self/infra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ssl

Browse Source
This commit is contained in:
Administrator 2022-09-05 19:40:26 +03:00
parent 58b65f2912
commit 0bc164c5c7
5 changed files with 220 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nginx/nginx-dev/Dockerfile
View File

@ -1,2 +1,4 @@
FROM nginx
COPY ./nginx-dev.conf /etc/nginx/nginx.conf
COPY ./nginx-dev.conf /etc/nginx/nginx.conf
COPY ./privkey.pem /etc/nginx/privkey.pem
COPY ./fullchain.pem /etc/nginx/fullchain.pem

91
nginx/nginx-dev/fullchain.pem Normal file
View File

@ -0,0 +1,91 @@
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISBJgd3mowGlIiuVJYGYl+KutHMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjA5MDUxNDUxMjZaFw0yMjEyMDQxNDUxMjVaMCExHzAdBgNVBAMM
FiouZGV2ZWxvcC5zcHJpbnRodWIucnUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDfxwyifWyZ5MBBGj3V2y6HqeOWvIneDRo+m33hHGB7FvUo/yfGu0Oz
psEgOwiuKHHre/2Xy1oxki0iVV9ANmHYuk7rgBQxJn0MN1suvq2JUq4X6uy9nr9a
C7/0B9QbqQB9+tiGJbPEoPV+p5Mqk86s+semJfLlDRvFT1mdETErbuAi2ei90NUZ
8Oa8UWYny3AdVswBHYzdULCrzHlr7y+Bju0xJ5isDQwVeslw02yRhOnSiTsFvrhc
aDysBs+8APXgFiRPLNea289mfznm5883h2FnH/P+3K71jGWkIC9K0hL12Umw1wMf
Tvw0PDdn6XP3NA0ivkixgIUDu8WIHxBNAgMBAAGjggJQMIICTDAOBgNVHQ8BAf8E
BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQC
MAAwHQYDVR0OBBYEFIEqTa4VQLAvVMinVGrIKzb4BSsMMB8GA1UdIwQYMBaAFBQu
sxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYV
aHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5s
ZW5jci5vcmcvMCEGA1UdEQQaMBiCFiouZGV2ZWxvcC5zcHJpbnRodWIucnUwTAYD
VR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYa
aHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHx
AO8AdQBByMqx3yJGShDGoToJQodeTjGLGwPr60vHaPCQYpYG9gAAAYMOWXPFAAAE
AwBGMEQCID3S1Vt0TzBKDoxfS56HkVQjzdpCeuy11rkjuVPQPcc2AiAQvDszF3k7
VdKvu8twSfKSfU2Ppu9MCCBEwcNWhznexAB2ACl5vvCeOTkh8FZzn2Old+W+V32c
YAr4+U1dJlwlXceEAAABgw5Zc6QAAAQDAEcwRQIgQM/VQGeG4G2tgqGWVu32wm3T
izo3yLCD8Lm3YOAAxA8CIQDZBI/+87wqZ7IpIfbENJaZ7FIw/qbGnTy4A1wtNNG4
kTANBgkqhkiG9w0BAQsFAAOCAQEAdVXjCzYL1MwbqzP6elltCQPsaK4XTKGa8faI
OheXA3bDD0kap4JQgj7bsxuA3nQT1ERbmqHsv/kHFU4HMV5rqsuNauw1gkk57qpM
+L9mwQXvIpq4ABStVQTxsoCLfinDWD9rLYWQRJaqSEU6KtKQ6xji3+8s7uCek86K
OqKUl9B/82nq2jEcNfBnNCakQc4asf5wdh8KqF8KZ8r+PI10JoJQjwpEs/PMB/b+
sMuqOydB832/ACyi/+8cuzc+Q58FkmbFVb2EOF9ohSlYFdFrJIYalwtX1utIvcey
VzME4Csk7I50I5NIpbDT32bYpKRDd2noSB6gwEI7yxvLdxydkg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----

95
nginx/nginx-dev/nginx-dev.conf
View File

@ -12,6 +12,25 @@ http {
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name swarmpit.develop.sprinthub.ru;
ssl_certificate /etc/nginx/fullchain.pem;
ssl_certificate_key /etc/nginx/privkey.pem;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-refferer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
location / {
proxy_pass http://app:8080/;
}
}
server {
listen 80;
server_name rabbitmq.develop.sprinthub.ru;
@ -21,6 +40,25 @@ http {
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name rabbitmq.develop.sprinthub.ru;
ssl_certificate /etc/nginx/fullchain.pem;
ssl_certificate_key /etc/nginx/privkey.pem;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-refferer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
location / {
proxy_pass http://rabbitmq:15672/;
}
}
server {
listen 80;
server_name minio.develop.sprinthub.ru;
@ -30,6 +68,25 @@ http {
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name minio.develop.sprinthub.ru;
ssl_certificate /etc/nginx/fullchain.pem;
ssl_certificate_key /etc/nginx/privkey.pem;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-refferer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
location / {
proxy_pass http://minio:9001/;
}
}
server {
listen 80;
server_name battleship.develop.sprinthub.ru;
@ -39,6 +96,25 @@ http {
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name battleship.develop.sprinthub.ru;
ssl_certificate /etc/nginx/fullchain.pem;
ssl_certificate_key /etc/nginx/privkey.pem;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-refferer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
location / {
proxy_pass http://battleship-nginx:1236/;
}
}
server {
listen 80;
server_name dev.develop.sprinthub.ru;
@ -48,4 +124,23 @@ http {
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name dev.develop.sprinthub.ru;
ssl_certificate /etc/nginx/fullchain.pem;
ssl_certificate_key /etc/nginx/privkey.pem;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-refferer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
location / {
proxy_pass http://sprint-nginx:1235/;
}
}
}

