Initial Commit
continuous-integration/drone Build is passing
Details
continuous-integration/drone Build is passing
Details
commit
e7bbb862aa
@ -0,0 +1,14 @@
|
|||||||
|
kind: pipeline
|
||||||
|
name: default
|
||||||
|
|
||||||
|
steps:
|
||||||
|
- name: docker-build
|
||||||
|
image: plugins/docker
|
||||||
|
exlude:
|
||||||
|
- master
|
||||||
|
settings:
|
||||||
|
username: hugotty
|
||||||
|
password:
|
||||||
|
from_secret: docker_password
|
||||||
|
repo: "hugotty/nginx"
|
||||||
|
tags: latest
|
@ -0,0 +1,20 @@
|
|||||||
|
FROM debian:sid
|
||||||
|
|
||||||
|
# Set the env variables to non-interactive
|
||||||
|
ENV DEBIAN_FRONTEND noninteractive
|
||||||
|
ENV DEBIAN_PRIORITY critical
|
||||||
|
ENV DEBCONF_NOWARNINGS yes
|
||||||
|
|
||||||
|
RUN apt-get update && apt-get -y install nginx
|
||||||
|
|
||||||
|
RUN mkdir -p /var/lib/nginx
|
||||||
|
|
||||||
|
RUN chown -R www-data:www-data /var/lib/nginx
|
||||||
|
|
||||||
|
ADD ./acme-challenge.conf /etc/nginx/snippets/acme-challenge.conf
|
||||||
|
|
||||||
|
ADD ./nginx.conf /etc/nginx/nginx.conf
|
||||||
|
|
||||||
|
RUN mkdir /etc/nginx/streams-enabled && chown -R www-data:www-data /etc/nginx/streams-enabled
|
||||||
|
|
||||||
|
CMD [ "/usr/sbin/nginx", "-g", "daemon off; master_process on;" ]
|
@ -0,0 +1,44 @@
|
|||||||
|
#############################################################################
|
||||||
|
# Configuration file for Let's Encrypt ACME Challenge location
|
||||||
|
# This file is already included in listen_xxx.conf files.
|
||||||
|
# Do NOT include it separately!
|
||||||
|
#############################################################################
|
||||||
|
#
|
||||||
|
# This config enables to access /.well-known/acme-challenge/xxxxxxxxxxx
|
||||||
|
# on all our sites (HTTP), including all subdomains.
|
||||||
|
# This is required by ACME Challenge (webroot authentication).
|
||||||
|
# You can check that this location is working by placing ping.txt here:
|
||||||
|
# /var/www/letsencrypt/.well-known/acme-challenge/ping.txt
|
||||||
|
# And pointing your browser to:
|
||||||
|
# http://xxx.domain.tld/.well-known/acme-challenge/ping.txt
|
||||||
|
#
|
||||||
|
# Sources:
|
||||||
|
# https://community.letsencrypt.org/t/howto-easy-cert-generation-and-renewal-with-nginx/3491
|
||||||
|
#
|
||||||
|
#############################################################################
|
||||||
|
|
||||||
|
# Rule for legitimate ACME Challenge requests (like /.well-known/acme-challenge/xxxxxxxxx)
|
||||||
|
# We use ^~ here, so that we don't check other regexes (for speed-up). We actually MUST cancel
|
||||||
|
# other regex checks, because in our other config files have regex rule that denies access to files with dotted names.
|
||||||
|
location ^~ /.well-known/acme-challenge/ {
|
||||||
|
|
||||||
|
# Set correct content type. According to this:
|
||||||
|
# https://community.letsencrypt.org/t/using-the-webroot-domain-verification-method/1445/29
|
||||||
|
# Current specification requires "text/plain" or no content header at all.
|
||||||
|
# It seems that "text/plain" is a safe option.
|
||||||
|
default_type "text/plain";
|
||||||
|
|
||||||
|
# This directory must be the same as in /etc/letsencrypt/cli.ini
|
||||||
|
# as "webroot-path" parameter. Also don't forget to set "authenticator" parameter
|
||||||
|
# there to "webroot".
|
||||||
|
# Do NOT use alias, use root! Target directory is located here:
|
||||||
|
# /var/www/common/letsencrypt/.well-known/acme-challenge/
|
||||||
|
root /var/www/letsencrypt;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Hide /acme-challenge subdirectory and return 404 on all requests.
