chris/scarif
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updating certbot service

Browse Source
This commit is contained in:
Chris
2023-07-09 22:56:43 +01:00
parent 3d5de76f8d
commit 337f17460d
4 changed files with 50 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
certbot/certbot.service
View File

@@ -3,4 +3,4 @@ Description=Let's Encrypt renewal
[Service] [Service]
Type=oneshot Type=oneshot
ExecStart=/usr/bin/certbot renew --quiet --agree-tos --deploy-hook "cp /etc/letsencrypt/live/scarif.space-001/fullchain.pem /opt/ssl/scarif.space.crt && cp /etc/letsencrypt/live/scarif.space-001/privkey.pem /opt/ssl/scarif.space.key && docker-compose -f /opt/scarif/docker-compose.yml exec nginx nginx -s reload" ExecStart=/usr/bin/certbot renew --quiet --agree-tos --deploy-hook "cp /etc/letsencrypt/live/scarif.space-0001/fullchain.pem /opt/ssl/scarif.space.crt && cp /etc/letsencrypt/live/scarif.space-0001/privkey.pem /opt/ssl/scarif.space.key && docker-compose -f /opt/scarif/docker-compose.yml exec nginx nginx -s reload"

19
docker-compose.yml
View File

@@ -129,6 +129,23 @@ services:
depends_on: depends_on:
- db - db
pihole:
<<: *logging
image: pihole/pihole:latest
ports:
- "53:53/tcp"
- "53:53/udp"
environment:
TZ: "Europe/London"
WEBPASSWORD: ${PIHOLE_PASSWORD}
VIRTUAL_HOST: net.${DOMAIN}
volumes:
- "/docker/pihole/etc-pihole:/etc/pihole"
- "/docker/pihole/etc-dnsmasq.d:/etc/dnsmasq.d"
restart: unless-stopped
networks:
- nginx
jitsi: jitsi:
<<: *logging <<: *logging
image: jitsi/web:stable image: jitsi/web:stable
@@ -510,6 +527,8 @@ services:
- nextcloud - nextcloud
- gitea - gitea
- collabora - collabora
- pihole
- foundry
ports: ports:
- 443:443 - 443:443
networks: networks:

1
exports
View File

@@ -4,6 +4,7 @@
# /srv/home hostname1(rw,sync) hostname2(ro,sync) # /srv/home hostname1(rw,sync) hostname2(ro,sync)
# Example for NFSv4: # Example for NFSv4:
/mnt/tower/stardust/chris/files 192.168.2.0/24(rw,sync,no_subtree_check) /mnt/tower/stardust/chris/files 192.168.2.0/24(rw,sync,no_subtree_check)
/mnt/tower/foundry/Data 192.168.2.0/24(rw,sync,no_subtree_check)
#/mnt/tower/stardust/chris/files 192.168.1.0/24(rw,sync) #/mnt/tower/stardust/chris/files 192.168.1.0/24(rw,sync)
# /srv/nfs4 hostname1(rw,sync,fsid=0) # /srv/nfs4 hostname1(rw,sync,fsid=0)
# /srv/nfs4/home hostname1(rw,sync,nohide) # /srv/nfs4/home hostname1(rw,sync,nohide)

29
nginx/nginx.conf.template
View File

@@ -311,6 +311,35 @@ http {
} }
} }
upstream pihole-handler {
server pihole;
}
server {
listen 443 ssl http2;
ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
server_name net.${DOMAIN};
client_max_body_size 300M;
location / {
# Set proxy headers
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# These are important to support WebSockets;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_pass http://pihole-handler;
}
}
upstream jitsi-handler { upstream jitsi-handler {
server jitsi:80; server jitsi:80;
} }