moving to https

This commit is contained in:
John Doe
2025-11-28 21:37:19 -05:00
parent fcdba6979d
commit f2d0255016
3 changed files with 43 additions and 2 deletions
+1
View File
@@ -51,6 +51,7 @@ services:
restart: unless-stopped
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./nginx/certs:/etc/nginx/certs:ro
security_opt:
- "label=disable"
depends_on:
+30
View File
@@ -0,0 +1,30 @@
#!/bin/bash
# Create certificates directory
mkdir -p ./nginx/certs
# Generate private key
openssl genrsa -out ./nginx/certs/server.key 2048
# Generate certificate signing request
openssl req -new -key ./nginx/certs/server.key -out ./nginx/certs/server.csr -subj "/C=US/ST=State/L=City/O=Organization/OU=OrgUnit/CN=localhost"
# Generate self-signed certificate (valid for 365 days)
openssl x509 -req -days 365 -in ./nginx/certs/server.csr -signkey ./nginx/certs/server.key -out ./nginx/certs/server.crt
# Create certificate bundle
cat ./nginx/certs/server.crt > ./nginx/certs/server.pem
cat ./nginx/certs/server.key >> ./nginx/certs/server.pem
# Set proper permissions
chmod 600 ./nginx/certs/server.key
chmod 644 ./nginx/certs/server.crt
chmod 644 ./nginx/certs/server.pem
# Clean up CSR file
rm ./nginx/certs/server.csr
echo "Self-signed certificates generated successfully!"
echo "Certificate: ./nginx/certs/server.crt"
echo "Private Key: ./nginx/certs/server.key"
echo "Bundle: ./nginx/certs/server.pem"
+12 -2
View File
@@ -7,16 +7,26 @@ http {
server drop-drop-shielded:3000;
}
# HTTPS server
server {
listen 14050;
listen 14050 ssl;
server_name _;
# SSL configuration
ssl_certificate /etc/nginx/certs/server.crt;
ssl_certificate_key /etc/nginx/certs/server.key;
# SSL settings
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://drop_backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Proto https;
# Handle WebSocket connections if needed
proxy_http_version 1.1;