xpk/collection.dockerfile
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

RM: removing certificates

Browse Source
This commit is contained in:
KF 2022-10-12 12:27:12 +08:00
parent 9107ff7ef9
commit b702117d06
Signed by: xpk
GPG Key ID: CD4FF6793F09AB86
8 changed files with 50 additions and 346 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
alpine/nginx/fullchain.cer
View File

@ -1,68 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIEADCCA4agAwIBAgIQMAH1E07Hb6pzvkh90/eEgjAKBggqhkjOPQQDAzBLMQsw
CQYDVQQGEwJBVDEQMA4GA1UEChMHWmVyb1NTTDEqMCgGA1UEAxMhWmVyb1NTTCBF
Q0MgRG9tYWluIFNlY3VyZSBTaXRlIENBMB4XDTIxMTAwNzAwMDAwMFoXDTIyMDEw
NTIzNTk1OVowGjEYMBYGA1UEAxMPeHBrLmhlYWRkZXNrLm1lMFkwEwYHKoZIzj0C
AQYIKoZIzj0DAQcDQgAEaMoksRJYAdN/TOcnDaMY6/rOQvda7vbkeh9w6N6ZcyAc
BXdPKheQMJQU9/pVaDZMMIPsZZtOzZjXIWlKjPYuEaOCAnswggJ3MB8GA1UdIwQY
MBaAFA9r5kvOOUeu9n6QHnnwMJGSyF+jMB0GA1UdDgQWBBQdoqTMyJW6Khg8/o3+
GB9xaBlLSTAOBgNVHQ8BAf8EBAMCB4AwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAU
BggrBgEFBQcDAQYIKwYBBQUHAwIwSQYDVR0gBEIwQDA0BgsrBgEEAbIxAQICTjAl
MCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29tL0NQUzAIBgZngQwBAgEw
gYgGCCsGAQUFBwEBBHwwejBLBggrBgEFBQcwAoY/aHR0cDovL3plcm9zc2wuY3J0
LnNlY3RpZ28uY29tL1plcm9TU0xFQ0NEb21haW5TZWN1cmVTaXRlQ0EuY3J0MCsG
CCsGAQUFBzABhh9odHRwOi8vemVyb3NzbC5vY3NwLnNlY3RpZ28uY29tMIIBBAYK
KwYBBAHWeQIEAgSB9QSB8gDwAHYARqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy
/HD+bUcAAAF8WpF8BgAABAMARzBFAiEAoEDjM3hbKwZZ7mEou2EGEQlSNDf3YB4w
3T8Y+U1HFScCIFb9Hk9LX8nY4fspBTZ/aFF/HZftDtWZZFMH7Wn2SctBAHYAQcjK
sd8iRkoQxqE6CUKHXk4xixsD6+tLx2jwkGKWBvYAAAF8WpF8fgAABAMARzBFAiBv
M8d8PHroXsSIrbZeKvR8Ouyga8kM82o3oARJPOyQOAIhAIhlk2jxZcI7q6HAcipt
Ni4rv6umU/VDqsJ1uCnu80aOMBoGA1UdEQQTMBGCD3hway5oZWFkZGVzay5tZTAK
BggqhkjOPQQDAwNoADBlAjBSSPs/rxN1dOhj5Lf7Na+mI3T+aMykwciQUhJswimI
4XjMHdOcqz1aCByS0x3ICE0CMQC6SO9SyJBBewdX8uDTZbMZOaGtpRsb9XGuzInZ
kgoms3Fwhu4fhusMV+fvruApGkg=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDhTCCAwygAwIBAgIQI7dt48G7KxpRlh4I6rdk6DAKBggqhkjOPQQDAzCBiDEL
MAkGA1UEBhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNl
eSBDaXR5MR4wHAYDVQQKExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMT
JVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMjAwMTMw
MDAwMDAwWhcNMzAwMTI5MjM1OTU5WjBLMQswCQYDVQQGEwJBVDEQMA4GA1UEChMH
WmVyb1NTTDEqMCgGA1UEAxMhWmVyb1NTTCBFQ0MgRG9tYWluIFNlY3VyZSBTaXRl
IENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAENkFhFytTJe2qypTk1tpIV+9QuoRk
