From f31d593e3abe38c5c97798fc7a0cf00a01360a56 Mon Sep 17 00:00:00 2001 From: Sindre Stephansen Date: Mon, 9 Mar 2020 12:06:27 +0100 Subject: [PATCH] Add HTTPS support with a self signed certificate Fixes #3 --- src/app/selfsigned.crt | 24 ++++++++++++++++++++++++ src/app/selfsigned.key | 28 ++++++++++++++++++++++++++++ src/entrypoint.sh | 30 +++++++++++++++--------------- 3 files changed, 67 insertions(+), 15 deletions(-) create mode 100644 src/app/selfsigned.crt create mode 100644 src/app/selfsigned.key diff --git a/src/app/selfsigned.crt b/src/app/selfsigned.crt new file mode 100644 index 0000000..0550633 --- /dev/null +++ b/src/app/selfsigned.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIID+TCCAuGgAwIBAgIUZwy6+bL1H2+S+BZc05gtzYv5j9cwDQYJKoZIhvcNAQEL +BQAwgYsxCzAJBgNVBAYTAk5PMRUwEwYDVQQIDAxUcsODwrhuZGVsYWcxEjAQBgNV +BAcMCVRyb25kaGVpbTENMAsGA1UECgwETlROVTELMAkGA1UECwwCSUUxETAPBgNV +BAMMCEJlZWxhbmNlMSIwIAYJKoZIhvcNAQkBFhNzaW5kYXNAc3R1ZC5udG51Lm5v +MB4XDTIwMDMwOTEwNDgwMloXDTIxMDMwOTEwNDgwMlowgYsxCzAJBgNVBAYTAk5P +MRUwEwYDVQQIDAxUcsODwrhuZGVsYWcxEjAQBgNVBAcMCVRyb25kaGVpbTENMAsG +A1UECgwETlROVTELMAkGA1UECwwCSUUxETAPBgNVBAMMCEJlZWxhbmNlMSIwIAYJ +KoZIhvcNAQkBFhNzaW5kYXNAc3R1ZC5udG51Lm5vMIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAv/UlDmzXKuHpa6DDohUnkpgRYjPpu2Z1TT7J7fJX7LDh +zP8M7ePC1AwJAkfnVDmjonZIi/4ZMTzEGnMi3dPcgSXsgwaanSyRjpkH8yDGClLj +rG0NZjwjgJ18h7xJhgGNOQ8KERZV0oua1j91K4jvVX75y1EcmEAWVlOJZXrFdE6J +g338LB9NXiWAyFM9rZaz9/5PgFeEsGOoSdqz9r6K+PAqADZTTOHtdz32cCMk1sQb +FDHzlt5w2WzWWnoh81FEj3DULZZ4bWIIE2Ch3pCttXGfCNeOWTnleQJ7nSGa87lJ +vhQdME+7aBL3qNaqM5aHqIMngvrvsH915D2XpPMIswIDAQABo1MwUTAdBgNVHQ4E +FgQU0CvVs2LKtFp8Ika+cfX5yRNKab4wHwYDVR0jBBgwFoAU0CvVs2LKtFp8Ika+ +cfX5yRNKab4wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAFoLW +qF/d7B0Mw5+In93h5Vc9tpJJSu7sQ1PNcim4rr0+f15zoLhZHxtPnHRouMoUkJA4 +Z5lBPCZvq5KyyJJTvT3SSeHHezls4dTGd5iazBC9M5Hepe/WDgEfgbmepFBvacil +L5BnTKHQUs7h4YRQD0GvxKWFZShdTzCI51ySmfLRhw93id6qETqUxk3+9HhWTCjt +OfMJPIDlSaKeo9WNEdzPvS+4TU9I06sics7SPK+LIS0ghy328ATDerSmVHRrJ6nj +FHief+u/vPEm+7s5bOHQZ2k2NDnpNb26h4gOZmx4LTXdWEh5lkdXqPJ3VunZaFhr +BrYAVVcf7krExPFt9A== +-----END CERTIFICATE----- diff --git a/src/app/selfsigned.key b/src/app/selfsigned.key new file mode 100644 index 0000000..cca0479 --- /dev/null +++ b/src/app/selfsigned.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC/9SUObNcq4elr +oMOiFSeSmBFiM+m7ZnVNPsnt8lfssOHM/wzt48LUDAkCR+dUOaOidkiL/hkxPMQa +cyLd09yBJeyDBpqdLJGOmQfzIMYKUuOsbQ1mPCOAnXyHvEmGAY05DwoRFlXSi5rW +P3UriO9VfvnLURyYQBZWU4llesV0TomDffwsH01eJYDIUz2tlrP3/k+AV4SwY6hJ +2rP2vor48CoANlNM4e13PfZwIyTWxBsUMfOW3nDZbNZaeiHzUUSPcNQtlnhtYggT +YKHekK21cZ8I145ZOeV5AnudIZrzuUm+FB0wT7toEveo1qozloeogyeC+u+wf3Xk +PZek8wizAgMBAAECggEAdxQNA9DS/aAdHA4jrhVvcgnxprjLgtxBYkTUIU7X6lWk +DXYewCgtQTuiDw8p2t7SusKjqGxdlmS6ximsdG2r+VXcTT+4hE4UkaAvBUzMbbUT +1W/lAwnFgFCx4sYT2hR2VfIVbZosbSr7R3MgLXyJ88CMFutfULdY4/54WkJ54PaQ +IxJfeUNRYeaCqXxwXNzThzD85A/zN7gingm85n/v391YcDNCqLx2GPfTJwdfkLY5 +reZmBdiak4zW5N3jenZi9rUVBV9rYGQbqiwkNs8Zd7WTfAM3o7zVx7YVs8HVBlmp +U2xiOy+63gd/Z5kq2jWVRnAdvaDoFhiuSVs/RcGeaQKBgQDnLOV+Nq4cCQGDaACv +ccjB7Hg9pgmzpLnjna48TXtdWTLQcNvWLR347RQwr+bJB5sO/H2gFEYm5sqeGZjj +7wcWF8wwiLVeMsOnTmpy5vVyICTiVwS6mvGcX5Zhb5bRPJhg5M2X/E/sxOQdwwDB +hrEzWAalDVZ6lxBjLruWPMwaZQKBgQDUkiLGSYApouuhCejenIrZhL3qlChaySjU +v1bVUdGMayjEPQlA5PVCy3MmO5aol8sJ3NpqpLOAWHu0hj3PheZEHyvqwIBAaIBE +FDjIgSqN8pzyFQ1CFX3EnzaOpWmi3mKlEyVM1GzhrKhT9/rH1014dVoosVU04jfK +UD6EjVeZNwKBgChYr5z9khmWgMscZbI5G56s1Ld9uQe/YioVpQklRLigDrxOVi/l +I+wEBJgSuyauyyMscgh0QWIcuZQqR4LQft4ePSbjVTQhjAAxMWboZEIM1iMiqNKg +pDZ0gFx1C09tUfLnO/KguJpMKrv/AqzEAz1AybgYwdUXdGa7C0ZHSh/5AoGBAKvg +qauI/M8tw7aHq7pr+z1cPq+xMlwN8SzstYpwyK3wa5sY+yV0u/dRR/8vCWeyrOKB +qD24hMePRB84uDvXOdP1HG6JTmpF1Qi3DR7aig0SkeKQMRMxC2tzjQqUJzEg/cQa +Efvoe02SbNzQUv9JUIPI56ilko7bJ183uQU2wBDLAoGBAIb4/nHO0ADCSMacKrgx ++ICL23zPgtGSZ0gtgSuCNykz90oIVAmSuRf8r13mjNBA8nAre4n0c2L1Twnb19JH +q9POxSDxH7x8j7coJdx+ZcjKB8hYKIBjiddqeRIvJ7vAaaxIPft1ROxZUe4hKrhM +ka88v7CzvJHW9xs8wIM7RVM0 +-----END PRIVATE KEY----- diff --git a/src/entrypoint.sh b/src/entrypoint.sh index 1159474..14e6adb 100644 --- a/src/entrypoint.sh +++ b/src/entrypoint.sh @@ -27,23 +27,23 @@ content_server=$content_server'}\n' # Configuration skeleton for using SSL # https://nginx.org/en/docs/http/configuring_https_servers.html -#content_server=$content_server'server {\n' -#content_server=$content_server" listen 443 ssl http2;\n" -#content_server=$content_server' ssl_certificate ;\n' -#content_server=$content_server' ssl_certificate_key ;\n' -#content_server=$content_server' ssl_protocols ;\n' -#content_server=$content_server' ssl_ciphers ;\n' -#content_server=$content_server' location / {\n' -#content_server=$content_server' include uwsgi_params;\n' -#content_server=$content_server' uwsgi_pass unix:///tmp/uwsgi.sock;\n' -#content_server=$content_server' }\n' -#content_server=$content_server" location $USE_STATIC_URL {\n" -#content_server=$content_server" alias $USE_STATIC_PATH;\n" -#content_server=$content_server' }\n' -#content_server=$content_server'}\n' +content_server=$content_server'server {\n' +content_server=$content_server" listen 443 ssl http2;\n" +content_server=$content_server' ssl_certificate /app/selfsigned.crt;\n' +content_server=$content_server' ssl_certificate_key /app/selfsigned.key;\n' +content_server=$content_server' ssl_protocols TLSv1 TLSv1.1 TLSv1.2;\n' +content_server=$content_server' ssl_ciphers HIGH:!aNULL:!MD5;\n' +content_server=$content_server' location / {\n' +content_server=$content_server' include uwsgi_params;\n' +content_server=$content_server' uwsgi_pass unix:///tmp/uwsgi.sock;\n' +content_server=$content_server' }\n' +content_server=$content_server" location $USE_STATIC_URL {\n" +content_server=$content_server" alias $USE_STATIC_PATH;\n" +content_server=$content_server' }\n' +content_server=$content_server'}\n' # Save generated server /etc/nginx/conf.d/nginx.conf printf "$content_server" > /etc/nginx/conf.d/nginx.conf -exec "$@" \ No newline at end of file +exec "$@"