DEV Community

Rafael Martínez
Rafael Martínez

Posted on

Nginx Alpine + SSL Laradock

Configuraciones realizadas dentro del contenedor de nginx

Instalar Certbot dentro del contenedor de nginx

$ docker-compose exec nginx bash

#Instalar certbot
$ apk add certbot certbot-nginx
Enter fullscreen mode Exit fullscreen mode

Crear los certificados y siga las opciones

certbot certonly --email your-rafa.developers@gmail.com --no-eff-email -d ralphdev.tech -d www.ralphdev.tech
Enter fullscreen mode Exit fullscreen mode

Configuración .conf nginx

  • default.conf

    server {
    
        listen 80 default_server;
        #listen [::]:80 default_server ipv6only=on;
    
        # For https
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server ipv6only=on;
        # ssl_certificate /etc/nginx/ssl/default.crt;
        # ssl_certificate_key /etc/nginx/ssl/default.key;
    
        server_name ralphdev.tech;
        root /var/www/ralphdev;
        index index.php index.html index.htm;
    
        location / {
             try_files $uri $uri/ /index.php$is_args$args;
        }
    
        location ~ \.php$ {
            try_files $uri /index.php =404;
            fastcgi_pass php-upstream;
            fastcgi_index index.php;
            fastcgi_buffers 16 16k;
            fastcgi_buffer_size 32k;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            #fixes timeouts
            fastcgi_read_timeout 600;
            include fastcgi_params;
        }
    
        location ~ /\.ht {
            deny all;
        }
    
        location /.well-known/acme-challenge/ {
            root /var/www/letsencrypt/;
            log_not_found off;
        }
    
        return 301 https://ralphdev.tech$request_uri;
    }
    
  • ralphdev.tech.conf

    server {
    
        #listen 80;
        #listen [::]:80;
    
        # For https
        listen 443 ssl http2;
        #listen [::]:443 ssl ipv6only=on;
    
        ssl_certificate /etc/letsencrypt/live/ralphdev.tech/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/ralphdev.tech/privkey.pem;
    
        server_name www.ralphdev.tech;
        root /var/www/ralphdev;
        index index.php index.html index.htm;
    
        # Additional Nginx options
        include /etc/letsencrypt/options-ssl-nginx.conf;
    
        # Diffie-Hellman parameter for DHE ciphersuites
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    
        # Security headers
        add_header X-Frame-Options "SAMEORIGIN" always;
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header Referrer-Policy "no-referrer-when-downgrade" always;
        add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
    
        location / {
             try_files $uri $uri/ /index.php$is_args$args;
        }
    
        location ~ \.php$ {
            try_files $uri /index.php =404;
            fastcgi_pass php-upstream;
            fastcgi_index index.php;
            fastcgi_buffers 16 16k;
            fastcgi_buffer_size 32k;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            #fixes timeouts
            fastcgi_read_timeout 600;
            include fastcgi_params;
        }
    
        location ~ /\.ht {
            deny all;
        }
    
        # SEO files
        location = /robots.txt { log_not_found off; }
        location = /sitemap.xml { log_not_found off; }
        location = /favicon.ico { log_not_found off; }
    
        # Assets, media
        location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ {
            expires 7d;
        }
    
        # SVG, fonts
        location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ {
            add_header Access-Control-Allow-Origin "*";
            expires 7d;
        }
    
        location /.well-known/acme-challenge/ {
            root /var/www/letsencrypt/;
            log_not_found off;
        }
    
        error_log /var/log/nginx/ralphdev_error.log;
        access_log /var/log/nginx/ralphdev_access.log;
    
    }
    
  • Rutas del cronjob

    • etc/periodic/
    • chmod a+x /etc/periodic/[path/scriptname]
    • echo '#!/bin/sh' >> scriptname
    • rc-service crond start && rc-update add crond
    #!/bin/sh
    # min   hour    day     month   weekday command
    *       12       *       *       *       /usr/bin/certbot renew --quiet
    

Adicional

// Install vim 
$ apk add vim
$ vi --version
Enter fullscreen mode Exit fullscreen mode

Discussion (0)