From b702117d06e65fad166d45e12d6d5d207293826b Mon Sep 17 00:00:00 2001 From: KF Date: Wed, 12 Oct 2022 12:27:12 +0800 Subject: [PATCH] RM: removing certificates --- alpine/nginx/fullchain.cer | 68 ------------ alpine/nginx/nginx.conf | 78 ++++++++----- alpine/nginx/nginx.conf-bak | 184 ------------------------------- alpine/nginx/nginx.pem | 30 ----- alpine/nginx/start-nginx.sh | 3 +- alpine/nginx/xpk.headdesk.me.crt | 14 --- alpine/nginx/xpk.headdesk.me.csr | 10 -- alpine/nginx/xpk.headdesk.me.key | 9 -- 8 files changed, 50 insertions(+), 346 deletions(-) delete mode 100644 alpine/nginx/fullchain.cer delete mode 100644 alpine/nginx/nginx.conf-bak delete mode 100644 alpine/nginx/nginx.pem delete mode 100644 alpine/nginx/xpk.headdesk.me.crt delete mode 100644 alpine/nginx/xpk.headdesk.me.csr delete mode 100644 alpine/nginx/xpk.headdesk.me.key diff --git a/alpine/nginx/fullchain.cer b/alpine/nginx/fullchain.cer deleted file mode 100644 index c885741..0000000 --- a/alpine/nginx/fullchain.cer +++ /dev/null @@ -1,68 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEADCCA4agAwIBAgIQMAH1E07Hb6pzvkh90/eEgjAKBggqhkjOPQQDAzBLMQsw -CQYDVQQGEwJBVDEQMA4GA1UEChMHWmVyb1NTTDEqMCgGA1UEAxMhWmVyb1NTTCBF -Q0MgRG9tYWluIFNlY3VyZSBTaXRlIENBMB4XDTIxMTAwNzAwMDAwMFoXDTIyMDEw -NTIzNTk1OVowGjEYMBYGA1UEAxMPeHBrLmhlYWRkZXNrLm1lMFkwEwYHKoZIzj0C -AQYIKoZIzj0DAQcDQgAEaMoksRJYAdN/TOcnDaMY6/rOQvda7vbkeh9w6N6ZcyAc -BXdPKheQMJQU9/pVaDZMMIPsZZtOzZjXIWlKjPYuEaOCAnswggJ3MB8GA1UdIwQY -MBaAFA9r5kvOOUeu9n6QHnnwMJGSyF+jMB0GA1UdDgQWBBQdoqTMyJW6Khg8/o3+ -GB9xaBlLSTAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAU -BggrBgEFBQcDAQYIKwYBBQUHAwIwSQYDVR0gBEIwQDA0BgsrBgEEAbIxAQICTjAl -MCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29tL0NQUzAIBgZngQwBAgEw -gYgGCCsGAQUFBwEBBHwwejBLBggrBgEFBQcwAoY/aHR0cDovL3plcm9zc2wuY3J0 -LnNlY3RpZ28uY29tL1plcm9TU0xFQ0NEb21haW5TZWN1cmVTaXRlQ0EuY3J0MCsG -CCsGAQUFBzABhh9odHRwOi8vemVyb3NzbC5vY3NwLnNlY3RpZ28uY29tMIIBBAYK -KwYBBAHWeQIEAgSB9QSB8gDwAHYARqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy -/HD+bUcAAAF8WpF8BgAABAMARzBFAiEAoEDjM3hbKwZZ7mEou2EGEQlSNDf3YB4w -3T8Y+U1HFScCIFb9Hk9LX8nY4fspBTZ/aFF/HZftDtWZZFMH7Wn2SctBAHYAQcjK -sd8iRkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAF8WpF8fgAABAMARzBFAiBv -M8d8PHroXsSIrbZeKvR8Ouyga8kM82o3oARJPOyQOAIhAIhlk2jxZcI7q6HAcipt -Ni4rv6umU/VDqsJ1uCnu80aOMBoGA1UdEQQTMBGCD3hway5oZWFkZGVzay5tZTAK -BggqhkjOPQQDAwNoADBlAjBSSPs/rxN1dOhj5Lf7Na+mI3T+aMykwciQUhJswimI -4XjMHdOcqz1aCByS0x3ICE0CMQC6SO9SyJBBewdX8uDTZbMZOaGtpRsb9XGuzInZ -kgoms3Fwhu4fhusMV+fvruApGkg= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIDhTCCAwygAwIBAgIQI7dt48G7KxpRlh4I6rdk6DAKBggqhkjOPQQDAzCBiDEL -MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl -eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT -JVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMjAwMTMw -MDAwMDAwWhcNMzAwMTI5MjM1OTU5WjBLMQswCQYDVQQGEwJBVDEQMA4GA1UEChMH -WmVyb1NTTDEqMCgGA1UEAxMhWmVyb1NTTCBFQ0MgRG9tYWluIFNlY3VyZSBTaXRl -IENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAENkFhFytTJe2qypTk1tpIV+9QuoRk -gte7BRvWHwYk9qUznYzn8QtVaGOCMBBfjWXsqqivl8q1hs4wAYl03uNOXgFu7iZ7 -zFP6I6T3RB0+TR5fZqathfby47yOCZiAJI4go4IBdTCCAXEwHwYDVR0jBBgwFoAU -OuEJhtTPGcKWdnRJdtzgNcZjY5owHQYDVR0OBBYEFA9r5kvOOUeu9n6QHnnwMJGS -yF+jMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdJQQW -MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAiBgNVHSAEGzAZMA0GCysGAQQBsjEBAgJO -MAgGBmeBDAECATBQBgNVHR8ESTBHMEWgQ6BBhj9odHRwOi8vY3JsLnVzZXJ0cnVz -dC5jb20vVVNFUlRydXN0RUNDQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdgYI -KwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNodHRwOi8vY3J0LnVzZXJ0cnVzdC5j -b20vVVNFUlRydXN0RUNDQWRkVHJ1c3RDQS5jcnQwJQYIKwYBBQUHMAGGGWh0dHA6 -Ly9vY3NwLnVzZXJ0cnVzdC5jb20wCgYIKoZIzj0EAwMDZwAwZAIwJHBUDwHJQN3I -VNltVMrICMqYQ3TYP/TXqV9t8mG5cAomG2MwqIsxnL937Gewf6WIAjAlrauksO6N -UuDdDXyd330druJcZJx0+H5j5cFOYBaGsKdeGW7sCMaR2PsDFKGllas= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIID0zCCArugAwIBAgIQVmcdBOpPmUxvEIFHWdJ1lDANBgkqhkiG9w0BAQwFADB7 -MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD -VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE -AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4 -MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5 -MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO -ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgRUNDIENlcnRpZmljYXRpb24gQXV0 -aG9yaXR5MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEGqxUWqn5aCPnetUkb1PGWthL -q8bVttHmc3Gu3ZzWDGH926CJA7gFFOxXzu5dP+Ihs8731Ip54KODfi2X0GHE8Znc -JZFjq38wo7Rw4sehM5zzvy5cU7Ffs30yf4o043l5o4HyMIHvMB8GA1UdIwQYMBaA -FKARCiM+lvEH7OKvKe+CpX/QMKS0MB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1 -xmNjmjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zARBgNVHSAECjAI -MAYGBFUdIAAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5j -b20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNAYIKwYBBQUHAQEEKDAmMCQG -CCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEM -BQADggEBABns652JLCALBIAdGN5CmXKZFjK9Dpx1WywV4ilAbe7/ctvbq5AfjJXy -ij0IckKJUAfiORVsAYfZFhr1wHUrxeZWEQff2Ji8fJ8ZOd+LygBkc7xGEJuTI42+ -FsMuCIKchjN0djsoTI0DQoWz4rIjQtUfenVqGtF8qmchxDM6OW1TyaLtYiKou+JV -bJlsQ2uRl9EMC5MCHdK8aXdJ5htN978UeAOwproLtOGFfy/cQjutdAFI3tZs4RmY -CV4Ks2dH/hzg1cEo70qLRDEmBDeNiXQ2Lu+lIg+DdEmSx/cQwgwp+7e9un/jX9Wf -8qn0dNW44bOwgeThpWOjzOoEeJBuv/c= ------END CERTIFICATE----- diff --git a/alpine/nginx/nginx.conf b/alpine/nginx/nginx.conf index 1210fe0..9010e9f 100644 --- a/alpine/nginx/nginx.conf +++ b/alpine/nginx/nginx.conf @@ -16,7 +16,7 @@ http { default_type application/octet-stream; sendfile on; keepalive_timeout 65; - client_max_body_size 2000M; + client_max_body_size 200M; gzip on; gzip_min_length 1100; @@ -65,9 +65,15 @@ http { # if ($useragent_acl = deny) { # return 403; # } - if ($http_x_forwarded_proto != "https") { - return 301 https://$host$request_uri; - } + + # letsencrypt validation + location /.well-known/acme-challenge/ { + alias /var/www/letsencrypt/; + } + + if ($http_x_forwarded_proto != "https") { + return 301 https://$host$request_uri; + } } server { @@ -89,7 +95,7 @@ http { add_header X-Permitted-Cross-Domain-Policies none; add_header Referrer-Policy no-referrer; - ssl_certificate /home/ssl/nginx.pem; + ssl_certificate /home/ssl/xpk.headdesk.me.crt; ssl_certificate_key /home/ssl/xpk.headdesk.me.key; # filter out PROPFIND in access log @@ -115,22 +121,26 @@ http { # proxy_cache_bypass $http_pragma $http_authorization; # } + # letsencrypt validation + location /.well-known/acme-challenge/ { + alias /var/www/letsencrypt/; + } fastcgi_hide_header X-Powered-By; location = /.well-known/carddav { return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav; - } - location = /.well-known/caldav { - return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav; - } - location /nextcloud/ { - rewrite ^ /nextcloud/index.php; - } - location ~ ^\/nextcloud\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { - deny all; - } - location ~ ^\/nextcloud\/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; - } + } + location = /.well-known/caldav { + return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav; + } + location /nextcloud/ { + rewrite ^ /nextcloud/index.php; + } + location ~ ^\/nextcloud\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { + deny all; + } + location ~ ^\/nextcloud\/(?:\.|autotest|occ|issue|indie|db_|console) { + deny all; + } location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; set $path_info $fastcgi_path_info; @@ -154,17 +164,17 @@ http { } location ~ ^\/nextcloud.*\.(?:css|js|woff2?|svg|gif|map)$ { - try_files $uri /nextcloud/index.php$request_uri; - add_header Cache-Control "public, max-age=15778463"; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - add_header Referrer-Policy no-referrer; + try_files $uri /nextcloud/index.php$request_uri; + add_header Cache-Control "public, max-age=15778463"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Robots-Tag none; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + add_header Referrer-Policy no-referrer; } location ~ ^\/nextcloud.*\.