gte7BRvWHwYk9qUznYzn8QtVaGOCMBBfjWXsqqivl8q1hs4wAYl03uNOXgFu7iZ7
zFP6I6T3RB0+TR5fZqathfby47yOCZiAJI4go4IBdTCCAXEwHwYDVR0jBBgwFoAU
OuEJhtTPGcKWdnRJdtzgNcZjY5owHQYDVR0OBBYEFA9r5kvOOUeu9n6QHnnwMJGS
yF+jMA4GA1UdDwEB/wQEAwIBhjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdJQQW
MBQGCCsGAQUFBwMBBggrBgEFBQcDAjAiBgNVHSAEGzAZMA0GCysGAQQBsjEBAgJO
MAgGBmeBDAECATBQBgNVHR8ESTBHMEWgQ6BBhj9odHRwOi8vY3JsLnVzZXJ0cnVz
dC5jb20vVVNFUlRydXN0RUNDQ2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwdgYI
KwYBBQUHAQEEajBoMD8GCCsGAQUFBzAChjNodHRwOi8vY3J0LnVzZXJ0cnVzdC5j
b20vVVNFUlRydXN0RUNDQWRkVHJ1c3RDQS5jcnQwJQYIKwYBBQUHMAGGGWh0dHA6
Ly9vY3NwLnVzZXJ0cnVzdC5jb20wCgYIKoZIzj0EAwMDZwAwZAIwJHBUDwHJQN3I
VNltVMrICMqYQ3TYP/TXqV9t8mG5cAomG2MwqIsxnL937Gewf6WIAjAlrauksO6N
UuDdDXyd330druJcZJx0+H5j5cFOYBaGsKdeGW7sCMaR2PsDFKGllas=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIID0zCCArugAwIBAgIQVmcdBOpPmUxvEIFHWdJ1lDANBgkqhkiG9w0BAQwFADB7
MQswCQYDVQQGEwJHQjEbMBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYD
VQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDEhMB8GA1UE
AwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTE5MDMxMjAwMDAwMFoXDTI4
MTIzMTIzNTk1OVowgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpOZXcgSmVyc2V5
MRQwEgYDVQQHEwtKZXJzZXkgQ2l0eTEeMBwGA1UEChMVVGhlIFVTRVJUUlVTVCBO
ZXR3b3JrMS4wLAYDVQQDEyVVU0VSVHJ1c3QgRUNDIENlcnRpZmljYXRpb24gQXV0
aG9yaXR5MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEGqxUWqn5aCPnetUkb1PGWthL
q8bVttHmc3Gu3ZzWDGH926CJA7gFFOxXzu5dP+Ihs8731Ip54KODfi2X0GHE8Znc
JZFjq38wo7Rw4sehM5zzvy5cU7Ffs30yf4o043l5o4HyMIHvMB8GA1UdIwQYMBaA
FKARCiM+lvEH7OKvKe+CpX/QMKS0MB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1
xmNjmjAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zARBgNVHSAECjAI
MAYGBFUdIAAwQwYDVR0fBDwwOjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5j
b20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNlcy5jcmwwNAYIKwYBBQUHAQEEKDAmMCQG
CCsGAQUFBzABhhhodHRwOi8vb2NzcC5jb21vZG9jYS5jb20wDQYJKoZIhvcNAQEM
BQADggEBABns652JLCALBIAdGN5CmXKZFjK9Dpx1WywV4ilAbe7/ctvbq5AfjJXy
ij0IckKJUAfiORVsAYfZFhr1wHUrxeZWEQff2Ji8fJ8ZOd+LygBkc7xGEJuTI42+
FsMuCIKchjN0djsoTI0DQoWz4rIjQtUfenVqGtF8qmchxDM6OW1TyaLtYiKou+JV
bJlsQ2uRl9EMC5MCHdK8aXdJ5htN978UeAOwproLtOGFfy/cQjutdAFI3tZs4RmY
CV4Ks2dH/hzg1cEo70qLRDEmBDeNiXQ2Lu+lIg+DdEmSx/cQwgwp+7e9un/jX9Wf
8qn0dNW44bOwgeThpWOjzOoEeJBuv/c=
-----END CERTIFICATE-----

