##// END OF EJS Templates
realtime_web
RSS
Add https
jespinoza -
r46:74b7da9f69c6
parent child
Show More
Show file before | Show file after | Hide comments
@@ -0,0 +1,80
1 #!/bin/bash
2
3 if ! [ -x "$(command -v docker-compose)" ]; then
4 echo 'Error: docker-compose is not installed.' >&2
5 exit 1
6 fi
7
8 domains=jro-realtime.igp.gob.pe
9 rsa_key_size=4096
10 data_path="./certbot"
11 email="jespinoza@igp.gob.pe" # Adding a valid address is strongly recommended
12 staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits
13
14 if [ -d "$data_path" ]; then
15 read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision
16 if [ "$decision" != "Y" ] && [ "$decision" != "y" ]; then
17 exit
18 fi
19 fi
20
21
22 if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then
23 echo "### Downloading recommended TLS parameters ..."
24 mkdir -p "$data_path/conf"
25 curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf"
26 curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem"
27 echo
28 fi
29
30 echo "### Creating dummy certificate for $domains ..."
31 path="/etc/letsencrypt/live/$domains"
32 mkdir -p "$data_path/conf/live/$domains"
33 docker-compose run --rm --entrypoint "\
34 openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 1\
35 -keyout '$path/privkey.pem' \
36 -out '$path/fullchain.pem' \
37 -subj '/CN=localhost'" certbot
38 echo
39
40
41 echo "### Starting nginx ..."
42 docker-compose up --force-recreate -d nginx
43 echo
44
45 echo "### Deleting dummy certificate for $domains ..."
46 docker-compose run --rm --entrypoint "\
47 rm -Rf /etc/letsencrypt/live/$domains && \
48 rm -Rf /etc/letsencrypt/archive/$domains && \
49 rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot
50 echo
51
52
53 echo "### Requesting Let's Encrypt certificate for $domains ..."
54 #Join $domains to -d args
55 domain_args=""
56 for domain in "${domains[@]}"; do
57 domain_args="$domain_args -d $domain"
58 done
59
60 # Select appropriate email arg
61 case "$email" in
62 "") email_arg="--register-unsafely-without-email" ;;
63 *) email_arg="--email $email" ;;
64 esac
65
66 # Enable staging mode if needed
67 if [ $staging != "0" ]; then staging_arg="--staging"; fi
68
69 docker-compose run --rm --entrypoint "\
70 certbot certonly --webroot -w /var/www/certbot \
71 $staging_arg \
72 $email_arg \
73 $domain_args \
74 --rsa-key-size $rsa_key_size \
75 --agree-tos \
76 --force-renewal" certbot
77 echo
78
79 echo "### Reloading nginx ..."
80 docker-compose exec nginx nginx -s reload
Show file before | Show file after | Hide comments
@@ -0,0 +1,57
1 # configuration
2
3 upstream mydjango {
4 server web:8080;
5 }
6
7 server {
8 listen 8000;
9
10 location /.well-known/acme-challenge/ {
11 root /var/www/certbot;
12 }
13
14 location / {
15 return 301 https://$host$request_uri;
16 }
17
18 #location / {
19 # proxy_http_version 1.1;
20 # proxy_set_header Upgrade $http_upgrade;
21 # proxy_set_header Connection "upgrade";
22 # proxy_redirect off;
23 # proxy_pass http://mydjango;
24 # }
25
26 #location /static/ {
27 # alias /static/;
28 # }
29 }
30
31 server {
32 listen 443 ssl;
33 server_name http://jro-realtime.igp.gob.pe;
34 server_tokens off;
35
36 ssl_certificate /etc/letsencrypt/live/jro-realtime.igp.gob.pe/fullchain.pem;
37 ssl_certificate_key /etc/letsencrypt/live/jro-realtime.igp.gob.pe/privkey.pem;
38 include /etc/letsencrypt/options-ssl-nginx.conf;
39 ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
40
41 location / {
42 proxy_pass http://mydjango;
43 proxy_set_header Host $http_host;
44 proxy_set_header X-Real-IP $remote_addr;
45 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
46
47 # websockets
48 proxy_http_version 1.1;
49 proxy_set_header Upgrade $http_upgrade;
50 proxy_set_header Connection "upgrade";
51 }
52
53 location /static/ {
54 alias /static/;
55 }
56
57 }
Show file before | Show file after | Hide comments
@@ -0,0 +1,20
1 import os
2
3 from django.core.asgi import get_asgi_application
4
5 os.environ.setdefault("DJANGO_SETTINGS_MODULE", "realtime.settings")
6 django_asgi_app = get_asgi_application()
7
8 from channels.auth import AuthMiddlewareStack
9 from channels.routing import ProtocolTypeRouter, URLRouter
10 import plotter.routing
11
12
13 application = ProtocolTypeRouter({
14 'http': django_asgi_app,
15 'websocket': AuthMiddlewareStack(
16 URLRouter(
17 plotter.routing.websocket_urlpatterns
18 )
19 ),
20 })
General Comments 0
You need to be logged in to leave comments. Login now