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ { - try_files $uri /nextcloud/index.php$request_uri; + try_files $uri /nextcloud/index.php$request_uri; } location /git/ { @@ -173,6 +183,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header HTTP_X_FORWARDED_PROTO https; proxy_set_header Host $host; + proxy_http_version 1.1; # caching: do not enable, causes cross account caching! # proxy_cache zone1; # proxy_cache_valid 200 302 5m; @@ -185,6 +196,9 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header HTTP_X_FORWARDED_PROTO https; proxy_set_header Host $host; + proxy_http_version 1.1; + proxy_cookie_path / "/pad; HTTPOnly; Secure"; + proxy_cookie_flags express secure httponly; } location /jenkins/ { @@ -194,6 +208,7 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header HTTP_X_FORWARDED_PROTO https; proxy_set_header Host $host; + proxy_http_version 1.1; } location /mon/ { @@ -203,15 +218,18 @@ http { proxy_set_header X-Real-IP $remote_addr; proxy_set_header HTTP_X_FORWARDED_PROTO https; proxy_set_header Host $host; + proxy_http_version 1.1; + proxy_cookie_path / "/mon; HTTPOnly; Secure"; + proxy_cookie_flags express secure httponly; } location /enpass/ { root /var/www; auth_basic enpass; auth_basic_user_file /var/www/enpass/.htpass; - dav_methods PUT DELETE MKCOL COPY MOVE; - dav_ext_methods PROPFIND OPTIONS; - dav_access user:rw group:rw all:r; + dav_methods PUT DELETE MKCOL COPY MOVE; + dav_ext_methods PROPFIND OPTIONS; + dav_access user:rw group:rw all:r; create_full_put_path on; autoindex on; } diff --git a/alpine/nginx/nginx.conf-bak b/alpine/nginx/nginx.conf-bak deleted file mode 100644 index d192374..0000000 --- a/alpine/nginx/nginx.conf-bak +++ /dev/null @@ -1,184 +0,0 @@ -user nginx; -worker_processes 1; - -#error_log /var/log/nginx/error.log warn; -error_log /var/log/nginx/error-local.log warn; -pid /var/run/nginx.pid; - - -events { - worker_connections 2000; -} - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - sendfile on; - keepalive_timeout 65; - client_max_body_size 900M; - - gzip on; - gzip_min_length 1100; - gzip_buffers 4 8k; - gzip_types text/plain; - - - # caching - proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=zone1:10m max_size=1G; - proxy_temp_path /tmp/nginx-proxy 1 2; - proxy_cache_key "$scheme$request_method$host$request_uri"; - proxy_ignore_headers Expires Cache-Control; - proxy_cache_use_stale error timeout invalid_header http_502; - proxy_cache_bypass $cookie_session; - proxy_no_cache $cookie_session; - proxy_headers_hash_max_size 1024; - proxy_headers_hash_bucket_size 128; - - log_format cached '$remote_addr ' - '"$request" $status $body_bytes_sent ' - '"$http_referer" "$http_user_agent" $upstream_cache_status'; - - - # Useragent ACL - map $http_user_agent $useragent_acl { - default deny; - ~(Chrome|Nextcloud-iOS|Nextcloud-android|mirall|Nokia|Mozilla/5\.0|git) allow; - } - - upstream php-handler { - server 192.168.86.4:9000; - #server unix:/var/run/php/php7.2-fpm.sock; - } - - server { - listen 80 default_server; - root /var/www/null; - # Useragent