Certbot test
This commit is contained in:
parent
f5497285c3
commit
dd85077142
|
@ -78,9 +78,11 @@ RUN \
|
|||
apt-get update && \
|
||||
apt-get install -y --no-install-recommends --no-install-suggests wget curl ca-certificates software-properties-common openssl gnupg && \
|
||||
LC_ALL=C.UTF-8 add-apt-repository -y ppa:ondrej/php && \
|
||||
add-apt-repository universe && \
|
||||
add-apt-repository ppa:certbot/certbot && \
|
||||
apt-get update && \
|
||||
apt-get install -y --no-install-recommends --no-install-suggests htop supervisor php$PHP_VERSION php$PHP_VERSION-fpm \
|
||||
php$PHP_VERSION-mysqlnd php$PHP_VERSION-curl php$PHP_VERSION-imagick php$PHP_VERSION-mbstring php$PHP_VERSION-dom webp && \
|
||||
php$PHP_VERSION-mysqlnd php$PHP_VERSION-curl php$PHP_VERSION-imagick php$PHP_VERSION-mbstring php$PHP_VERSION-dom webp certbot && \
|
||||
# Nginx
|
||||
echo "deb http://nginx.org/packages/mainline/ubuntu/ bionic nginx" >> /etc/apt/sources.list.d/nginx.list && \
|
||||
wget -q http://nginx.org/keys/nginx_signing.key && \
|
||||
|
|
22
app/app.php
22
app/app.php
|
@ -358,6 +358,28 @@ $utopia->get('/humans.txt')
|
|||
}
|
||||
);
|
||||
|
||||
$utopia->get('/.well-known/acme-challenge')
|
||||
->desc('SSL Verification')
|
||||
->label('scope', 'public')
|
||||
->label('docs', false)
|
||||
->action(
|
||||
function () use ($request, $response) {
|
||||
$base = realpath(__DIR__.'/../certs');
|
||||
$path = str_replace('/.well-known/acme-challenge/', '', $request->getParam('q'));
|
||||
$absolute = realpath($base.'/'.$path);
|
||||
|
||||
if(!$absolute) {
|
||||
throw new Exception('Unknown Path', 404);
|
||||
}
|
||||
|
||||
if(!substr($absolute, 0, strlen($base)) === $base) {
|
||||
throw new Exception('Invalid Path', 401);
|
||||
}
|
||||
|
||||
$response->text(file_get_contents($absolute));
|
||||
}
|
||||
);
|
||||
|
||||
$utopia->get('/v1/info') // This is only visible to gods
|
||||
->label('scope', 'god')
|
||||
->label('docs', false)
|
||||
|
|
|
@ -116,14 +116,12 @@ http {
|
|||
#error_page 404 /404.html;
|
||||
|
||||
# redirect server error pages to the static page /50x.html
|
||||
#
|
||||
error_page 500 502 503 504 /50x.html;
|
||||
location = /50x.html {
|
||||
root /usr/share/nginx/html;
|
||||
}
|
||||
|
||||
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
|
||||
#
|
||||
location ~ \.php$ {
|
||||
try_files $uri =404;
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
|
@ -139,8 +137,7 @@ http {
|
|||
}
|
||||
|
||||
# deny access to . files, for security
|
||||
#
|
||||
location ~ /\. {
|
||||
location ~ /\.(?!well-known).* {
|
||||
#log_not_found off;
|
||||
deny all;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue