From 13fc88d3fdb41e3f118a30bb25e9c15cf7ce4380 Mon Sep 17 00:00:00 2001 From: Abhinav Sarkar Date: Fri, 8 Jun 2018 18:03:10 +0000 Subject: [PATCH] Add SSL support to nginx and creates a new subdomain for WB. --- .gitignore | 1 + docker-compose.yml | 6 ++++-- nginx-conf/wallabag.conf | 16 +++++++++++++++- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/.gitignore b/.gitignore index 511f6d4..5c1a2e5 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ postgres-data wallabag nginx-log +certs diff --git a/docker-compose.yml b/docker-compose.yml index 9242cb7..16efda5 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -16,7 +16,7 @@ services: - SYMFONY__ENV__MAILER_USER=~ - SYMFONY__ENV__MAILER_PASSWORD=~ - SYMFONY__ENV__FROM_EMAIL=wallabag@space.abhinavsarkar.net - - SYMFONY__ENV__DOMAIN_NAME=http://space.abhinavsarkar.net + - SYMFONY__ENV__DOMAIN_NAME=https://bookmarks.abhinavsarkar.net depends_on: - db volumes: @@ -37,6 +37,8 @@ services: - wallabag ports: - "80:80" + - "443:443" volumes: - - ./nginx-conf:/etc/nginx/conf.d + - ./nginx-conf:/etc/nginx/conf.d:ro - ./nginx-log:/var/log/nginx + - ./certs:/etc/nginx/certs:ro diff --git a/nginx-conf/wallabag.conf b/nginx-conf/wallabag.conf index 40a8e83..09da3c3 100644 --- a/nginx-conf/wallabag.conf +++ b/nginx-conf/wallabag.conf @@ -1,5 +1,13 @@ server { - listen 80; + listen 443 ssl; + server_name bookmarks.abhinavsarkar.net; + + ssl_certificate /etc/nginx/certs/fullchain1.pem; + ssl_certificate_key /etc/nginx/certs/privkey1.pem; + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_prefer_server_ciphers on; + ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; proxy_set_header X-Real-IP $remote_addr; # pass on real client IP @@ -7,3 +15,9 @@ server { proxy_pass http://wallabag; } } + +server { + listen 80; + server_name bookmarks.abhinavsarkar.net; + return 301 https://$host$request_uri; +}