master #69
@ -20,10 +20,10 @@ for host in hosts:
|
|||||||
server \{
|
server \{
|
||||||
listen 443 ssl http2;
|
listen 443 ssl http2;
|
||||||
listen [::]:443 ssl http2;
|
listen [::]:443 ssl http2;
|
||||||
server_name {0};
|
server_name {host};
|
||||||
|
|
||||||
ssl_certificate /etc/nginx/{0}/fullchain.pem;
|
ssl_certificate /etc/nginx/{host}/fullchain.pem;
|
||||||
ssl_certificate_key /etc/nginx/{0}/privkey.pem;
|
ssl_certificate_key /etc/nginx/{host}/privkey.pem;
|
||||||
|
|
||||||
add_header X-Frame-Options "SAMEORIGIN" always;
|
add_header X-Frame-Options "SAMEORIGIN" always;
|
||||||
add_header X-XSS-Protection "1; mode=block" always;
|
add_header X-XSS-Protection "1; mode=block" always;
|
||||||
@ -32,10 +32,10 @@ for host in hosts:
|
|||||||
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
|
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
|
||||||
|
|
||||||
location / \{
|
location / \{
|
||||||
proxy_pass http://{1}-nginx:1238$request_uri;
|
proxy_pass http://{pre_domain}-nginx:1238$request_uri;
|
||||||
\}
|
\}
|
||||||
\}\n\n
|
\}\n\n
|
||||||
'''.format(host, host.split('.')[0])
|
'''.format(host=host, pre_domain=host.split('.')[0])
|
||||||
fullchain = minio_client.get_object("certupdater", f'certificates/{host}/fullchain.pem')
|
fullchain = minio_client.get_object("certupdater", f'certificates/{host}/fullchain.pem')
|
||||||
privkey = minio_client.get_object("certupdater", f'certificates/{host}/privkey.pem')
|
privkey = minio_client.get_object("certupdater", f'certificates/{host}/privkey.pem')
|
||||||
with open(f"/etc/nginx/{host}/fullchain.pem", 'wb') as fp:
|
with open(f"/etc/nginx/{host}/fullchain.pem", 'wb') as fp:
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
python3 prepare.py
|
python3 prepare.py
|
||||||
nginx -g daemon off;
|
/docker-entrypoint.sh nginx -g daemon off;
|
||||||
Loading…
Reference in New Issue
Block a user