|
||||||
|
# It is somewhat more secure than letting Nginx return 403.
|
||||||
|
# Ending slash is important!
|
||||||
|
location = /.well-known/acme-challenge/ {
|
||||||
|
return 404;
|
||||||
|
}
|
@ -0,0 +1,89 @@
|
|||||||
|
user www-data;
|
||||||
|
worker_processes auto;
|
||||||
|
pid /run/nginx.pid;
|
||||||
|
include /etc/nginx/modules-enabled/*.conf;
|
||||||
|
|
||||||
|
events {
|
||||||
|
worker_connections 768;
|
||||||
|
# multi_accept on;
|
||||||
|
}
|
||||||
|
|
||||||
|
http {
|
||||||
|
|
||||||
|
##
|
||||||
|
# Basic Settings
|
||||||
|
##
|
||||||
|
|
||||||
|
sendfile on;
|
||||||
|
tcp_nopush on;
|
||||||
|
tcp_nodelay on;
|
||||||
|
keepalive_timeout 65;
|
||||||
|
types_hash_max_size 2048;
|
||||||
|
# server_tokens off;
|
||||||
|
|
||||||
|
# server_names_hash_bucket_size 64;
|
||||||
|
# server_name_in_redirect off;
|
||||||
|
|
||||||
|
include /etc/nginx/mime.types;
|
||||||
|
default_type application/octet-stream;
|
||||||
|
|
||||||
|
##
|
||||||
|
# SSL Settings
|
||||||
|
##
|
||||||
|
|
||||||
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
|
||||||
|
##
|
||||||
|
# Logging Settings
|
||||||
|
##
|
||||||
|
|
||||||
|
access_log /var/log/nginx/access.log;
|
||||||
|
error_log /var/log/nginx/error.log;
|
||||||
|
|
||||||
|
##
|
||||||
|
# Gzip Settings
|
||||||
|
##
|
||||||
|
|
||||||
|
gzip on;
|
||||||
|
|
||||||
|
# gzip_vary on;
|
||||||
|
# gzip_proxied any;
|
||||||
|
# gzip_comp_level 6;
|
||||||
|
# gzip_buffers 16 8k;
|
||||||
|
# gzip_http_version 1.1;
|
||||||
|
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
||||||
|
|
||||||
|
##
|
||||||
|
# Virtual Host Configs
|
||||||
|
##
|
||||||
|
|
||||||
|
include /etc/nginx/conf.d/*.conf;
|
||||||
|
include /etc/nginx/sites-enabled/*;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#mail {
|
||||||
|
# # See sample authentication script at:
|
||||||
|
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
|
||||||
|
#
|
||||||
|
# # auth_http localhost/auth.php;
|
||||||
|
# # pop3_capabilities "TOP" "USER";
|
||||||
|
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
|
||||||
|
#
|
||||||
|
# server {
|
||||||
|
# listen localhost:110;
|
||||||
|
# protocol pop3;
|
||||||
|
# proxy on;
|
||||||
|
# }
|
||||||
|
#
|
||||||
|
# server {
|
||||||
|
# listen localhost:143;
|
||||||
|
# protocol imap;
|
||||||
|
# proxy on;
|
||||||
|
# }
|
||||||
|
#}
|
||||||
|
|
||||||
|
stream {
|
||||||
|
include /etc/nginx/streams-enabled/*;
|
||||||
|
}
|
Loading…
Reference in New Issue