78
alpine/nginx/nginx.conf
View File

@ -16,7 +16,7 @@ http {
default_type application/octet-stream; default_type application/octet-stream;
sendfile on; sendfile on;
keepalive_timeout 65; keepalive_timeout 65;
client_max_body_size 2000M; client_max_body_size 200M;
gzip on; gzip on;
gzip_min_length 1100; gzip_min_length 1100;
@ -65,9 +65,15 @@ http {
# if ($useragent_acl = deny) { # if ($useragent_acl = deny) {
# return 403; # return 403;
# } # }
if ($http_x_forwarded_proto != "https") {
return 301 https://$host$request_uri; # letsencrypt validation
} location /.well-known/acme-challenge/ {
alias /var/www/letsencrypt/;
}
if ($http_x_forwarded_proto != "https") {
return 301 https://$host$request_uri;
}
} }
server { server {
@ -89,7 +95,7 @@ http {
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer; add_header Referrer-Policy no-referrer;
ssl_certificate /home/ssl/nginx.pem; ssl_certificate /home/ssl/xpk.headdesk.me.crt;
ssl_certificate_key /home/ssl/xpk.headdesk.me.key; ssl_certificate_key /home/ssl/xpk.headdesk.me.key;
# filter out PROPFIND in access log # filter out PROPFIND in access log
@ -115,22 +121,26 @@ http {
# proxy_cache_bypass $http_pragma $http_authorization; # proxy_cache_bypass $http_pragma $http_authorization;
# } # }
# letsencrypt validation
location /.well-known/acme-challenge/ {
alias /var/www/letsencrypt/;
}
fastcgi_hide_header X-Powered-By; fastcgi_hide_header X-Powered-By;
location = /.well-known/carddav { location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav; return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav;
} }
location = /.well-known/caldav { location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav; return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav;
} }
location /nextcloud/ { location /nextcloud/ {
rewrite ^ /nextcloud/index.php; rewrite ^ /nextcloud/index.php;
} }
location ~ ^\/nextcloud\/(?:build|tests|config|lib|3rdparty|templates|data)\/ { location ~ ^\/nextcloud\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all; deny all;
} }
location ~ ^\/nextcloud\/(?:\.|autotest|occ|issue|indie|db_|console) { location ~ ^\/nextcloud\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all; deny all;
} }
location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) { location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$; fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info; set $path_info $fastcgi_path_info;
@ -154,17 +164,17 @@ http {
} }
location ~ ^\/nextcloud.*\.(?:css|js|woff2?|svg|gif|map)$ { location ~ ^\/nextcloud.*\.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /nextcloud/index.php$request_uri; try_files $uri /nextcloud/index.php$request_uri;
add_header Cache-Control "public, max-age=15778463"; add_header Cache-Control "public, max-age=15778463";
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block"; add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none; add_header X-Robots-Tag none;
add_header X-Download-Options noopen; add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer; add_header Referrer-Policy no-referrer;
} }
location ~ ^\/nextcloud.*\.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ { location ~ ^\/nextcloud.*\.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /nextcloud/index.php$request_uri; try_files $uri /nextcloud/index.php$request_uri;
} }
location /git/ { location /git/ {
@ -173,6 +183,7 @@ http {
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HTTP_X_FORWARDED_PROTO https; proxy_set_header HTTP_X_FORWARDED_PROTO https;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_http_version 1.1;
# caching: do not enable, causes cross account caching! # caching: do not enable, causes cross account caching!
# proxy_cache zone1; # proxy_cache zone1;
# proxy_cache_valid 200 302 5m; # proxy_cache_valid 200 302 5m;
@ -185,6 +196,9 @@ http {
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HTTP_X_FORWARDED_PROTO https; proxy_set_header HTTP_X_FORWARDED_PROTO https;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_cookie_path / "/pad; HTTPOnly; Secure";
proxy_cookie_flags express secure httponly;
} }
location /jenkins/ { location /jenkins/ {
@ -194,6 +208,7 @@ http {
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HTTP_X_FORWARDED_PROTO https; proxy_set_header HTTP_X_FORWARDED_PROTO https;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_http_version 1.1;
} }
location /mon/ { location /mon/ {
@ -203,15 +218,18 @@ http {
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HTTP_X_FORWARDED_PROTO https; proxy_set_header HTTP_X_FORWARDED_PROTO https;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_cookie_path / "/mon; HTTPOnly; Secure";
proxy_cookie_flags express secure httponly;
} }
location /enpass/ { location /enpass/ {
root /var/www; root /var/www;
auth_basic enpass; auth_basic enpass;
auth_basic_user_file /var/www/enpass/.htpass; auth_basic_user_file /var/www/enpass/.htpass;
dav_methods PUT DELETE MKCOL COPY MOVE; dav_methods PUT DELETE MKCOL COPY MOVE;
dav_ext_methods PROPFIND OPTIONS; dav_ext_methods PROPFIND OPTIONS;
dav_access user:rw group:rw all:r; dav_access user:rw group:rw all:r;
create_full_put_path on; create_full_put_path on;
autoindex on; autoindex on;
} }

184
alpine/nginx/nginx.conf-bak
View File

@ -1,184 +0,0 @@
user nginx;
worker_processes 1;
#error_log /var/log/nginx/error.log warn;
error_log /var/log/nginx/error-local.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 2000;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
client_max_body_size 900M;
gzip on;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_types text/plain;
# caching
proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=zone1:10m max_size=1G;
proxy_temp_path /tmp/nginx-proxy 1 2;
proxy_cache_key "$scheme$request_method$host$request_uri";
proxy_ignore_headers Expires Cache-Control;
proxy_cache_use_stale error timeout invalid_header http_502;
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_headers_hash_max_size 1024;
proxy_headers_hash_bucket_size 128;
log_format cached '$remote_addr '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" $upstream_cache_status';
# Useragent ACL
map $http_user_agent $useragent_acl {
default deny;
~(Chrome|Nextcloud-iOS|Nextcloud-android|mirall|Nokia|Mozilla/5\.0|git) allow;
}
upstream php-handler {
server 192.168.86.4:9000;
#server unix:/var/run/php/php7.2-fpm.sock;
}
server {
listen 80 default_server;
root /var/www/null;
# Useragent ACL
# if ($useragent_acl = deny) {
# return 403;
# }
if ($http_x_forwarded_proto != "https") {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl http2 default_server;
#root /var/www/null;
root /var/www;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384';
ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
ssl_certificate /etc/letsencrypt/live/xpk.headdesk.me/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xpk.headdesk.me/privkey.pem;
# filter out PROPFIND in access log
set $logme 1;
if ($request_method = PROPFIND) {
set $logme 0;
}
access_log /var/log/nginx/access.log cached if=$logme;
# Useragent ACL
if ($useragent_acl = deny) {
return 403;
}
#location / {
# proxy_pass http://192.168.86.10:8080/;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header HTTP_X_FORWARDED_PROTO https;
# proxy_set_header Host $host;
# proxy_cache_bypass $http_pragma $http_authorization;
# }
fastcgi_hide_header X-Powered-By;
location = /.well-known/carddav {
return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav;
}
location = /.well-known/caldav {
return 301 $scheme://$host:$server_port/nextcloud/remote.php/dav;
}
location /nextcloud/ {
rewrite ^ /nextcloud/index.php;
}
location ~ ^\/nextcloud\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
deny all;
}
location ~ ^\/nextcloud\/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
location ~ ^\/nextcloud\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
# Avoid sending the security headers twice
fastcgi_param modHeadersAvailable true;
# Enable pretty urls
fastcgi_param front_controller_active true;
fastcgi_pass php-handler;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^\/nextcloud\/(?:updater|oc[ms]-provider)(?:$|\/) {
try_files $uri/ =404;
index index.php;
}
location ~ ^\/nextcloud.*\.(?:css|js|woff2?|svg|gif|map)$ {
try_files $uri /nextcloud/index.php$request_uri;
add_header Cache-Control "public, max-age=15778463";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header Referrer-Policy no-referrer;
}
location ~ ^\/nextcloud.*\.(?:png|html|ttf|ico|jpg|jpeg|bcmap)$ {
try_files $uri /nextcloud/index.php$request_uri;
}
location /git/ {
proxy_pass http://192.168.86.53:3000/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HTTP_X_FORWARDED_PROTO https;
proxy_set_header Host $host;
# caching
proxy_cache zone1;
proxy_cache_valid 200 302 5m;
proxy_cache_valid any 10m;
}
location /pad/ {
proxy_pass http://192.168.86.5:9001/;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HTTP_X_FORWARDED_PROTO https;
proxy_set_header Host $host;
}
}
}

