mirrors/bookwyrm
1
0
Fork 1
mirror of https://github.com/bookwyrm-social/bookwyrm.git synced 2024-10-31 22:19:00 +00:00
Code Issues Projects Releases Wiki Activity

Comments out https part of nginx config to certbot can run

Browse source
This commit is contained in:
Mouse Reeve 2021-03-12 14:34:00 -08:00
parent 4bf61e0ef0
commit 28160137d0
2 changed files with 33 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
README.md
View file

@ -174,6 +174,7 @@ Instructions for running BookWyrm in production:
`docker-compose up --build`, and make sure all the images build successfully `docker-compose up --build`, and make sure all the images build successfully
- When docker has built successfully, stop the process with `CTRL-C` - When docker has built successfully, stop the process with `CTRL-C`
- Comment out the `command: certonly...` line in `docker-compose.yml`, and uncomment the following line (`command: renew ...`) so that the certificate will be automatically renewed. - Comment out the `command: certonly...` line in `docker-compose.yml`, and uncomment the following line (`command: renew ...`) so that the certificate will be automatically renewed.
- Uncomment the https redirect and `server` block in `nginx/default.conf` (lines 17-48).
- Run docker-compose in the background with: `docker-compose up -d` - Run docker-compose in the background with: `docker-compose up -d`
- Initialize the database with: `./bw-dev initdb` - Initialize the database with: `./bw-dev initdb`

64
nginx/default.conf
View file

@ -14,36 +14,36 @@ server {
} }
# redirect http to https # redirect http to https
return 301 https://your-domain.com$request_uri; # return 301 https://your-domain.com$request_uri;
} # }
#
server { # server {
listen [::]:443 ssl http2; # listen [::]:443 ssl http2;
listen 443 ssl http2; # listen 443 ssl http2;
#
server_name your-domain.com; # server_name your-domain.com;
#
# SSL code # # SSL code
ssl_certificate /etc/nginx/ssl/live/your-domain.com/fullchain.pem; # ssl_certificate /etc/nginx/ssl/live/your-domain.com/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/your-domain.com/privkey.pem; # ssl_certificate_key /etc/nginx/ssl/live/your-domain.com/privkey.pem;
#
location ~ /.well-known/acme-challenge { # location ~ /.well-known/acme-challenge {
allow all; # allow all;
root /var/www/certbot; # root /var/www/certbot;
} # }
#
location / { # location / {
proxy_pass http://web; # proxy_pass http://web;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host; # proxy_set_header Host $host;
proxy_redirect off; # proxy_redirect off;
} # }
#
location /images/ { # location /images/ {
alias /app/images/; # alias /app/images/;
} # }
#
location /static/ { # location /static/ {
alias /app/static/; # alias /app/static/;
} # }
} }