Stub nginx and letsencrypt config
This commit is contained in:
parent
4074a5f0ba
commit
4a1ad72ab8
44
Makefile
44
Makefile
|
@ -43,6 +43,50 @@ publish: htmldocs pages
|
||||||
(cd pages; git push)
|
(cd pages; git push)
|
||||||
rm -rf pages
|
rm -rf pages
|
||||||
|
|
||||||
|
###########################################################################
|
||||||
|
#
|
||||||
|
# Makefile targets `letsencrypt-register` and `letsencrypt-renew`
|
||||||
|
# request LIVE certificates.
|
||||||
|
#
|
||||||
|
# To get the first certificate,
|
||||||
|
#
|
||||||
|
# make letsencrypt-register DOMAIN=... ADMINEMAIL=...
|
||||||
|
#
|
||||||
|
# Add the following to `app`'s crontab to attempt renewal on the 2nd of
|
||||||
|
# each month:
|
||||||
|
#
|
||||||
|
# 17 17 2 * * (cd /home/app/live/rmq; make letsencrypt-renew)
|
||||||
|
#
|
||||||
|
# Add the following to `root`'s crontab to restart `nginx` after
|
||||||
|
# potential certificate renewal:
|
||||||
|
#
|
||||||
|
# 19 17 2 * * service nginx restart
|
||||||
|
#
|
||||||
|
|
||||||
|
letsencrypt-register: letsencrypt/etc/live/$(DOMAIN)
|
||||||
|
letsencrypt/etc/live/$(DOMAIN):
|
||||||
|
[ -n "$$ADMINEMAIL" ]
|
||||||
|
[ -n "$$DOMAIN" ]
|
||||||
|
(certbot certonly \
|
||||||
|
--config-dir $(CURDIR)/letsencrypt/etc \
|
||||||
|
--work-dir $(CURDIR)/letsencrypt/tmp \
|
||||||
|
--logs-dir $(CURDIR)/letsencrypt/log \
|
||||||
|
--email $(ADMINEMAIL) \
|
||||||
|
--agree-tos \
|
||||||
|
--webroot \
|
||||||
|
-w $(CURDIR)/racketmq/htdocs \
|
||||||
|
-d $(DOMAIN) \
|
||||||
|
)
|
||||||
|
|
||||||
|
letsencrypt-renew:
|
||||||
|
(certbot renew \
|
||||||
|
--config-dir $(CURDIR)/letsencrypt/etc \
|
||||||
|
--work-dir $(CURDIR)/letsencrypt/tmp \
|
||||||
|
--logs-dir $(CURDIR)/letsencrypt/log \
|
||||||
|
)
|
||||||
|
|
||||||
|
###########################################################################
|
||||||
|
|
||||||
post-receive-hook:
|
post-receive-hook:
|
||||||
( cd ../syndicate/racket && git pull && \
|
( cd ../syndicate/racket && git pull && \
|
||||||
( raco pkg update --auto --update-deps syndicate || true) )
|
( raco pkg update --auto --update-deps syndicate || true) )
|
||||||
|
|
|
@ -0,0 +1,34 @@
|
||||||
|
# If you are running RacketMQ behind nginx, e.g. for letsencrypt
|
||||||
|
# support, then "apt-get install nginx", remove the default symlink
|
||||||
|
# from /etc/nginx/sites-enabled, and symlink this file into
|
||||||
|
# /etc/nginx/sites-enabled. Then, restart nginx.
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen 443 default_server ssl;
|
||||||
|
|
||||||
|
access_log /var/log/nginx/access.log;
|
||||||
|
error_log /var/log/nginx/error.log;
|
||||||
|
# error_log /var/log/nginx/error.log debug;
|
||||||
|
|
||||||
|
client_body_in_file_only clean;
|
||||||
|
client_body_buffer_size 32K;
|
||||||
|
client_max_body_size 30M;
|
||||||
|
sendfile on;
|
||||||
|
send_timeout 300s;
|
||||||
|
|
||||||
|
ssl_certificate /home/app/live/letsencrypt/etc/live/websub.reversehttp.net/fullchain.pem;
|
||||||
|
ssl_certificate_key /home/app/live/letsencrypt/etc/live/websub.reversehttp.net/privkey.pem;
|
||||||
|
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
|
||||||
|
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||||
|
|
||||||
|
error_page 500 502 503 504 /500.html;
|
||||||
|
location /500.html {
|
||||||
|
root /home/app/live/rmq/racketmq/htdocs;
|
||||||
|
}
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_pass http://127.0.0.1:7827/;
|
||||||
|
}
|
||||||
|
}
|
|
@ -0,0 +1,23 @@
|
||||||
|
<!DOCTYPE html>
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<meta http-equiv="refresh" content="30">
|
||||||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||||||
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||||
|
<title>Temporary Site Error</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<div>
|
||||||
|
<h1>Temporary Site Error</h1>
|
||||||
|
<p>
|
||||||
|
Unfortunately, the site is currently unavailable. It may be
|
||||||
|
undergoing maintenance, or there may be some technical problem.
|
||||||
|
</p>
|
||||||
|
<h2>Please check back in a few minutes.</h2>
|
||||||
|
<p>
|
||||||
|
If you leave this page open, your browser will automatically
|
||||||
|
retry every 30 seconds.
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
</body>
|
||||||
|
</html>
|
Loading…
Reference in New Issue