ACL -# if ($useragent_acl = deny) { -# return 403; -# } - if ($http_x_forwarded_proto != "https") { - return 301 https://$host$request_uri; - } - } - - server { - listen 443 ssl http2 default_server; - #root /var/www/null; - root /var/www; - ssl_protocols TLSv1.2 TLSv1.3; - ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384'; - ssl_ecdh_curve secp521r1:secp384r1:prime256v1; - ssl_prefer_server_ciphers on; - ssl_session_timeout 10m; - ssl_session_cache shared:SSL:10m; - ssl_session_tickets off; - add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; - add_header X-Frame-Options SAMEORIGIN; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - add_header Referrer-Policy no-referrer; - - - ssl_certificate /etc/letsencrypt/live/xpk.headdesk.me/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/xpk.headdesk.me/privkey.pem; - - # filter out PROPFIND in access log - set $logme 1; - - if ($request_method = PROPFIND) { - set $logme 0; - } - - access_log /var/log/nginx/access.log cached if=$logme; - - # Useragent ACL - if ($useragent_acl = deny) { - return 403; - } - - #location / { - # proxy_pass http://192.168.86.10:8080/; -# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; -# proxy_set_header X-Real-IP $remote_addr; -# proxy_set_header HTTP_X_FORWARDED_PROTO https; -# proxy_set_header Host $host; -# proxy_cache_bypass $http_pragma $http_authorization; -# } - - fastcgi_hide_header X-Powered-By; - location = /.well-known/carddav { - return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav; - } - location = /.well-known/caldav { - return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav; - } - location /nextcloud/ { - rewrite ^ /nextcloud/index.php; - } - location ~ ^\/nextcloud\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { - deny all; - } - location ~ ^\/nextcloud\/(?:\.|autotest|occ|issue|indie|db_|console) { - deny all; - } - location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { - fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; - set $path_info $fastcgi_path_info; - try_files $fastcgi_script_name =404; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - fastcgi_param PATH_INFO $path_info; - fastcgi_param HTTPS on; - # Avoid sending the security headers twice - fastcgi_param modHeadersAvailable true; - # Enable pretty urls - fastcgi_param front_controller_active true; - fastcgi_pass php-handler; - fastcgi_intercept_errors on; - fastcgi_request_buffering off; - } - - location ~ ^\/nextcloud\/(?:updater|oc[ms]-provider)(?:$|\/) { - try_files $uri/ =404; - index index.php; - } - - location ~ ^\/nextcloud.*\.(?:css|js|woff2?|svg|gif|map)$ { - try_files $uri /nextcloud/index.php$request_uri; - add_header Cache-Control "public, max-age=15778463"; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - add_header Referrer-Policy no-referrer; - } - location ~ ^\/nextcloud.