nginx

Nginx/cloudflare.ini

@@ -0,0 +1,5 @@
+# Cloudflare API credentials used by Certbot
+
+# How to generate API token:
+# https://developers.cloudflare.com/api/tokens/create
+dns_cloudflare_api_token = sdfjuhSDFjkh_sdfjSDFSD3sddjh

Nginx/docker-compose.yaml

@@ -0,0 +1,34 @@
+services:
+  certbot:
+    image: certbot/dns-cloudflare
+    volumes:
+      - ./certs:/etc/letsencrypt
+      - ./cloudflare.ini:/root/cloudflare.ini
+    command: >-
+      certonly --dns-cloudflare
+      --dns-cloudflare-credentials /root/cloudflare.ini
+      --dns-cloudflare-propagation-seconds 15
+      --email your@email.com
+      --agree-tos --no-eff-email
+      -d *.jimsgarage.co.uk
+
+  nginx:
+    image: nginx:latest
+    ports:
+      - "80:80"
+      - "443:443"
+    restart: "always"
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "10m"
+        max-file: "10"
+    volumes:
+      - ./nginx.conf:/etc/nginx/nginx.conf
+      - ./certs:/etc/letsencrypt
+    networks:
+      - nginx-proxy
+
+networks:
+  nginx-proxy:
+    external: true

Nginx/it-tools/docker-compose.yaml

@@ -0,0 +1,13 @@
+services:
+    it-tools:
+        image: 'corentinth/it-tools:latest'
+        #ports:
+        #    - '8080:80'
+        restart: unless-stopped
+        container_name: it-tools
+        networks:
+          - nginx-proxy
+
+networks:
+  nginx-proxy:
+    external: true

Nginx/nginx.conf

@@ -0,0 +1,76 @@
+worker_processes  1;
+
+events {
+  worker_connections  512;
+}
+
+http {
+  server {
+    listen 80;
+
+    root   /usr/share/nginx/html/;
+    index  index.html;
+
+    location / {
+      try_files $uri /index.html index.php;
+    } 
+    
+    ### SSL LetsEncrypt
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    http2 on;
+
+    ssl_certificate /etc/letsencrypt/live/jimsgarage.co.uk/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/jimsgarage.co.uk/privkey.pem;
+
+    ### Create the dhparam file: 
+    ### openssl  dhparam  -out  ssl-dhparams.pem  4096
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:MozSSL:1m;  # about 4000 sessions
+    ssl_session_tickets off;
+
+    # intermediate configuration
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+
+    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+    add_header Strict-Transport-Security "max-age=63072000" always;
+  }
+
+    server {
+    listen 80;
+  
+    server_name it-tools.jimsgarage.co.uk;
+
+    location / {
+      proxy_pass http://it-tools;
+    } 
+    
+    ### SSL LetsEncrypt
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    http2 on;
+
+    ssl_certificate /etc/letsencrypt/live/jimsgarage.co.uk/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/jimsgarage.co.uk/privkey.pem;
+
+    ### Create the dhparam file: 
+    ### openssl  dhparam  -out  ssl-dhparams.pem  4096
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+    ssl_session_timeout 1d;
+    ssl_session_cache shared:MozSSL:1m;  # about 4000 sessions
+    ssl_session_tickets off;
+
+    # intermediate configuration
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+    ssl_prefer_server_ciphers off;
+
+    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
+    add_header Strict-Transport-Security "max-age=63072000" always;
+  }
+}