Fast/nginx-main
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added add_location.sh

Browse Source
This commit is contained in:
anorien90
2025-12-03 17:09:07 +00:00
parent e7128e8652
commit 8c976051ab
7 changed files with 101 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
bin/add_server.sh Executable file
View File

@@ -0,0 +1,14 @@
#!/bin/bash
read -p "Enter server name: " SERVER_NAME
mkdir .tmp
cp ./config/nginx/template/http_location.conf .tmp/"$SERVER_NAME.conf"
# Replace placeholder SERVER_NAME in the copied file
sed -i "s/SERVER_NAME/$SERVER_NAME/g" .tmp/"$SERVER_NAME.conf"
mv .tmp/"$SERVER_NAME.conf" ./config/nginx/conf.d/
docker exec -it nginx-main nginx -s reload
docker exec -it certbot certbot certaonly --nginx -d "$SERVER_NAME" -d "www.$SERVER_NAME"

0
bin/add_user.sh Executable file
View File

17
config/nginx/template/http_location.conf Normal file
View File

@@ -0,0 +1,17 @@
server {
# Listen on port 80 for standard HTTP traffic
listen 80;
# Specify the domain name this block should respond to
server_name SERVER_NAME;
location .well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
# Redirect all HTTP requests to HTTPS
return 301 https://$host$request_uri;
}
}

44
config/nginx/template/https_location.conf Normal file
View File

@@ -0,0 +1,44 @@
server {
# Listen on port 80 for standard HTTP traffic
listen 80;
# Specify the domain name this block should respond to
server_name SERVER_NAME;
location .well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
# Redirect all HTTP requests to HTTPS
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name SERVER_NAME;
ssl_certificate /etc/letsencrypt/live/SERVER_NAME/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/SERVER_NAME/privkey.pem;
root /var/www/html/SERVER_NAME;
index index.html index.htm;
location / {
auth_basic "Restricted Documentation Area";
auth_basic_user_file /etc/nginx/auth/AUTH_FILE;
try_files $uri $uri/ =404;
}
location ~* \.(css|js|jpg|jpeg|png|gif|ico|svg)$ {
# Set cache duration to 30 days
expires 30d;
# Disable access logging for these files to reduce disk I/O
access_log off;
auth_basic "Restricted Documentation Area";
auth_basic_user_file /etc/nginx/auth/AUTH_FILE;
}
}

1
data/auth/.htpasswd Normal file
View File

@@ -0,0 +1 @@
admin:$apr1$5wUJG.eY$rMZE3iil418vpdvzPJyUZ0

23
docker-compose.yml
View File

@@ -6,13 +6,12 @@ services:
- "80:80" - "80:80"
- "443:443" - "443:443"
volumes: volumes:
- ./data/nginx.conf/:/etc/nginx/nginx.conf:ro # Nginx should only read its config - ./config/nginx/:/etc/nginx/:ro # Nginx should only read its config
- ./data/.htpasswd:/etc/nginx/.htpasswd:ro - ./data/auth/:/etc/nginx/auth:ro
- ./data/conf.d/:/etc/nginx/conf.d/:ro - ./data/certbot:/var/www/certbot/:ro
- ./data/certbot/www:/var/www/certbot/:ro - ./config/certbot:/etc/letsencrypt/:ro
- ./data/certbot/conf:/etc/letsencrypt/:ro - ./data/www/html/:/var/www/html/:ro
- /prod/data/docs/:/var/www/html/docs.nxs.solutions/:ro - ./logs/nginx/:/var/log/nginx/:rw
- ./logs/:/var/log/nginx/:rw
networks: networks:
- fast-services - fast-services
restart: always restart: always
@@ -24,9 +23,9 @@ services:
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $!; done;'" entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $!; done;'"
volumes: volumes:
# Must be read-write for certbot to place challenge files # Must be read-write for certbot to place challenge files
- ./data/certbot/www:/var/www/certbot/:rw - ./data/certbot/:/var/www/certbot/:rw
# Must be read-write for certbot to store and renew certificates # Must be read-write for certbot to store and renew certificates
- ./data/certbot/conf:/etc/letsencrypt/:rw - ./config/certbot/:/etc/letsencrypt/:rw
# Only runs when explicitly called or for renewal cronjob # Only runs when explicitly called or for renewal cronjob
restart: unless-stopped restart: unless-stopped
networks: networks:
@@ -43,11 +42,7 @@ services:
# Ensure it always restarts # Ensure it always restarts
restart: always restart: always
volumes: volumes:
# 1. Mount the Nginx logs from the host (Read-Only) - ./logs/nginx:/var/log/nginx:ro
- ./logs:/var/log/nginx:ro
# 2. Persist Fail2Ban's configuration and database
- /var/log/auth.log:/var/log/auth.log:ro
- /prod/gitea/logs/access.log:/var/log/gitea/access.log:ro
- ./data/fail2ban:/data - ./data/fail2ban:/data
environment: environment:
# Optional: set timezone # Optional: set timezone

16
setup.sh Normal file → Executable file
View File

@@ -0,0 +1,16 @@
#!/bin/bash
# Create a basic authentication file for Nginx
# 1. Check if htpasswd command is available
if ! command -v htpasswd &> /dev/null
then
echo "htpasswd could not be found, please install apache2-utils or httpd-tools."
sudo apt-get update && sudo apt-get install -y apache2-utils
fi
# 2. Create the password file with at least one user
echo "Create an admin user for basic authentication."
htpasswd -c ./data/auth/.htpasswd admin
echo "Basic authentication file created at ./data/auth/.htpasswd"