*\.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ { - try_files $uri /nextcloud/index.php$request_uri; - } - - location /git/ { - proxy_pass http://192.168.86.53:3000/; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header HTTP_X_FORWARDED_PROTO https; - proxy_set_header Host $host; - # caching - proxy_cache zone1; - proxy_cache_valid 200 302 5m; - proxy_cache_valid any 10m; - } - - location /pad/ { - proxy_pass http://192.168.86.5:9001/; - proxy_set_header X-Forwarded-For $remote_addr; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header HTTP_X_FORWARDED_PROTO https; - proxy_set_header Host $host; - } - } -} diff --git a/alpine/nginx/nginx.pem b/alpine/nginx/nginx.pem deleted file mode 100644 index c35ee5f..0000000 --- a/alpine/nginx/nginx.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICHjCCAaSgAwIBAgIUXH8VmkLN8TUXZE7Yctv+YXGtDSEwCgYIKoZIzj0EAwIw -dTELMAkGA1UEBhMCSEsxEjAQBgNVBAgMCUhvbmcgS29uZzESMBAGA1UEBwwJSG9u -ZyBLb25nMQ8wDQYDVQQKDAZ6b28ubG8xGTAXBgNVBAsMEE5ldHdvcmsgU2VjdXJp -dHkxEjAQBgNVBAMMCWNhLnpvby5sbzAeFw0yMTEwMDcxNjAzNDBaFw0yNjA5MTEx -NjAzNDBaMEwxCzAJBgNVBAYTAkhLMRIwEAYDVQQHDAlIb25nIEtvbmcxDzANBgNV -BAoMBnpvby5sbzEYMBYGA1UEAwwPeHBrLmhlYWRkZXNrLm1lMHYwEAYHKoZIzj0C -AQYFK4EEACIDYgAEtzz7858R9YMo9xjZ86wtUYghUu0+VS31BTJ1befklN8KZZYi -gUuTes4W/MhtFU93ZKWqawFcjs7KU+71DA2FYnSK8+x33hVNzCNwJHrgB3knUYhT -U/HGBNdMiPM4Jjvuox4wHDAaBgNVHREEEzARgg94cGsuaGVhZGRlc2subWUwCgYI -KoZIzj0EAwIDaAAwZQIxAP2m6O6zjtvVoJz8gR/Tb0t6t454gxsllXmxC8DiGTpu -t+r6zZI3mF4qye33sl6lbgIwXpo+jCEDQNAHs58+oOWm6iQjjEm8PIglXRjAGD4h -h19Ub/5gru/Fbwi4i+DlVQmW ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIICezCCAgKgAwIBAgIUUFUjTywS4E5iBtLftaGrYJdu638wCgYIKoZIzj0EAwQw -dTELMAkGA1UEBhMCSEsxEjAQBgNVBAgMCUhvbmcgS29uZzESMBAGA1UEBwwJSG9u -ZyBLb25nMQ8wDQYDVQQKDAZ6b28ubG8xGTAXBgNVBAsMEE5ldHdvcmsgU2VjdXJp -dHkxEjAQBgNVBAMMCWNhLnpvby5sbzAeFw0yMTEwMDcwMTE2MDlaFw0zMTEwMDUw -MTE2MDlaMHUxCzAJBgNVBAYTAkhLMRIwEAYDVQQIDAlIb25nIEtvbmcxEjAQBgNV -BAcMCUhvbmcgS29uZzEPMA0GA1UECgwGem9vLmxvMRkwFwYDVQQLDBBOZXR3b3Jr -IFNlY3VyaXR5MRIwEAYDVQQDDAljYS56b28ubG8wdjAQBgcqhkjOPQIBBgUrgQQA -IgNiAAQdCtBm1+Zz2+xzH94QKRGlXBuo5K57tkny3dSQ/QE7rCinV73HEXg4ZdKp -0xlvzOaBmf7eFDbmYj6ffiZXkre80WofbEvJMKDJ1sZ9WOvCZptkvLL4xl6S2W8q -EipeqJWjUzBRMB0GA1UdDgQWBBTGNGSNRHI0ayDZSzW1VPLvdM/skTAfBgNVHSME -GDAWgBTGNGSNRHI0ayDZSzW1VPLvdM/skTAPBgNVHRMBAf8EBTADAQH/MAoGCCqG -SM49BAMEA2cAMGQCMC7LOPLxzSwuHf7mSO2ueXbaC5YIMq/b8X3vxs80fDqxqkFZ -T3VNMqQyudcsMX/RbQIwfxsKrkxn7dIBj69nkYvKO2e7IbhEWtL0311H51tiTTWX -/uKBRPx18JmVxCx5wbGR ------END CERTIFICATE----- diff --git a/alpine/nginx/start-nginx.sh b/alpine/nginx/start-nginx.sh index a1736e5..379355f 100755 --- a/alpine/nginx/start-nginx.sh +++ b/alpine/nginx/start-nginx.sh @@ -1,8 +1,9 @@ # nginx