Stub nginx and letsencrypt config
This commit is contained in:
parent
4074a5f0ba
commit
4a1ad72ab8
44
Makefile
44
Makefile
|
@ -43,6 +43,50 @@ publish: htmldocs pages
|
|||
(cd pages; git push)
|
||||
rm -rf pages
|
||||
|
||||
###########################################################################
|
||||
#
|
||||
# Makefile targets `letsencrypt-register` and `letsencrypt-renew`
|
||||
# request LIVE certificates.
|
||||
#
|
||||
# To get the first certificate,
|
||||
#
|
||||
# make letsencrypt-register DOMAIN=... ADMINEMAIL=...
|
||||
#
|
||||
# Add the following to `app`'s crontab to attempt renewal on the 2nd of
|
||||
# each month:
|
||||
#
|
||||
# 17 17 2 * * (cd /home/app/live/rmq; make letsencrypt-renew)
|
||||
#
|
||||
# Add the following to `root`'s crontab to restart `nginx` after
|
||||
# potential certificate renewal:
|
||||
#
|
||||
# 19 17 2 * * service nginx restart
|
||||
#
|
||||
|
||||
letsencrypt-register: letsencrypt/etc/live/$(DOMAIN)
|
||||
letsencrypt/etc/live/$(DOMAIN):
|
||||
[ -n "$$ADMINEMAIL" ]
|
||||
[ -n "$$DOMAIN" ]
|
||||
(certbot certonly \
|
||||
--config-dir $(CURDIR)/letsencrypt/etc \
|
||||
--work-dir $(CURDIR)/letsencrypt/tmp \
|
||||
--logs-dir $(CURDIR)/letsencrypt/log \
|
||||
--email $(ADMINEMAIL) \
|
||||
--agree-tos \
|
||||
--webroot \
|
||||
-w $(CURDIR)/racketmq/htdocs \
|
||||
-d $(DOMAIN) \
|
||||
)
|
||||
|
||||
letsencrypt-renew:
|
||||
(certbot renew \
|
||||
--config-dir $(CURDIR)/letsencrypt/etc \
|
||||
--work-dir $(CURDIR)/letsencrypt/tmp \
|
||||
--logs-dir $(CURDIR)/letsencrypt/log \
|
||||
)
|
||||
|
||||
###########################################################################
|
||||
|
||||
post-receive-hook:
|
||||
( cd ../syndicate/racket && git pull && \
|
||||
( raco pkg update --auto --update-deps syndicate || true) )
|
||||
|
|
|
@ -0,0 +1,34 @@
|
|||
# If you are running RacketMQ behind nginx, e.g. for letsencrypt
|
||||
# support, then "apt-get install nginx", remove the default symlink
|
||||
# from /etc/nginx/sites-enabled, and symlink this file into
|
||||
# /etc/nginx/sites-enabled. Then, restart nginx.
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen 443 default_server ssl;
|
||||
|
||||
access_log /var/log/nginx/access.log;
|
||||
error_log /var/log/nginx/error.log;
|
||||
# error_log /var/log/nginx/error.log debug;
|
||||
|
||||
client_body_in_file_only clean;
|
||||
client_body_buffer_size 32K;
|
||||
client_max_body_size 30M;
|
||||
sendfile on;
|
||||
send_timeout 300s;
|
||||
|
||||
ssl_certificate /home/app/live/letsencrypt/etc/live/websub.reversehttp.net/fullchain.pem;
|
||||
ssl_certificate_key /home/app/live/letsencrypt/etc/live/websub.reversehttp.net/privkey.pem;
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
|
||||
error_page 500 502 503 504 /500.html;
|
||||
location /500.html {
|
||||
root /home/app/live/rmq/racketmq/htdocs;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://127.0.0.1:7827/;
|
||||
}
|
||||
}
|
|
@ -0,0 +1,23 @@
|
|||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta http-equiv="refresh" content="30">
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Temporary Site Error</title>
|
||||
</head>
|
||||
<body>
|
||||
<div>
|
||||
<h1>Temporary Site Error</h1>
|
||||
<p>
|
||||
Unfortunately, the site is currently unavailable. It may be
|
||||
undergoing maintenance, or there may be some technical problem.
|
||||
</p>
|
||||
<h2>Please check back in a few minutes.</h2>
|
||||
<p>
|
||||
If you leave this page open, your browser will automatically
|
||||
retry every 30 seconds.
|
||||
</p>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
Loading…
Reference in New Issue