsencrypt;
|
||||
}
|
||||
|
||||
# Hide /acme-challenge subdirectory and return 404 on all requests.
|
||||
# It is somewhat more secure than letting Nginx return 403.
|
||||
# Ending slash is important!
|
||||
location = /.well-known/acme-challenge/ {
|
||||
return 404;
|
||||
}
|
||||
@ -0,0 +1,89 @@
|
||||
user www-data;
|
||||
worker_processes auto;
|
||||
pid /run/nginx.pid;
|
||||
include /etc/nginx/modules-enabled/*.conf;
|
||||
|
||||
events {
|
||||
worker_connections 768;
|
||||
# multi_accept on;
|
||||
}
|
||||
|
||||
http {
|
||||
|
||||
##
|
||||
# Basic Settings
|
||||
##
|
||||
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
keepalive_timeout 65;
|
||||
types_hash_max_size 2048;
|
||||
# server_tokens off;
|
||||
|
||||
# server_names_hash_bucket_size 64;
|
||||
# server_name_in_redirect off;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
##
|
||||
# SSL Settings
|
||||
##
|
||||
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
##
|
||||
# Logging Settings
|
||||
##
|
||||
|
||||
access_log /var/log/nginx/access.log;
|
||||
error_log /var/log/nginx/error.log;
|
||||
|
||||
##
|
||||
# Gzip Settings
|
||||
##
|
||||
|
||||
gzip on;
|
||||
|
||||
# gzip_vary on;
|
||||
# gzip_proxied any;
|
||||
# gzip_comp_level 6;
|
||||
# gzip_buffers 16 8k;
|
||||
# gzip_http_version 1.1;
|
||||
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
||||
|
||||
##
|
||||
# Virtual Host Configs
|
||||
##
|
||||
|
||||
include /etc/nginx/conf.d/*.conf;
|
||||
include /etc/nginx/sites-enabled/*;
|
||||
}
|
||||
|
||||
|
||||
#mail {
|
||||
# # See sample authentication script at:
|
||||
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
|
||||
#
|
||||
# # auth_http localhost/auth.php;
|
||||
# # pop3_capabilities "TOP" "USER";
|
||||
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
|
||||
#
|
||||
# server {
|
||||
# listen localhost:110;
|
||||
# protocol pop3;
|
||||
# proxy on;
|
||||
# }
|
||||
#
|
||||
# server {
|
||||
# listen localhost:143;
|
||||
# protocol imap;
|
||||
# proxy on;
|
||||
# }
|
||||
#}
|
||||
|
||||
stream {
|
||||
include /etc/nginx/streams-enabled/*;
|
||||
}
|
||||
Loading…
Reference in New Issue