From 5793e735b6c6375bdd870654536f242753eaaa5d Mon Sep 17 00:00:00 2001 From: Administrator Date: Mon, 5 Sep 2022 19:18:35 +0300 Subject: [PATCH] ssl --- .deploy-infra/deploy-dev.yaml | 19 ++++++- .deploy-infra/deploy-prod.yaml | 18 +++++++ .gitlab-ci.yml | 4 ++ nginx/nginx-prod/privkey.pem | 28 ---------- ssl/ssl-dev/Dockerfile | 4 ++ .../nginx-prod => ssl/ssl-dev}/fullchain.pem | 54 +++++++++---------- ssl/ssl-dev/nginx-dev.conf | 34 ++++++++++++ ssl/ssl-dev/privkey.pem | 28 ++++++++++ ssl/ssl-prod/Dockerfile | 4 ++ .../nginx-dev => ssl/ssl-prod}/fullchain.pem | 0 ssl/ssl-prod/nginx-prod.conf | 34 ++++++++++++ {nginx/nginx-dev => ssl/ssl-prod}/privkey.pem | 0 12 files changed, 170 insertions(+), 57 deletions(-) delete mode 100644 nginx/nginx-prod/privkey.pem create mode 100644 ssl/ssl-dev/Dockerfile rename {nginx/nginx-prod => ssl/ssl-dev}/fullchain.pem (69%) create mode 100644 ssl/ssl-dev/nginx-dev.conf create mode 100755 ssl/ssl-dev/privkey.pem create mode 100644 ssl/ssl-prod/Dockerfile rename {nginx/nginx-dev => ssl/ssl-prod}/fullchain.pem (100%) create mode 100644 ssl/ssl-prod/nginx-prod.conf rename {nginx/nginx-dev => ssl/ssl-prod}/privkey.pem (100%) diff --git a/.deploy-infra/deploy-dev.yaml b/.deploy-infra/deploy-dev.yaml index 3e93b04..d22f4c2 100644 --- a/.deploy-infra/deploy-dev.yaml +++ b/.deploy-infra/deploy-dev.yaml @@ -1,11 +1,26 @@ version: "3.6" services: - nginx: - image: mathwave/sprint-repo:sprint-infra-nginx-dev + ssl: + image: mathwave/sprint-repo:sprint-infra-ssl-dev ports: - "80:80" - "443:443" + networks: + - net + deploy: + mode: replicated + replicas: 1 + restart_policy: + condition: any + placement: + constraints: [node.role == manager] + update_config: + parallelism: 1 + order: start-first + + nginx: + image: mathwave/sprint-repo:sprint-infra-nginx-dev networks: - net - battleship-nginx diff --git a/.deploy-infra/deploy-prod.yaml b/.deploy-infra/deploy-prod.yaml index bdbff32..c83c3d0 100644 --- a/.deploy-infra/deploy-prod.yaml +++ b/.deploy-infra/deploy-prod.yaml @@ -1,6 +1,24 @@ version: "3.6" services: + ssl: + image: mathwave/sprint-repo:sprint-infra-ssl-prod + ports: + - "80:80" + - "443:443" + networks: + - net + deploy: + mode: replicated + replicas: 1 + restart_policy: + condition: any + placement: + constraints: [node.role == manager] + update_config: + parallelism: 1 + order: start-first + nginx: image: mathwave/sprint-repo:sprint-infra-nginx-prod ports: diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1c4cad4..987955a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -19,6 +19,10 @@ build: - docker push mathwave/sprint-repo:sprint-infra-nginx-dev - docker build -t