First stab at implementing nginx HTTPS reverse proxying

Twanislas · Aug 29, 2018 · ca213cf · ca213cf
1 parent 468cdd2
commit ca213cf
Show file tree

Hide file tree

Showing 6 changed files with 76 additions and 0 deletions.
diff --git a/certbot-init.sh b/certbot-init.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+
+BASEDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+docker pull certbot/dns-ovh && \
+docker run -it --rm --name certbot \
+  -v "${BASEDIR}/config/certbot:/etc/letsencrypt" \
+  certbot/dns-ovh certonly \
+  --agree-tos \
+  --email [email protected] \
+  --no-eff-email \
+  --dns-ovh \
+  --dns-ovh-credentials /etc/letsencrypt/ovh-credentials.ini \
+  --dns-ovh-propagation-seconds 120 \
+  -d tv.twan.ovh
diff --git a/certbot-refresh.sh b/certbot-refresh.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+BASEDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+docker pull certbot/dns-ovh && \
+docker run -it --rm --name certbot \
+  -v "${BASEDIR}/config/certbot:/etc/letsencrypt" \
+  certbot/dns-ovh renew
diff --git a/config/certbot/.gitignore b/config/certbot/.gitignore
@@ -0,0 +1,5 @@
+# Ignore everything in this directory
+*
+# Except these
+!.gitignore
+!ovh-credentials.ini.example
diff --git a/config/certbot/ovh-credentials.ini.example b/config/certbot/ovh-credentials.ini.example
@@ -0,0 +1,7 @@
+# OVH API credentials for Certbot
+# Documentation here : https://certbot-dns-ovh.readthedocs.io/
+
+dns_ovh_endpoint = ovh-eu
+dns_ovh_application_key = MDAwMDAwMDAwMDAw
+dns_ovh_application_secret = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
+dns_ovh_consumer_key = MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
diff --git a/config/nginx/nginx.conf b/config/nginx/nginx.conf
@@ -0,0 +1,33 @@
+worker_processes  1;
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include /etc/nginx/mime.types;
+    gzip  on;
+    gzip_http_version 1.1;
+    gzip_comp_level 2;
+    gzip_types text/plain text/html text/css
+                    application/x-javascript text/xml
+                    application/xml application/xml+rss
+                    text/javascript;
+
+    server {
+        listen 443 default_server ssl;
+
+        server_name tv.twan.ovh;
+
+        ssl_certificate /etc/letsencrypt/live/tv.twan.ovh/cert.pem;
+        ssl_certificate_key /etc/letsencrypt/live/tv.twan.ovh/privkey.pem;
+
+        location /sonarr/ {
+            proxy_pass http://sonarr:8989;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+    }
+}
diff --git a/docker-compose.yml.example b/docker-compose.yml.example
@@ -92,3 +92,11 @@ services:
       volumes:
         - ./config/plexpy:/config
         - "./config/plex/Library/Application Support/Plex Media Server/Logs:/plex_logs:ro"
+  nginx:
+    image: nginx:stable-alpine
+    restart: always
+    ports:
+      - 443/tcp
+    volumes:
+      - ./config/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+      - ./config/certbot:/etc/letsencrypt:ro