| @@ -0,0 +1,80 | |||
|
|
1 | #!/bin/bash | |
|
|
2 | ||
|
|
3 | if ! [ -x "$(command -v docker-compose)" ]; then | |
|
|
4 | echo 'Error: docker-compose is not installed.' >&2 | |
|
|
5 | exit 1 | |
|
|
6 | fi | |
|
|
7 | ||
|
|
8 | domains=jro-realtime.igp.gob.pe | |
|
|
9 | rsa_key_size=4096 | |
|
|
10 | data_path="./certbot" | |
|
|
11 | email="jespinoza@igp.gob.pe" # Adding a valid address is strongly recommended | |
|
|
12 | staging=0 # Set to 1 if you're testing your setup to avoid hitting request limits | |
|
|
13 | ||
|
|
14 | if [ -d "$data_path" ]; then | |
|
|
15 | read -p "Existing data found for $domains. Continue and replace existing certificate? (y/N) " decision | |
|
|
16 | if [ "$decision" != "Y" ] && [ "$decision" != "y" ]; then | |
|
|
17 | exit | |
|
|
18 | fi | |
|
|
19 | fi | |
|
|
20 | ||
|
|
21 | ||
|
|
22 | if [ ! -e "$data_path/conf/options-ssl-nginx.conf" ] || [ ! -e "$data_path/conf/ssl-dhparams.pem" ]; then | |
|
|
23 | echo "### Downloading recommended TLS parameters ..." | |
|
|
24 | mkdir -p "$data_path/conf" | |
|
|
25 | curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf > "$data_path/conf/options-ssl-nginx.conf" | |
|
|
26 | curl -s https://raw.githubusercontent.com/certbot/certbot/master/certbot/certbot/ssl-dhparams.pem > "$data_path/conf/ssl-dhparams.pem" | |
|
|
27 | echo | |
|
|
28 | fi | |
|
|
29 | ||
|
|
30 | echo "### Creating dummy certificate for $domains ..." | |
|
|
31 | path="/etc/letsencrypt/live/$domains" | |
|
|
32 | mkdir -p "$data_path/conf/live/$domains" | |
|
|
33 | docker-compose run --rm --entrypoint "\ | |
|
|
34 | openssl req -x509 -nodes -newkey rsa:$rsa_key_size -days 1\ | |
|
|
35 | -keyout '$path/privkey.pem' \ | |
|
|
36 | -out '$path/fullchain.pem' \ | |
|
|
37 | -subj '/CN=localhost'" certbot | |
|
|
38 | echo | |
|
|
39 | ||
|
|
40 | ||
|
|
41 | echo "### Starting nginx ..." | |
|
|
42 | docker-compose up --force-recreate -d nginx | |
|
|
43 | echo | |
|
|
44 | ||
|
|
45 | echo "### Deleting dummy certificate for $domains ..." | |
|
|
46 | docker-compose run --rm --entrypoint "\ | |
|
|
47 | rm -Rf /etc/letsencrypt/live/$domains && \ | |
|
|
48 | rm -Rf /etc/letsencrypt/archive/$domains && \ | |
|
|
49 | rm -Rf /etc/letsencrypt/renewal/$domains.conf" certbot | |
|
|
50 | echo | |
|
|
51 | ||
|
|
52 | ||
|
|
53 | echo "### Requesting Let's Encrypt certificate for $domains ..." | |
|
|
54 | #Join $domains to -d args | |
|
|
55 | domain_args="" | |
|
|
56 | for domain in "${domains[@]}"; do | |
|
|
57 | domain_args="$domain_args -d $domain" | |
|
|
58 | done | |
|
|
59 | ||
|
|
60 | # Select appropriate email arg | |
|
|
61 | case "$email" in | |
|
|
62 | "") email_arg="--register-unsafely-without-email" ;; | |
|
|
63 | *) email_arg="--email $email" ;; | |
|
|
64 | esac | |
|
|
65 | ||
|
|
66 | # Enable staging mode if needed | |
|
|
67 | if [ $staging != "0" ]; then staging_arg="--staging"; fi | |
|
|
68 | ||
|
|
69 | docker-compose run --rm --entrypoint "\ | |
|
|
