updating certbot service

2023-07-09 22:56:43 +01:00
parent 3d5de76f8d
commit 337f17460d
4 changed files with 50 additions and 1 deletions
--- a/certbot/certbot.service
+++ b/certbot/certbot.service
@@ -3,4 +3,4 @@ Description=Let's Encrypt renewal

 [Service]
 Type=oneshot
-ExecStart=/usr/bin/certbot renew --quiet --agree-tos --deploy-hook "cp /etc/letsencrypt/live/scarif.space-001/fullchain.pem /opt/ssl/scarif.space.crt && cp /etc/letsencrypt/live/scarif.space-001/privkey.pem /opt/ssl/scarif.space.key && docker-compose -f /opt/scarif/docker-compose.yml exec nginx nginx -s reload"
+ExecStart=/usr/bin/certbot renew --quiet --agree-tos --deploy-hook "cp /etc/letsencrypt/live/scarif.space-0001/fullchain.pem /opt/ssl/scarif.space.crt && cp /etc/letsencrypt/live/scarif.space-0001/privkey.pem /opt/ssl/scarif.space.key && docker-compose -f /opt/scarif/docker-compose.yml exec nginx nginx -s reload"
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -129,6 +129,23 @@ services:
    depends_on:
      - db

+  pihole:
+    <<: *logging
+    image: pihole/pihole:latest
+    ports:
+      - "53:53/tcp"
+      - "53:53/udp"
+    environment:
+      TZ: "Europe/London"
+      WEBPASSWORD: ${PIHOLE_PASSWORD}
+      VIRTUAL_HOST: net.${DOMAIN}
+    volumes:
+      - "/docker/pihole/etc-pihole:/etc/pihole"
+      - "/docker/pihole/etc-dnsmasq.d:/etc/dnsmasq.d"
+    restart: unless-stopped
+    networks:
+      - nginx
+
  jitsi:
    <<: *logging
    image: jitsi/web:stable
@@ -510,6 +527,8 @@ services:
      - nextcloud
      - gitea
      - collabora
+      - pihole
+      - foundry
    ports:
      - 443:443
    networks:
--- a/1
+++ b/1
@@ -4,6 +4,7 @@
 #  /srv/home        hostname1(rw,sync) hostname2(ro,sync)
 # Example for NFSv4:
 /mnt/tower/stardust/chris/files 192.168.2.0/24(rw,sync,no_subtree_check)
+/mnt/tower/foundry/Data 192.168.2.0/24(rw,sync,no_subtree_check)
 #/mnt/tower/stardust/chris/files 192.168.1.0/24(rw,sync)
 #  /srv/nfs4	    hostname1(rw,sync,fsid=0)
 #  /srv/nfs4/home   hostname1(rw,sync,nohide)
--- a/nginx/nginx.conf.template
+++ b/nginx/nginx.conf.template
@@ -311,6 +311,35 @@ http {
        }
    }

+    upstream pihole-handler {
+        server pihole;
+    }
+
+    server {
+        listen 443 ssl http2;
+
+        ssl_certificate /etc/nginx/certs/${DOMAIN}.crt;
+        ssl_certificate_key /etc/nginx/certs/${DOMAIN}.key;
+
+        server_name net.${DOMAIN};
+
+        client_max_body_size 300M;
+
+        location / {
+          
+            # Set proxy headers
+            proxy_set_header Host $host;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+
+            # These are important to support WebSockets;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "Upgrade";
+          
+            proxy_pass http://pihole-handler;
+        }
+    }
+
    upstream jitsi-handler {
        server jitsi:80;
    }