30
alpine/nginx/nginx.pem
View File

@ -1,30 +0,0 @@
-----BEGIN CERTIFICATE-----
MIICHjCCAaSgAwIBAgIUXH8VmkLN8TUXZE7Yctv+YXGtDSEwCgYIKoZIzj0EAwIw
dTELMAkGA1UEBhMCSEsxEjAQBgNVBAgMCUhvbmcgS29uZzESMBAGA1UEBwwJSG9u
ZyBLb25nMQ8wDQYDVQQKDAZ6b28ubG8xGTAXBgNVBAsMEE5ldHdvcmsgU2VjdXJp
dHkxEjAQBgNVBAMMCWNhLnpvby5sbzAeFw0yMTEwMDcxNjAzNDBaFw0yNjA5MTEx
NjAzNDBaMEwxCzAJBgNVBAYTAkhLMRIwEAYDVQQHDAlIb25nIEtvbmcxDzANBgNV
BAoMBnpvby5sbzEYMBYGA1UEAwwPeHBrLmhlYWRkZXNrLm1lMHYwEAYHKoZIzj0C
AQYFK4EEACIDYgAEtzz7858R9YMo9xjZ86wtUYghUu0+VS31BTJ1befklN8KZZYi
gUuTes4W/MhtFU93ZKWqawFcjs7KU+71DA2FYnSK8+x33hVNzCNwJHrgB3knUYhT
U/HGBNdMiPM4Jjvuox4wHDAaBgNVHREEEzARgg94cGsuaGVhZGRlc2subWUwCgYI
KoZIzj0EAwIDaAAwZQIxAP2m6O6zjtvVoJz8gR/Tb0t6t454gxsllXmxC8DiGTpu
t+r6zZI3mF4qye33sl6lbgIwXpo+jCEDQNAHs58+oOWm6iQjjEm8PIglXRjAGD4h
h19Ub/5gru/Fbwi4i+DlVQmW
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICezCCAgKgAwIBAgIUUFUjTywS4E5iBtLftaGrYJdu638wCgYIKoZIzj0EAwQw
dTELMAkGA1UEBhMCSEsxEjAQBgNVBAgMCUhvbmcgS29uZzESMBAGA1UEBwwJSG9u
ZyBLb25nMQ8wDQYDVQQKDAZ6b28ubG8xGTAXBgNVBAsMEE5ldHdvcmsgU2VjdXJp
dHkxEjAQBgNVBAMMCWNhLnpvby5sbzAeFw0yMTEwMDcwMTE2MDlaFw0zMTEwMDUw
MTE2MDlaMHUxCzAJBgNVBAYTAkhLMRIwEAYDVQQIDAlIb25nIEtvbmcxEjAQBgNV
BAcMCUhvbmcgS29uZzEPMA0GA1UECgwGem9vLmxvMRkwFwYDVQQLDBBOZXR3b3Jr
IFNlY3VyaXR5MRIwEAYDVQQDDAljYS56b28ubG8wdjAQBgcqhkjOPQIBBgUrgQQA
IgNiAAQdCtBm1+Zz2+xzH94QKRGlXBuo5K57tkny3dSQ/QE7rCinV73HEXg4ZdKp
0xlvzOaBmf7eFDbmYj6ffiZXkre80WofbEvJMKDJ1sZ9WOvCZptkvLL4xl6S2W8q
EipeqJWjUzBRMB0GA1UdDgQWBBTGNGSNRHI0ayDZSzW1VPLvdM/skTAfBgNVHSME
GDAWgBTGNGSNRHI0ayDZSzW1VPLvdM/skTAPBgNVHRMBAf8EBTADAQH/MAoGCCqG
SM49BAMEA2cAMGQCMC7LOPLxzSwuHf7mSO2ueXbaC5YIMq/b8X3vxs80fDqxqkFZ
T3VNMqQyudcsMX/RbQIwfxsKrkxn7dIBj69nkYvKO2e7IbhEWtL0311H51tiTTWX
/uKBRPx18JmVxCx5wbGR
-----END CERTIFICATE-----

3
alpine/nginx/start-nginx.sh
View File

@ -1,8 +1,9 @@
# nginx container # nginx container
docker run --name nginx -v /my/container-config/alpine/nginx/nginx.conf:/etc/nginx/nginx.conf:ro \ docker run --name nginx -v /my/container-config/alpine/nginx/nginx.conf:/etc/nginx/nginx.conf:ro \
-m 2g -v /my/container-config/alpine/nginx:/home/ssl \ -m 2g -v /my/sites/ssl-cert:/home/ssl \
-v /var/www/nextcloud:/var/www/nextcloud:ro \ -v /var/www/nextcloud:/var/www/nextcloud:ro \
-v /var/www/enpass:/var/www/enpass:rw \ -v /var/www/enpass:/var/www/enpass:rw \
-v /var/www/letsencrypt:/var/www/letsencrypt:ro \
--net macvlan --ip 192.168.86.209 -d --restart=always alpine/nginx --net macvlan --ip 192.168.86.209 -d --restart=always alpine/nginx
# clearlinux/nginx # clearlinux/nginx