container docker run --name nginx -v /my/container-config/alpine/nginx/nginx.conf:/etc/nginx/nginx.conf:ro \ --m 2g -v /my/container-config/alpine/nginx:/home/ssl \ +-m 2g -v /my/sites/ssl-cert:/home/ssl \ -v /var/www/nextcloud:/var/www/nextcloud:ro \ -v /var/www/enpass:/var/www/enpass:rw \ +-v /var/www/letsencrypt:/var/www/letsencrypt:ro \ --net macvlan --ip 192.168.86.209 -d --restart=always alpine/nginx # clearlinux/nginx diff --git a/alpine/nginx/xpk.headdesk.me.crt b/alpine/nginx/xpk.headdesk.me.crt deleted file mode 100644 index 848e7cc..0000000 --- a/alpine/nginx/xpk.headdesk.me.crt +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICHjCCAaSgAwIBAgIUXH8VmkLN8TUXZE7Yctv+YXGtDSEwCgYIKoZIzj0EAwIw -dTELMAkGA1UEBhMCSEsxEjAQBgNVBAgMCUhvbmcgS29uZzESMBAGA1UEBwwJSG9u -ZyBLb25nMQ8wDQYDVQQKDAZ6b28ubG8xGTAXBgNVBAsMEE5ldHdvcmsgU2VjdXJp -dHkxEjAQBgNVBAMMCWNhLnpvby5sbzAeFw0yMTEwMDcxNjAzNDBaFw0yNjA5MTEx -NjAzNDBaMEwxCzAJBgNVBAYTAkhLMRIwEAYDVQQHDAlIb25nIEtvbmcxDzANBgNV -BAoMBnpvby5sbzEYMBYGA1UEAwwPeHBrLmhlYWRkZXNrLm1lMHYwEAYHKoZIzj0C -AQYFK4EEACIDYgAEtzz7858R9YMo9xjZ86wtUYghUu0+VS31BTJ1befklN8KZZYi -gUuTes4W/MhtFU93ZKWqawFcjs7KU+71DA2FYnSK8+x33hVNzCNwJHrgB3knUYhT -U/HGBNdMiPM4Jjvuox4wHDAaBgNVHREEEzARgg94cGsuaGVhZGRlc2subWUwCgYI -KoZIzj0EAwIDaAAwZQIxAP2m6O6zjtvVoJz8gR/Tb0t6t454gxsllXmxC8DiGTpu -t+r6zZI3mF4qye33sl6lbgIwXpo+jCEDQNAHs58+oOWm6iQjjEm8PIglXRjAGD4h -h19Ub/5gru/Fbwi4i+DlVQmW ------END CERTIFICATE----- diff --git a/alpine/nginx/xpk.headdesk.me.csr b/alpine/nginx/xpk.headdesk.me.csr deleted file mode 100644 index 5b631d7..0000000 --- a/alpine/nginx/xpk.headdesk.me.csr +++ /dev/null @@ -1,10 +0,0 @@ ------BEGIN CERTIFICATE REQUEST----- -MIIBcDCB+AIBADBMMQswCQYDVQQGEwJISzESMBAGA1UEBwwJSG9uZyBLb25nMQ8w -DQYDVQQKDAZ6b28ubG8xGDAWBgNVBAMMD3hway5oZWFkZGVzay5tZTB2MBAGByqG -SM49AgEGBSuBBAAiA2IABLc8+/OfEfWDKPcY2fOsLVGIIVLtPlUt9QUydW3n5JTf -CmWWIoFLk3rOFvzIbRVPd2SlqmsBXI7OylPu9QwNhWJ0ivPsd94VTcwjcCR64Ad5 -J1GIU1PxxgTXTIjzOCY77qAtMCsGCSqGSIb3DQEJDjEeMBwwGgYDVR0RBBMwEYIP -eHBrLmhlYWRkZXNrLm1lMAoGCCqGSM49BAMEA2cAMGQCMHGvtAX08xExyBa1UwVf -LktC1i/CeCUoUB7PRYOObtKAKy7Waph05GvlSujExF4pDgIwdKRYLt2SfodQ6elA -r48JUJf91EYptqEcPAq4MTh9g+nZoZpGlZ1RCNygx/ZwrMLC ------END CERTIFICATE REQUEST----- diff --git a/alpine/nginx/xpk.headdesk.me.key b/alpine/nginx/xpk.headdesk.me.key deleted file mode 100644 index be7c68c..0000000 --- a/alpine/nginx/xpk.headdesk.me.key +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN EC PARAMETERS----- -BgUrgQQAIg== ------END EC PARAMETERS----- ------BEGIN EC PRIVATE KEY----- -MIGkAgEBBDA5N0REJGizPRs6hpAIaoxSBXTmvj0WHsMc02PMqahVmIyh3O/Rwg63 -7ctONnwTwT6gBwYFK4EEACKhZANiAAS3PPvznxH1gyj3GNnzrC1RiCFS7T5VLfUF -MnVt5+SU3wplliKBS5N6zhb8yG0VT3dkpaprAVyOzspT7vUMDYVidIrz7HfeFU3M -I3AkeuAHeSdRiFNT8cYE10yI8zgmO+4= ------END EC PRIVATE KEY-----