mirror of
https://github.com/BillyOutlast/Drop-Shielded.git
synced 2026-07-01 10:44:04 -04:00
moving to https
This commit is contained in:
@@ -51,6 +51,7 @@ services:
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
|
||||
- ./nginx/certs:/etc/nginx/certs:ro
|
||||
security_opt:
|
||||
- "label=disable"
|
||||
depends_on:
|
||||
|
||||
@@ -0,0 +1,30 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Create certificates directory
|
||||
mkdir -p ./nginx/certs
|
||||
|
||||
# Generate private key
|
||||
openssl genrsa -out ./nginx/certs/server.key 2048
|
||||
|
||||
# Generate certificate signing request
|
||||
openssl req -new -key ./nginx/certs/server.key -out ./nginx/certs/server.csr -subj "/C=US/ST=State/L=City/O=Organization/OU=OrgUnit/CN=localhost"
|
||||
|
||||
# Generate self-signed certificate (valid for 365 days)
|
||||
openssl x509 -req -days 365 -in ./nginx/certs/server.csr -signkey ./nginx/certs/server.key -out ./nginx/certs/server.crt
|
||||
|
||||
# Create certificate bundle
|
||||
cat ./nginx/certs/server.crt > ./nginx/certs/server.pem
|
||||
cat ./nginx/certs/server.key >> ./nginx/certs/server.pem
|
||||
|
||||
# Set proper permissions
|
||||
chmod 600 ./nginx/certs/server.key
|
||||
chmod 644 ./nginx/certs/server.crt
|
||||
chmod 644 ./nginx/certs/server.pem
|
||||
|
||||
# Clean up CSR file
|
||||
rm ./nginx/certs/server.csr
|
||||
|
||||
echo "Self-signed certificates generated successfully!"
|
||||
echo "Certificate: ./nginx/certs/server.crt"
|
||||
echo "Private Key: ./nginx/certs/server.key"
|
||||
echo "Bundle: ./nginx/certs/server.pem"
|
||||
+12
-2
@@ -7,16 +7,26 @@ http {
|
||||
server drop-drop-shielded:3000;
|
||||
}
|
||||
|
||||
# HTTPS server
|
||||
server {
|
||||
listen 14050;
|
||||
listen 14050 ssl;
|
||||
server_name _;
|
||||
|
||||
# SSL configuration
|
||||
ssl_certificate /etc/nginx/certs/server.crt;
|
||||
ssl_certificate_key /etc/nginx/certs/server.key;
|
||||
|
||||
# SSL settings
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers HIGH:!aNULL:!MD5;
|
||||
ssl_prefer_server_ciphers on;
|
||||
|
||||
location / {
|
||||
proxy_pass http://drop_backend;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
|
||||
# Handle WebSocket connections if needed
|
||||
proxy_http_version 1.1;
|
||||
|
||||
Reference in New Issue
Block a user