nginx: rework directory so that certbot works

3 years ago · 357642d27e
parent 64efdf9211
commit 357642d27e
11 changed files with 26 additions and 19 deletions
--- a/nginx/certbot-renew
+++ b/nginx/certbot-renew
@ -1,4 +1,6 @@
 #!/bin/bash
 die() { echo >&2 "$@" ; exit 1 ; }
 source ../env.production
 source ./env.production
@ -7,12 +9,17 @@ rsa_key_size=2048
 set -x
 # move the old live directory away
 rm -rf data/certbot/conf/live.old
 mv data/certbot/conf/live data/certbot/conf/live.old
 docker-compose run --rm certbot \
  certonly --webroot -w /var/www/certbot \
    $staging_arg \
    --email "admin@$DOMAIN_NAME" \
    --rsa-key-size $rsa_key_size \
    --agree-tos \
    --no-eff-email \
    --force-renewal \
    $domain_args \
 || die "unable to renew!"
--- a/nginx/docker-compose.yaml
+++ b/nginx/docker-compose.yaml
@ -6,11 +6,11 @@ services:
      - "80:80"
      - "443:443"
    volumes:
-      - ./data/nginx/nginx.conf:/etc/nginx/nginx.conf
+      - ./nginx/nginx.conf:/etc/nginx/nginx.conf
-        #- ./data/nginx/sites-enabled:/etc/nginx/sites-enabled
+      - ./nginx/templates:/etc/nginx/templates
-      - ./data/nginx/templates:/etc/nginx/templates
+      - ./nginx/includes:/etc/nginx/includes
      - ./data/certbot/conf:/etc/letsencrypt
      - ./data/certbot/www:/var/www/certbot
      - ./data/certbot/conf:/etc/letsencrypt
    env_file:
      -  ../env.production
      -  env.production
--- a/nginx/data/certbot/conf/challenge.conf
+++ b/nginx/data/certbot/conf/challenge.conf
--- a/nginx/data/certbot/conf/options-ssl-nginx.conf
+++ b/nginx/data/certbot/conf/options-ssl-nginx.conf
--- a/nginx/data/certbot/conf/ssl-dhparams.pem
+++ b/nginx/data/certbot/conf/ssl-dhparams.pem
--- a/nginx/data/nginx/nginx.conf
+++ b/nginx/data/nginx/nginx.conf
--- a/nginx/data/nginx/templates/000-default.conf.template
+++ b/nginx/data/nginx/templates/000-default.conf.template
@ -32,9 +32,9 @@ server {
 	listen 443 ssl;
 	ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem;
 	ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem;
-	include /etc/letsencrypt/options-ssl-nginx.conf;
+	include /etc/nginx/includes/options-ssl-nginx.conf;
-	include /etc/letsencrypt/challenge.conf;
+	include /etc/nginx/includes/challenge.conf;
-	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+	ssl_dhparam /etc/nginx/includes/ssl-dhparams.pem;
 }
--- a/nginx/data/nginx/templates/cloud.conf.template
+++ b/nginx/data/nginx/templates/cloud.conf.template
@ -45,9 +45,9 @@ server {
 	listen 443 ssl;
 	ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem;
 	ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem;
-	include /etc/letsencrypt/options-ssl-nginx.conf;
+	include /etc/nginx/includes/options-ssl-nginx.conf;
-	include /etc/letsencrypt/challenge.conf;
+	include /etc/nginx/includes/challenge.conf;
-	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+	ssl_dhparam /etc/nginx/includes/ssl-dhparams.pem;
 }
--- a/nginx/data/nginx/templates/docs.conf.template
+++ b/nginx/data/nginx/templates/docs.conf.template
@ -52,9 +52,9 @@ server {
 	listen 443 ssl;
 	ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem;
 	ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem;
-	include /etc/letsencrypt/options-ssl-nginx.conf;
+	include /etc/nginx/includes/options-ssl-nginx.conf;
-	include /etc/letsencrypt/challenge.conf;
+	include /etc/nginx/includes/challenge.conf;
-	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+	ssl_dhparam /etc/nginx/includes/ssl-dhparams.pem;
 }
--- a/nginx/data/nginx/templates/login.conf.template
+++ b/nginx/data/nginx/templates/login.conf.template
@ -21,9 +21,9 @@ server {
 	listen 443 ssl;
 	ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem;
 	ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem;
-	include /etc/letsencrypt/options-ssl-nginx.conf;
+	include /etc/nginx/includes/options-ssl-nginx.conf;
-	include /etc/letsencrypt/challenge.conf;
+	include /etc/nginx/includes/challenge.conf;
-	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+	ssl_dhparam /etc/nginx/includes/ssl-dhparams.pem;
 }
--- a/nginx/data/nginx/templates/social.conf.template
+++ b/nginx/data/nginx/templates/social.conf.template
@ -20,9 +20,9 @@ server {
 	listen 443 ssl;
 	ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem;
 	ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem;
-	include /etc/letsencrypt/options-ssl-nginx.conf;
+	include /etc/nginx/includes/options-ssl-nginx.conf;
-	include /etc/letsencrypt/challenge.conf;
+	include /etc/nginx/includes/challenge.conf;
-	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+	ssl_dhparam /etc/nginx/includes/ssl-dhparams.pem;
 }