28
nginx/nginx-dev/privkey.pem Executable file
View File

@ -0,0 +1,28 @@
-----BEGIN PRIVATE KEY-----
MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDfxwyifWyZ5MBB
Gj3V2y6HqeOWvIneDRo+m33hHGB7FvUo/yfGu0OzpsEgOwiuKHHre/2Xy1oxki0i
VV9ANmHYuk7rgBQxJn0MN1suvq2JUq4X6uy9nr9aC7/0B9QbqQB9+tiGJbPEoPV+
p5Mqk86s+semJfLlDRvFT1mdETErbuAi2ei90NUZ8Oa8UWYny3AdVswBHYzdULCr
zHlr7y+Bju0xJ5isDQwVeslw02yRhOnSiTsFvrhcaDysBs+8APXgFiRPLNea289m
fznm5883h2FnH/P+3K71jGWkIC9K0hL12Umw1wMfTvw0PDdn6XP3NA0ivkixgIUD
u8WIHxBNAgMBAAECggEAUey0gnR6ouitPehWhQmmQkJ/MLs7mhCf8BXLAvP5mnaw
MF8hd88tHQNKpvsV1XS3KCgPklf/YDCM14n7wi1mqwqiQ/Ny8P+PPj6x4i4qqCCd
3eHC5DTPBy9QCg4nqCy6ImUIiiwZYT4wQjslVKwiOQ/iscAo6ZRf+19uhmM55hUV
Agh+LKiQvvEB2167d3Q1/TF228i8vatG0qM4mOqsu0aEFHAciMusaIzgB7KvZJBF
2Tz0NDPT9WjDOF3l2chXdIDZo22bEVDNuGtZdJiC7o8KcKbQZM44MEn3wsd345Vc
4zYMPEgqJl41rZP2BxquafRE/KeGOUgVZcfThTRrnQKBgQD7RQ8eBEThzSBfMlrk
1QgfLXEqkoU2u0zMFUvH3pXMRSQp37cwWUqk7AXlqxM3+y7Uvoopth+URxrm2G1R
paT2jsIs23nS+uHqhNBoELmXNqoiLttSv23uAGo6yiyggFH33L5zZdVdpOzO/35B
OKYHeE514QuA8ecflMBxYlv0NwKBgQDj/X9VP7jP/7/YFL/FXMvFxwxZxWigU4Bf
Oi04rDl/2lZ51fofZXYXLcvSJooWW2va3nfbAAvM3aw/NIs+/VunQvwLzpI5e9w+
C+nCyDxJXMNqWa7hCSjbKDf8jtKyylD7q2ClCavNrRUbuHQhiQVJxPq0+8NfgbuI
QtliimvlmwKBgE30AtihIm2bIevmx2Qu4zIo+u7mPgXY3d6CzNvZJkgVOz7ydPa+
/PVlc/7osDGx77l404xVQD7UQHhVtLSb2y3S5FLeVFEsHGKRicZ/SdSr1OR9/PUT
BpvL7SkICAhTRxrKlRtgAG3o+L7PbO/3DytKG61egB8k7TtS/tEuXrDJAoGATWyZ
AWpSaNCBZfAl7/BDgzbFivbvQQMaZTxsfwJ9xF1xYI66Ek9yewyiWwubeVwylHFY
YpbxavEcvZoqb4m6xmKJFblhDwRxFuEU0YEOeBt4gXVTXjiuFz7hRHN8OhtaxRy+
BU3zejV9JZzOU1Uk5phuS2f0QUrdVLje+gfn/GECgYAVHT1FClfCSURx47WaBd0H
3WSsB+ewJAjY7GZTmgs/M9MXOqUAtpi0OPWw1+GVdHs05DlHz0/WSR/fjx/opmqa
aGFq/K8yZmwCAKtrbEimDDattFQy86ehZ3Ec6n1h2n6uxeH95sTypZkyFn53TRJu
Z8SSd/sHS820RDRLj8Oh6w==
-----END PRIVATE KEY-----

4
nginx/nginx-prod/Dockerfile
View File

@ -1,2 +1,4 @@
FROM nginx
COPY ./nginx-prod.conf /etc/nginx/nginx.conf
COPY ./nginx-prod.conf /etc/nginx/nginx.conf
COPY ./privkey.pem /etc/nginx/privkey.pem
COPY ./fullchain.pem /etc/nginx/fullchain.pem