multiple let's encrypt domains
This commit is contained in:
parent
8427564f4d
commit
ecf2de8b72
|
@ -197,7 +197,12 @@ Default value : system, exec, shell_exec, passthru, phpinfo, show_source, highli
|
|||
List of PHP functions blacklisted. They can't be used anywhere in PHP code.
|
||||
|
||||
## TODO
|
||||
- Edit CONTENT_SECURITY_POLICY default value
|
||||
- Listen HTTP through env var (remove temp when renewing with certbot - error if redirect also enabled)
|
||||
- Block country alternative as maxmind db
|
||||
- Test with default wordpress install
|
||||
- Test with custom confs reverse proxy
|
||||
- Edit CONTENT_SECURITY_POLICY default value ?
|
||||
- Custom TLS certificates
|
||||
- Documentation
|
||||
- Certificate Transparency
|
||||
- HSTS preload
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
listen 0.0.0.0:443 ssl %HTTP2%;
|
||||
server_name %SERVER_NAME%;
|
||||
ssl_certificate /etc/letsencrypt/live/%SERVER_NAME%/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/%SERVER_NAME%/privkey.pem;
|
||||
ssl_certificate /etc/letsencrypt/live/%FIRST_SERVER_NAME%/fullchain.pem;
|
||||
ssl_certificate_key /etc/letsencrypt/live/%FIRST_SERVER_NAME%/privkey.pem;
|
||||
ssl_protocols TLSv1.3;
|
||||
ssl_prefer_server_ciphers off;
|
||||
ssl_session_tickets off;
|
||||
|
|
|
@ -182,24 +182,30 @@ else
|
|||
fi
|
||||
if [ "$AUTO_LETS_ENCRYPT" = "yes" ] ; then
|
||||
replace_in_file "/etc/nginx/server.conf" "%LISTEN_HTTP%" ""
|
||||
|
||||
FIRST_SERVER_NAME=$(echo "$SERVER_NAME" | cut -d " " -f 1)
|
||||
DOMAINS_LETS_ENCRYPT=$(echo "$SERVER_NAME" | sed "s/ /,/g")
|
||||
EMAIL_LETS_ENCRYPT="${EMAIL_LETS_ENCRYPT-contact@$FIRST_SERVER_NAME}"
|
||||
|
||||
replace_in_file "/etc/nginx/server.conf" "%AUTO_LETS_ENCRYPT%" "include /etc/nginx/auto-lets-encrypt.conf;"
|
||||
|
||||
if [ "$HTTP2" = "yes" ] ; then
|
||||
replace_in_file "/etc/nginx/auto-lets-encrypt.conf" "%HTTP2%" "http2"
|
||||
else
|
||||
replace_in_file "/etc/nginx/auto-lets-encrypt.conf" "%HTTP2%" ""
|
||||
fi
|
||||
replace_in_file "/etc/nginx/auto-lets-encrypt.conf" "%SERVER_NAME%" "$SERVER_NAME"
|
||||
replace_in_file "/etc/nginx/auto-lets-encrypt.conf" "%FIRST_SERVER_NAME%" "$FIRST_SERVER_NAME"
|
||||
if [ "$STRICT_TRANSPORT_SECURITY" != "" ] ; then
|
||||
replace_in_file "/etc/nginx/auto-lets-encrypt.conf" "%STRICT_TRANSPORT_SECURITY%" "more_set_headers 'Strict-Transport-Security: $STRICT_TRANSPORT_SECURITY';"
|
||||
else
|
||||
replace_in_file "/etc/nginx/auto-lets-encrypt.conf" "%STRICT_TRANSPORT_SECURITY%" ""
|
||||
fi
|
||||
echo "0 0 * * * /opt/scripts/certbot-renew.sh" >> /etc/crontabs/root
|
||||
if [ -f /etc/letsencrypt/live/${SERVER_NAME}/fullchain.pem ] ; then
|
||||
if [ -f /etc/letsencrypt/live/${FIRST_SERVER_NAME}/fullchain.pem ] ; then
|
||||
/opt/scripts/certbot-renew.sh
|
||||
else
|
||||
certbot certonly --standalone -n --preferred-challenges http -d $SERVER_NAME --email contact@$SERVER_NAME --agree-tos
|
||||
certbot certonly --standalone -n --preferred-challenges http -d "$DOMAINS_LETS_ENCRYPT" --email "$EMAIL_LETS_ENCRYPT" --agree-tos
|
||||
fi
|
||||
echo "0 0 * * * /opt/scripts/certbot-renew.sh" >> /etc/crontabs/root
|
||||
else
|
||||
replace_in_file "/etc/nginx/server.conf" "%AUTO_LETS_ENCRYPT%" ""
|
||||
replace_in_file "/etc/nginx/server.conf" "%LISTEN_HTTP%" "listen 0.0.0.0:80;"
|
||||
|
|
Loading…
Reference in New Issue