14
alpine/nginx/xpk.headdesk.me.crt
View File

@ -1,14 +0,0 @@
-----BEGIN CERTIFICATE-----
MIICHjCCAaSgAwIBAgIUXH8VmkLN8TUXZE7Yctv+YXGtDSEwCgYIKoZIzj0EAwIw
dTELMAkGA1UEBhMCSEsxEjAQBgNVBAgMCUhvbmcgS29uZzESMBAGA1UEBwwJSG9u
ZyBLb25nMQ8wDQYDVQQKDAZ6b28ubG8xGTAXBgNVBAsMEE5ldHdvcmsgU2VjdXJp
dHkxEjAQBgNVBAMMCWNhLnpvby5sbzAeFw0yMTEwMDcxNjAzNDBaFw0yNjA5MTEx
NjAzNDBaMEwxCzAJBgNVBAYTAkhLMRIwEAYDVQQHDAlIb25nIEtvbmcxDzANBgNV
BAoMBnpvby5sbzEYMBYGA1UEAwwPeHBrLmhlYWRkZXNrLm1lMHYwEAYHKoZIzj0C
AQYFK4EEACIDYgAEtzz7858R9YMo9xjZ86wtUYghUu0+VS31BTJ1befklN8KZZYi
gUuTes4W/MhtFU93ZKWqawFcjs7KU+71DA2FYnSK8+x33hVNzCNwJHrgB3knUYhT
U/HGBNdMiPM4Jjvuox4wHDAaBgNVHREEEzARgg94cGsuaGVhZGRlc2subWUwCgYI
KoZIzj0EAwIDaAAwZQIxAP2m6O6zjtvVoJz8gR/Tb0t6t454gxsllXmxC8DiGTpu
t+r6zZI3mF4qye33sl6lbgIwXpo+jCEDQNAHs58+oOWm6iQjjEm8PIglXRjAGD4h
h19Ub/5gru/Fbwi4i+DlVQmW
-----END CERTIFICATE-----

10
alpine/nginx/xpk.headdesk.me.csr
View File

@ -1,10 +0,0 @@
-----BEGIN CERTIFICATE REQUEST-----
MIIBcDCB+AIBADBMMQswCQYDVQQGEwJISzESMBAGA1UEBwwJSG9uZyBLb25nMQ8w
DQYDVQQKDAZ6b28ubG8xGDAWBgNVBAMMD3hway5oZWFkZGVzay5tZTB2MBAGByqG
SM49AgEGBSuBBAAiA2IABLc8+/OfEfWDKPcY2fOsLVGIIVLtPlUt9QUydW3n5JTf
CmWWIoFLk3rOFvzIbRVPd2SlqmsBXI7OylPu9QwNhWJ0ivPsd94VTcwjcCR64Ad5
J1GIU1PxxgTXTIjzOCY77qAtMCsGCSqGSIb3DQEJDjEeMBwwGgYDVR0RBBMwEYIP
eHBrLmhlYWRkZXNrLm1lMAoGCCqGSM49BAMEA2cAMGQCMHGvtAX08xExyBa1UwVf
LktC1i/CeCUoUB7PRYOObtKAKy7Waph05GvlSujExF4pDgIwdKRYLt2SfodQ6elA
r48JUJf91EYptqEcPAq4MTh9g+nZoZpGlZ1RCNygx/ZwrMLC
-----END CERTIFICATE REQUEST-----

9
alpine/nginx/xpk.headdesk.me.key
View File

@ -1,9 +0,0 @@
-----BEGIN EC PARAMETERS-----
BgUrgQQAIg==
-----END EC PARAMETERS-----
-----BEGIN EC PRIVATE KEY-----
MIGkAgEBBDA5N0REJGizPRs6hpAIaoxSBXTmvj0WHsMc02PMqahVmIyh3O/Rwg63
7ctONnwTwT6gBwYFK4EEACKhZANiAAS3PPvznxH1gyj3GNnzrC1RiCFS7T5VLfUF
MnVt5+SU3wplliKBS5N6zhb8yG0VT3dkpaprAVyOzspT7vUMDYVidIrz7HfeFU3M
I3AkeuAHeSdRiFNT8cYE10yI8zgmO+4=
-----END EC PRIVATE KEY-----