mathwave/sprint-repo:sprint-infra-nginx-prod nginx/nginx-prod - docker push mathwave/sprint-repo:sprint-infra-nginx-prod + - docker build -t mathwave/sprint-repo:sprint-infra-ssl-dev ssl/ssl-dev + - docker push mathwave/sprint-repo:sprint-infra-ssl-dev + - docker build -t mathwave/sprint-repo:sprint-infra-ssl-prod ssl/ssl-prod + - docker push mathwave/sprint-repo:sprint-infra-ssl-prod deploy-dev: stage: deploy-dev diff --git a/nginx/nginx-prod/privkey.pem b/nginx/nginx-prod/privkey.pem deleted file mode 100644 index 7121ece..0000000 --- a/nginx/nginx-prod/privkey.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQC8+Qc4BhJJBxjZ -qKeKD7zz8VmTIL3GurdnieZWcsEAlYo3tnRd0ufk+I4yl3eXrCzBmIbBwTrMC3FQ -IspTi2xhsxoYBLwPYNDyLUg1txj+k6aCbo58ZgqdsesiZeZJ8dA7j/QmHQzbS4Ne -5wkk2XspGMuxsC3maLWo2guEz91l+owWdHU+fOIxKtJ9H6R0+3hK3c8j5Wcz9UcK -rHQ/utgsZo0eU/fQ4GvoDb+5p1g14lsHoLn5bJ5mp1nKAp6zN9Hc8J4xmi4Q9fSV -gbggI2D7fTV/Wap5qUanHnJZ9NciNPa7W8baRxkrPX34sXI4MCZi3gifQbxOm777 -AC6KFwKNAgMBAAECggEAaC9Tz4tpYWHMTZQyameq4UNbA0a12m7u1uKsX1T9G3lW -rsik92Vj/FUc8L+Za8G9Gy8gfIowBHb6jhfgPJdNtb+szzktBb129U4J1bOQ0CpP -TvHtFKCdkbuZy2kqwfHTwELpdGnnwK+tShFOdUaCJHJLOzfK1pE8Nk+gsiR4B9Ra -LrRxf+ab2NyrLnb4cee13aPjK/UKrhiSb7NLtMTVSqh1w+ylt19vxPgOCMPRHlMJ -xn+KVZolvC78R65JW9fr43AT0n8lJI1sqpI+rQ6cy+WjX9NE/WhNGCjjR5gG5fKQ -auP13SoD1SMnSPFoKyxph6HyKyUkHIlxE7ElrOAR8QKBgQD42mLKyVGVdf3a45Qg -2Lpg7FVpW5kEt4zFdBdRDEcuDZblcQ0wbdFm+3csqRsWnad94LcFjO/JhrE2faI6 -CWxZUocwwdx83r99tmg+Io+VZRJ6CoMyat14lNBs4D7IaXqkJ/hueHztNZn/H38I -crFikcv4Keg/86XtcfaHgxRuUwKBgQDCZmQipb55UIbObVjK0uwLANObi6XsDpgO -zqC7pOxor4ioscP5xrlhVvrSbaImbeNY/T412M09AoDjy/KJt7Nwo2FMixGN6hFi -5DViE3m1dtQNApQPtAMi5DWCw/ff+Vy5slVPs6qX4uJoknQ9hx0R84INpRu1a9cV -/3xAeh3vnwKBgQDCyCUltvhNtYJSr2lFYH5Z2QJtqg2WnJjqAJkzjhm02VwwERIS -wxJxugipA2A5joMISzjWdl9F7VCOZz3wkWmmbKt2pXcQokVef8UORXz/oZIZxlq0 -vuLFPC372nYp5i3hiYux5EtcXGVCRQPot+VSUu5FO4AXdn184oPlw9rdEwKBgQC2 -/qOsadFPaZo8n3pCEyLXiMOpXF+oQmSpK6Dqgml4ciR2iEAu0/6VvscFZuaIvlCQ -6HKzRY6Nq9mglc+ODDsCAQoKf67apEgRizklRagARgd+57pwvcdmBOTKX6bqU1YS -B+l+yWYA7DassZByism2qD74kT/wG7+wmXthRpL/iQKBgAgtaYcKHGuqHWy2PX4b -YzZliERnkn92Ysl0AtMRYmGgmtt4lMHejVK2v+U93zw5w8oMzAOGcYcZnBW84Y05 -HxHm0yA8ndNWTiOk1oDNcKUgTB6pfMux4fBbziByhAOOGZbfcsE/3QnomZeegulk -gIh/LulnrTzQWJ/XcwzI3Jic ------END PRIVATE KEY----- diff --git a/ssl/ssl-dev/Dockerfile b/ssl/ssl-dev/Dockerfile new file mode 100644 index 0000000..9207009 --- /dev/null +++ b/ssl/ssl-dev/Dockerfile @@ -0,0 +1,4 @@ +FROM nginx +COPY ./nginx-dev.conf /etc/nginx/nginx.conf +COPY ./privkey.pem /etc/nginx/privkey.pem +COPY ./fullchain.pem /etc/nginx/fullchain.pem \ No newline at end of file diff --git a/nginx/nginx-prod/fullchain.pem b/ssl/ssl-dev/fullchain.pem similarity index 