Certbot test

2024-06-02 19:04:49 +12:00 · 2020-02-19 00:13:18 +02:00 · 2020-02-19 00:13:18 +02:00 · dd85077142
parent f5497285c3
commit dd85077142
3 changed files with 26 additions and 5 deletions
--- a/4
+++ b/4
@ -78,9 +78,11 @@ RUN \
  apt-get update && \
  apt-get install -y --no-install-recommends --no-install-suggests wget curl ca-certificates software-properties-common openssl gnupg && \
  LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php && \
+  add-apt-repository universe && \
+  add-apt-repository ppa:certbot/certbot && \
  apt-get update && \
  apt-get install -y --no-install-recommends --no-install-suggests htop supervisor php$PHP_VERSION php$PHP_VERSION-fpm \
-  php$PHP_VERSION-mysqlnd php$PHP_VERSION-curl php$PHP_VERSION-imagick php$PHP_VERSION-mbstring php$PHP_VERSION-dom webp && \
+  php$PHP_VERSION-mysqlnd php$PHP_VERSION-curl php$PHP_VERSION-imagick php$PHP_VERSION-mbstring php$PHP_VERSION-dom webp certbot && \
  # Nginx
  echo "deb http://nginx.org/packages/mainline/ubuntu/ bionic nginx" >> /etc/apt/sources.list.d/nginx.list && \
  wget -q http://nginx.org/keys/nginx_signing.key && \
--- a/app/app.php
+++ b/app/app.php
@ -358,6 +358,28 @@ $utopia->get('/humans.txt')
        }
    );

+$utopia->get('/.well-known/acme-challenge')
+    ->desc('SSL Verification')
+    ->label('scope', 'public')
+    ->label('docs', false)
+    ->action(
+        function () use ($request, $response) {
+            $base = realpath(__DIR__.'/../certs');
+            $path = str_replace('/.well-known/acme-challenge/', '', $request->getParam('q'));
+            $absolute = realpath($base.'/'.$path);
+
+            if(!$absolute) {
+                throw new Exception('Unknown Path', 404);
+            }
+
+            if(!substr($absolute, 0, strlen($base)) === $base) {
+                throw new Exception('Invalid Path', 401);
+            }
+
+            $response->text(file_get_contents($absolute));
+        }
+    );
+
 $utopia->get('/v1/info') // This is only visible to gods
    ->label('scope', 'god')
    ->label('docs', false)
--- a/docker/nginx.conf
+++ b/docker/nginx.conf
@ -116,14 +116,12 @@ http {
    	#error_page 404 /404.html;

    	# redirect server error pages to the static page /50x.html
-    	#
    	error_page 500 502 503 504 /50x.html;
    	location = /50x.html {
    		root /usr/share/nginx/html;
    	}

    	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
-    	#
    	location ~ \.php$ {
 			try_files $uri =404;
    		fastcgi_split_path_info ^(.+\.php)(/.+)$;
@ -139,8 +137,7 @@ http {
    	}

    	# deny access to . files, for security
-    	#
-    	location ~ /\. {
+		location ~ /\.(?!well-known).* {
            #log_not_found off;
            deny all;
    	}