mirror of
https://github.com/bookwyrm-social/bookwyrm.git
synced 2024-12-15 04:36:34 +00:00
Merge pull request #719 from mouse-reeve/certbot-install
Certbot install
This commit is contained in:
commit
42ba3753d6
2 changed files with 36 additions and 34 deletions
|
@ -169,13 +169,15 @@ Instructions for running BookWyrm in production:
|
||||||
- Set a secure database password for postgres
|
- Set a secure database password for postgres
|
||||||
- Update your nginx configuration in `nginx/default.conf`
|
- Update your nginx configuration in `nginx/default.conf`
|
||||||
- Replace `your-domain.com` with your domain name
|
- Replace `your-domain.com` with your domain name
|
||||||
|
- If you aren't using the `www` subdomain, remove the www.your-domain.com version of the domain from the `server_name` in the first server block in `nginx/default.conf` and remove the `-d www.${DOMAIN}` flag at the end of the `certbot` command in `docker-compose.yml`.
|
||||||
- If you are running another web-server on your host machine, you will need to follow the [reverse-proxy instructions](#running-bookwyrm-behind-a-reverse-proxy)
|
- If you are running another web-server on your host machine, you will need to follow the [reverse-proxy instructions](#running-bookwyrm-behind-a-reverse-proxy)
|
||||||
- Run the application (this should also set up a Certbot ssl cert for your domain) with
|
- Run the application (this should also set up a Certbot ssl cert for your domain) with
|
||||||
`docker-compose up --build`, and make sure all the images build successfully
|
`docker-compose up --build`, and make sure all the images build successfully
|
||||||
- If you are running other services on your host machine, you may run into errors where services fail when attempting to bind to a port.
|
- If you are running other services on your host machine, you may run into errors where services fail when attempting to bind to a port.
|
||||||
See the [troubleshooting guide](#port-conflicts) for advice on resolving this.
|
See the [troubleshooting guide](#port-conflicts) for advice on resolving this.
|
||||||
- When docker has built successfully, stop the process with `CTRL-C`
|
- When docker has built successfully, stop the process with `CTRL-C`
|
||||||
- Comment out the `command: certonly...` line in `docker-compose.yml`
|
- Comment out the `command: certonly...` line in `docker-compose.yml`, and uncomment the following line (`command: renew ...`) so that the certificate will be automatically renewed.
|
||||||
|
- Uncomment the https redirect and `server` block in `nginx/default.conf` (lines 17-48).
|
||||||
- Run docker-compose in the background with: `docker-compose up -d`
|
- Run docker-compose in the background with: `docker-compose up -d`
|
||||||
- Initialize the database with: `./bw-dev initdb`
|
- Initialize the database with: `./bw-dev initdb`
|
||||||
|
|
||||||
|
|
|
@ -13,39 +13,39 @@ server {
|
||||||
root /var/www/certbot;
|
root /var/www/certbot;
|
||||||
}
|
}
|
||||||
|
|
||||||
# redirect http to https www
|
# redirect http to https
|
||||||
return 301 https://www.your-domain.com$request_uri;
|
# return 301 https://your-domain.com$request_uri;
|
||||||
}
|
# }
|
||||||
|
#
|
||||||
server {
|
# server {
|
||||||
listen [::]:443 ssl http2;
|
# listen [::]:443 ssl http2;
|
||||||
listen 443 ssl http2;
|
# listen 443 ssl http2;
|
||||||
|
#
|
||||||
server_name your-domain.com;
|
# server_name your-domain.com;
|
||||||
|
#
|
||||||
# SSL code
|
# # SSL code
|
||||||
ssl_certificate /etc/nginx/ssl/live/your-domain.com/fullchain.pem;
|
# ssl_certificate /etc/nginx/ssl/live/your-domain.com/fullchain.pem;
|
||||||
ssl_certificate_key /etc/nginx/ssl/live/your-domain.com/privkey.pem;
|
# ssl_certificate_key /etc/nginx/ssl/live/your-domain.com/privkey.pem;
|
||||||
|
#
|
||||||
location ~ /.well-known/acme-challenge {
|
# location ~ /.well-known/acme-challenge {
|
||||||
allow all;
|
# allow all;
|
||||||
root /var/www/certbot;
|
# root /var/www/certbot;
|
||||||
}
|
# }
|
||||||
|
#
|
||||||
location / {
|
# location / {
|
||||||
proxy_pass http://web;
|
# proxy_pass http://web;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header Host $host;
|
# proxy_set_header Host $host;
|
||||||
proxy_redirect off;
|
# proxy_redirect off;
|
||||||
}
|
# }
|
||||||
|
#
|
||||||
location /images/ {
|
# location /images/ {
|
||||||
alias /app/images/;
|
# alias /app/images/;
|
||||||
}
|
# }
|
||||||
|
#
|
||||||
location /static/ {
|
# location /static/ {
|
||||||
alias /app/static/;
|
# alias /app/static/;
|
||||||
}
|
# }
|
||||||
}
|
}
|
||||||
|
|
||||||
# Reverse-Proxy server
|
# Reverse-Proxy server
|
||||||
|
|
Loading…
Reference in a new issue