69% rename from nginx/nginx-prod/fullchain.pem rename to ssl/ssl-dev/fullchain.pem index 195d504..5b13dad 100644 --- a/nginx/nginx-prod/fullchain.pem +++ b/ssl/ssl-dev/fullchain.pem @@ -1,32 +1,32 @@ -----BEGIN CERTIFICATE----- -MIIFIjCCBAqgAwIBAgISBEHkox8LkkM+/1MvLy38wPTNMA0GCSqGSIb3DQEBCwUA +MIIFMTCCBBmgAwIBAgISBJgd3mowGlIiuVJYGYl+KutHMA0GCSqGSIb3DQEBCwUA MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD -EwJSMzAeFw0yMjA4MzAxNjM1MTVaFw0yMjExMjgxNjM1MTRaMBkxFzAVBgNVBAMM -Diouc3ByaW50aHViLnJ1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA -vPkHOAYSSQcY2ainig+88/FZkyC9xrq3Z4nmVnLBAJWKN7Z0XdLn5PiOMpd3l6ws -wZiGwcE6zAtxUCLKU4tsYbMaGAS8D2DQ8i1INbcY/pOmgm6OfGYKnbHrImXmSfHQ -O4/0Jh0M20uDXucJJNl7KRjLsbAt5mi1qNoLhM/dZfqMFnR1PnziMSrSfR+kdPt4 -St3PI+VnM/VHCqx0P7rYLGaNHlP30OBr6A2/uadYNeJbB6C5+WyeZqdZygKeszfR -3PCeMZouEPX0lYG4ICNg+301f1mqealGpx5yWfTXIjT2u1vG2kcZKz19+LFyODAm -Yt4In0G8Tpu++wAuihcCjQIDAQABo4ICSTCCAkUwDgYDVR0PAQH/BAQDAgWgMB0G -A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1Ud -DgQWBBRfNprTyB3Sf/URUsJCafiKlpRnAjAfBgNVHSMEGDAWgBQULrMXt1hWy65Q -CUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9y -My5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3Jn -LzAZBgNVHREEEjAQgg4qLnNwcmludGh1Yi5ydTBMBgNVHSAERTBDMAgGBmeBDAEC -ATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNl -bmNyeXB0Lm9yZzCCAQQGCisGAQQB1nkCBAIEgfUEgfIA8AB2ACl5vvCeOTkh8FZz -n2Old+W+V32cYAr4+U1dJlwlXceEAAABgu/SVT4AAAQDAEcwRQIhAObRl/xR4xx7 -dJVl+S7jp9bDSQFYF9s2ED4FCmClggKpAiB1Zq9cevxvs0r9xW6+0RIH09aP+ncr -ukTwiIVtQpc34AB2AN+lXqtogk8fbK3uuF9OPlrqzaISpGpejjsSwCBEXCpzAAAB -gu/SVz4AAAQDAEcwRQIhAPtY74N+QgT0Wdy66Tqg6x6GQKrvYyvRadXS8TBiO9Da -AiAFohkEDYv8nwZh5EcxCuKQqM6HUkfXd0TebUs2o1ZVvTANBgkqhkiG9w0BAQsF -AAOCAQEAuss4/CIzVk51fRH7sRS1SbAHbZZq7bu7fS7I7U+tBj1vyG+4dcTqVIp/ -t/dPQx4SRW4DmjDlmQMsI6Ua05bp0F/44JXqSNUXK3GuWYiCnVJm76Pd24tN6G3b -7U/SCnsTlqTDXbEMHqIucqj4dp1rJNonjkZ4l4oIM8rUyjt8k6eYUBCzKiF7fdQP -usU5XAwOEOyBf0dfp2pc+Yxo5XfuMEH42Ujxp9aQwyD1LCkfQ5tGuHgCw5NXwQuW -iyZCHtHFihy0cV/Z2RzSvjWVHwc+S9kKgR9znGnfHihIOaXUcYngrQLzIdgRodX2 -3RONoGlh4DfSMQEzRcoFGXTQwhQP1A== +EwJSMzAeFw0yMjA5MDUxNDUxMjZaFw0yMjEyMDQxNDUxMjVaMCExHzAdBgNVBAMM +FiouZGV2ZWxvcC5zcHJpbnRodWIucnUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw +ggEKAoIBAQDfxwyifWyZ5MBBGj3V2y6HqeOWvIneDRo+m33hHGB7FvUo/yfGu0Oz +psEgOwiuKHHre/2Xy1oxki0iVV9ANmHYuk7rgBQxJn0MN1suvq2JUq4X6uy9nr9a +C7/0B9QbqQB9+tiGJbPEoPV+p5Mqk86s+semJfLlDRvFT1mdETErbuAi2ei90NUZ +8Oa8UWYny3AdVswBHYzdULCrzHlr7y+Bju0xJ5isDQwVeslw02yRhOnSiTsFvrhc +aDysBs+8APXgFiRPLNea289mfznm5883h2FnH/P+3K71jGWkIC9K0hL12Umw1wMf +Tvw0PDdn6XP3NA0ivkixgIUDu8WIHxBNAgMBAAGjggJQMIICTDAOBgNVHQ8BAf8E +BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQC +MAAwHQYDVR0OBBYEFIEqTa4VQLAvVMinVGrIKzb4BSsMMB8GA1UdIwQYMBaAFBQu +sxe3WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYV +aHR0cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5s +ZW5jci5vcmcvMCEGA1UdEQQaMBiCFiouZGV2ZWxvcC5zcHJpbnRodWIucnUwTAYD +VR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYa +aHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHx +AO8AdQBByMqx3yJGShDGoToJQodeTjGLGwPr60vHaPCQYpYG9gAAAYMOWXPFAAAE +AwBGMEQCID3S1Vt0TzBKDoxfS56HkVQjzdpCeuy11rkjuVPQPcc2AiAQvDszF3k7 +VdKvu8twSfKSfU2Ppu9MCCBEwcNWhznexAB2ACl5vvCeOTkh8FZzn2Old+W+V32c +YAr4+U1dJlwlXceEAAABgw5Zc6QAAAQDAEcwRQIgQM/VQGeG4G2tgqGWVu32wm3T +izo3yLCD8Lm3YOAAxA8CIQDZBI/+87wqZ7IpIfbENJaZ7FIw/qbGnTy4A1wtNNG4 +kTANBgkqhkiG9w0BAQsFAAOCAQEAdVXjCzYL1MwbqzP6elltCQPsaK4XTKGa8faI +OheXA3bDD0kap4JQgj7bsxuA3nQT1ERbmqHsv/kHFU4HMV5rqsuNauw1gkk57qpM ++L9mwQXvIpq4ABStVQTxsoCLfinDWD9rLYWQRJaqSEU6KtKQ6xji3+8s7uCek86K +OqKUl9B/82nq2jEcNfBnNCakQc4asf5wdh8KqF8KZ8r+PI10JoJQjwpEs/PMB/b+ +sMuqOydB832/ACyi/+8cuzc+Q58FkmbFVb2EOF9ohSlYFdFrJIYalwtX1utIvcey +VzME4Csk7I50I5NIpbDT32bYpKRDd2noSB6gwEI7yxvLdxydkg== -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw diff --git a/ssl/ssl-dev/nginx-dev.conf b/ssl/ssl-dev/nginx-dev.conf new file mode 100644 index 0000000..d4a0163 --- /dev/null +++ b/ssl/ssl-dev/nginx-dev.conf @@ -0,0 +1,34 @@ +events {} + +http { + client_max_body_size 50m; + + server { + listen 80; + server_name *.develop.sprinthub.ru; + + location / { + proxy_pass http://nginx:80/; + } + } + + server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name *.develop.sprinthub.ru; + + ssl_certificate /etc/nginx/fullchain.pem; + ssl_certificate_key /etc/nginx/privkey.pem; + + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options "nosniff" always; + add_header Referrer-Policy "no-refferer-when-downgrade" always; + add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; + + location / { + proxy_pass http://nginx:80/; + } + } + +} \ No newline at end of file diff --git a/ssl/ssl-dev/privkey.pem b/ssl/ssl-dev/privkey.pem new file mode 100755 index 0000000..34d3406 --- /dev/null +++ b/ssl/ssl-dev/privkey.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQDfxwyifWyZ5MBB +Gj3V2y6HqeOWvIneDRo+m33hHGB7FvUo/yfGu0OzpsEgOwiuKHHre/2Xy1oxki0i +VV9ANmHYuk7rgBQxJn0MN1suvq2JUq4X6uy9nr9aC7/0B9QbqQB9+tiGJbPEoPV+ +p5Mqk86s+semJfLlDRvFT1mdETErbuAi2ei90NUZ8Oa8UWYny3AdVswBHYzdULCr +zHlr7y+Bju0xJ5isDQwVeslw02yRhOnSiTsFvrhcaDysBs+8APXgFiRPLNea289m +fznm5883h2FnH/P+3K71jGWkIC9K0hL12Umw1wMfTvw0PDdn6XP3NA0ivkixgIUD +u8WIHxBNAgMBAAECggEAUey0gnR6ouitPehWhQmmQkJ/MLs7mhCf8BXLAvP5mnaw +MF8hd88tHQNKpvsV1XS3KCgPklf/YDCM14n7wi1mqwqiQ/Ny8P+PPj6x4i4qqCCd +3eHC5DTPBy9QCg4nqCy6ImUIiiwZYT4wQjslVKwiOQ/iscAo6ZRf+19uhmM55hUV +Agh+LKiQvvEB2167d3Q1/TF228i8vatG0qM4mOqsu0aEFHAciMusaIzgB7KvZJBF +2Tz0NDPT9WjDOF3l2chXdIDZo22bEVDNuGtZdJiC7o8KcKbQZM44MEn3wsd345Vc +4zYMPEgqJl41rZP2BxquafRE/KeGOUgVZcfThTRrnQKBgQD7RQ8eBEThzSBfMlrk +1QgfLXEqkoU2u0zMFUvH3pXMRSQp37cwWUqk7AXlqxM3+y7Uvoopth+URxrm2G1R +paT2jsIs23nS+uHqhNBoELmXNqoiLttSv23uAGo6yiyggFH33L5zZdVdpOzO/35B +OKYHeE514QuA8ecflMBxYlv0NwKBgQDj/X9VP7jP/7/YFL/FXMvFxwxZxWigU4Bf +Oi04rDl/2lZ51fofZXYXLcvSJooWW2va3nfbAAvM3aw/NIs+/VunQvwLzpI5e9w+ +C+nCyDxJXMNqWa7hCSjbKDf8jtKyylD7q2ClCavNrRUbuHQhiQVJxPq0+8NfgbuI +QtliimvlmwKBgE30AtihIm2bIevmx2Qu4zIo+u7mPgXY3d6CzNvZJkgVOz7ydPa+ +/PVlc/7osDGx77l404xVQD7UQHhVtLSb2y3S5FLeVFEsHGKRicZ/SdSr1OR9/PUT +BpvL7SkICAhTRxrKlRtgAG3o+L7PbO/3DytKG61egB8k7TtS/tEuXrDJAoGATWyZ +AWpSaNCBZfAl7/BDgzbFivbvQQMaZTxsfwJ9xF1xYI66Ek9yewyiWwubeVwylHFY +YpbxavEcvZoqb4m6xmKJFblhDwRxFuEU0YEOeBt4gXVTXjiuFz7hRHN8OhtaxRy+ +BU3zejV9JZzOU1Uk5phuS2f0QUrdVLje+gfn/GECgYAVHT1FClfCSURx47WaBd0H +3WSsB+ewJAjY7GZTmgs/M9MXOqUAtpi0OPWw1+GVdHs05DlHz0/WSR/fjx/opmqa +aGFq/K8yZmwCAKtrbEimDDattFQy86ehZ3Ec6n1h2n6uxeH95sTypZkyFn53TRJu +Z8SSd/sHS820RDRLj8Oh6w== +-----END PRIVATE KEY----- diff --git a/ssl/ssl-prod/Dockerfile b/ssl/ssl-prod/Dockerfile new file mode 100644 index 0000000..30f6009 --- /dev/null +++ b/ssl/ssl-prod/Dockerfile @@ -0,0 +1,4 @@ +FROM nginx +COPY ./nginx-prod.conf /etc/nginx/nginx.conf +COPY ./privkey.pem /etc/nginx/privkey.pem +COPY ./fullchain.pem /etc/nginx/fullchain.pem \ No newline at end of file diff --git a/nginx/nginx-dev/fullchain.pem b/ssl/ssl-prod/fullchain.pem similarity index 100% rename from nginx/nginx-dev/fullchain.pem rename to ssl/ssl-prod/fullchain.pem diff --git a/ssl/ssl-prod/nginx-prod.conf b/ssl/ssl-prod/nginx-prod.conf new file mode 100644 index 0000000..57a670e --- /dev/null +++ b/ssl/ssl-prod/nginx-prod.conf @@ -0,0 +1,34 @@ +events {} + +http { + client_max_body_size 50m; + + server { + listen 80; + server_name *.sprinthub.ru; + + location / { + proxy_pass http://nginx:80/; + } + } + + server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name *.sprinthub.ru; + + ssl_certificate /etc/nginx/fullchain.pem; + ssl_certificate_key /etc/nginx/privkey.pem; + + add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header X-Content-Type-Options "nosniff" always; + add_header Referrer-Policy "no-refferer-when-downgrade" always; + add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always; + + location / { + proxy_pass http://nginx:80/; + } + } + +} \ No newline at end of file diff --git a/nginx/nginx-dev/privkey.pem b/ssl/ssl-prod/privkey.pem similarity index 100% rename from nginx/nginx-dev/privkey.pem rename to ssl/ssl-prod/privkey.pem