70 | certbot certonly --webroot -w /var/www/certbot \ | |
|
|
71 | $staging_arg \ | |
|
|
72 | $email_arg \ | |
|
|
73 | $domain_args \ | |
|
|
74 | --rsa-key-size $rsa_key_size \ | |
|
|
75 | --agree-tos \ | |
|
|
76 | --force-renewal" certbot | |
|
|
77 | echo | |
|
|
78 | ||
|
|
79 | echo "### Reloading nginx ..." | |
|
|
80 | docker-compose exec nginx nginx -s reload | |
| @@ -0,0 +1,57 | |||
|
|
1 | # configuration | |
|
|
2 | ||
|
|
3 | upstream mydjango { | |
|
|
4 | server web:8080; | |
|
|
5 | } | |
|
|
6 | ||
|
|
7 | server { | |
|
|
8 | listen 8000; | |
|
|
9 | ||
|
|
10 | location /.well-known/acme-challenge/ { | |
|
|
11 | root /var/www/certbot; | |
|
|
12 | } | |
|
|
13 | ||
|
|
14 | location / { | |
|
|
15 | return 301 https://$host$request_uri; | |
|
|
16 | } | |
|
|
17 | ||
|
|
18 | #location / { | |
|
|
19 | # proxy_http_version 1.1; | |
|
|
20 | # proxy_set_header Upgrade $http_upgrade; | |
|
|
21 | # proxy_set_header Connection "upgrade"; | |
|
|
22 | # proxy_redirect off; | |
|
|
23 | # proxy_pass http://mydjango; | |
|
|
24 | # } | |
|
|
25 | ||
|
|
26 | #location /static/ { | |
|
|
27 | # alias /static/; | |
|
|
28 | # } | |
|
|
29 | } | |
|
|
30 | ||
|
|
31 | server { | |
|
|
32 | listen 443 ssl; | |
|
|
33 | server_name http://jro-realtime.igp.gob.pe; | |
|
|
34 | server_tokens off; | |
|
|
35 | ||
|
|
36 | ssl_certificate /etc/letsencrypt/live/jro-realtime.igp.gob.pe/fullchain.pem; | |
|
|
37 | ssl_certificate_key /etc/letsencrypt/live/jro-realtime.igp.gob.pe/privkey.pem; | |
|
|
38 | include /etc/letsencrypt/options-ssl-nginx.conf; | |
|
|
39 | ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; | |
|
|
40 | ||
|
|
41 | location / { | |
|
|
42 | proxy_pass http://mydjango; | |
|
|
43 | proxy_set_header Host $http_host; | |
|
|
44 | proxy_set_header X-Real-IP $remote_addr; | |
|
|
45 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
|
|
46 | ||
|
|
47 | # websockets | |
|
|
48 | proxy_http_version 1.1; | |
|
|
49 | proxy_set_header Upgrade $http_upgrade; | |
|
|
50 | proxy_set_header Connection "upgrade"; | |
|
|
51 | } | |
|
|
52 | ||
|
|
53 | location /static/ { | |
|
|
54 | alias /static/; | |
|
|
55 | } | |
|
|
56 | ||
|
|
57 | } | |
| @@ -0,0 +1,20 | |||
|
|
1 | import os | |
|
|
2 | ||
|
|
3 | from django.core.asgi import get_asgi_application | |
|
|
4 | ||
|
|
5 | os.environ.setdefault("DJANGO_SETTINGS_MODULE", "realtime.settings") | |
|
|
6 | django_asgi_app = get_asgi_application() | |
|
|
7 | ||
|
|
8 | from channels.auth import AuthMiddlewareStack | |
|
|
9 | from channels.routing import ProtocolTypeRouter, URLRouter | |
|
|
10 | import plotter.routing | |
|
|
11 | ||
|
|
12 | ||
|
|
13 | application = ProtocolTypeRouter({ | |
|
|
14 | 'http': django_asgi_app, | |
|
|
15 | 'websocket': AuthMiddlewareStack( | |
|
|
16 | URLRouter( | |
|
|
17 | plotter.routing.websocket_urlpatterns | |
|
|
18 | ) | |
|
|
19 | ), | |
|
|
20 | }) | |
General Comments 0
You need to be logged in to leave comments.
Login now