From 5f75a519addd359092aa49e05a5f881df21ac56d Mon Sep 17 00:00:00 2001 From: Matthias Date: Sun, 22 Jan 2023 09:31:13 +0000 Subject: [PATCH] added functional stack for proxy manager --- proxymanager/docker-compose.yml | 40 +++++++++++++++++++ .../data/certbot/conf/options-ssl-nginx.conf | 14 ------- .../data/certbot/conf/ssl-dhparams.pem | 8 ---- reverseproxy/init-letsencrypt.sh | 2 +- 4 files changed, 41 insertions(+), 23 deletions(-) create mode 100644 proxymanager/docker-compose.yml delete mode 100644 reverseproxy/data/certbot/conf/options-ssl-nginx.conf delete mode 100644 reverseproxy/data/certbot/conf/ssl-dhparams.pem diff --git a/proxymanager/docker-compose.yml b/proxymanager/docker-compose.yml new file mode 100644 index 0000000..e27973d --- /dev/null +++ b/proxymanager/docker-compose.yml @@ -0,0 +1,40 @@ +version: "3" + +volumes: + data: + driver_opts: + type: nfs + o: addr=dockerstorage,nfsvers=4 + device: :/swarm/stacks/proxymanager/data + + letsencrypt: + driver_opts: + type: nfs + o: addr=dockerstorage,nfsvers=4 + device: :/swarm/stacks/proxymanager/letsencrypt + + +services: + app: + image: 'jc21/nginx-proxy-manager:latest' + restart: unless-stopped + ports: + # These ports are in format : + - '80:80' # Public HTTP Port + - '443:443' # Public HTTPS Port + - '81:81' # Admin Web Port + # Add any other Stream port you want to expose + # - '21:21' # FTP + + # Uncomment the next line if you uncomment anything in the section + # environment: + # Uncomment this if you want to change the location of + # the SQLite DB file within the container + # DB_SQLITE_FILE: "/data/database.sqlite" + + # Uncomment this if IPv6 is not enabled on your host + # DISABLE_IPV6: 'true' + + volumes: + - data:/data + - letsencrypt:/etc/letsencrypt diff --git a/reverseproxy/data/certbot/conf/options-ssl-nginx.conf b/reverseproxy/data/certbot/conf/options-ssl-nginx.conf deleted file mode 100644 index f2aadba..0000000 --- a/reverseproxy/data/certbot/conf/options-ssl-nginx.conf +++ /dev/null @@ -1,14 +0,0 @@ -# This file contains important security parameters. If you modify this file -# manually, Certbot will be unable to automatically provide future security -# updates. Instead, Certbot will print and log an error message with a path to -# the up-to-date file that you will need to refer to when manually updating -# this file. Contents are based on https://ssl-config.mozilla.org - -ssl_session_cache shared:le_nginx_SSL:10m; -ssl_session_timeout 1440m; -ssl_session_tickets off; - -ssl_protocols TLSv1.2 TLSv1.3; -ssl_prefer_server_ciphers off; - -ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; diff --git a/reverseproxy/data/certbot/conf/ssl-dhparams.pem b/reverseproxy/data/certbot/conf/ssl-dhparams.pem deleted file mode 100644 index 9b182b7..0000000 --- a/reverseproxy/data/certbot/conf/ssl-dhparams.pem +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN DH PARAMETERS----- -MIIBCAKCAQEA//////////+t+FRYortKmq/cViAnPTzx2LnFg84tNpWp4TZBFGQz -+8yTnc4kmz75fS/jY2MMddj2gbICrsRhetPfHtXV/WVhJDP1H18GbtCFY2VVPe0a -87VXE15/V8k1mE8McODmi3fipona8+/och3xWKE2rec1MKzKT0g6eXq8CrGCsyT7 -YdEIqUuyyOP7uWrat2DX9GgdT0Kj3jlN9K5W7edjcrsZCwenyO4KbXCeAvzhzffi -7MA0BM0oNC9hkXL+nOmFg/+OTxIy7vKBg8P+OxtMb61zO7X8vC7CIAXFjvGDfRaD -ssbzSibBsu/6iGtCOGEoXJf//////////wIBAg== ------END DH PARAMETERS----- diff --git a/reverseproxy/init-letsencrypt.sh b/reverseproxy/init-letsencrypt.sh index 3a1db05..cc5a9d1 100755 --- a/reverseproxy/init-letsencrypt.sh +++ b/reverseproxy/init-letsencrypt.sh @@ -7,7 +7,7 @@ fi domains=(vbchaos.ddns.net) rsa_key_size=4096 -data_path="./data/certbot" +data_path="./certbot_data" email="matthias.mitscherlich@gmail.com" # Adding a valid address is strongly recommended staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits