added https

2025-06-02 00:33:19 +01:00
parent 9f6312d40b
commit 077be73b69
5 changed files with 52 additions and 50 deletions
--- a/services/nginx/docker-compose.yaml
+++ b/services/nginx/docker-compose.yaml
@@ -6,7 +6,7 @@ services:
    pull_policy: build
    image: homesrv/nginx:latest
    volumes:
-      - etc_ssl:/etc/ssl
+      - casa-certs:/etc/ssl
    ports:
      - 443:443
      - 80:80
@@ -17,8 +17,12 @@ services:
    restart: unless-stopped
 volumes:
  nginx-conf.d:
-  etc_ssl:
-    name: nginx_etc_ssl 
+  casa-certs:
+    name: casa-certs
+    external: true
+      
+  # etc_ssl:
+  #   name: nginx_etc_ssl 
 networks:
  public:
    name: reverseproxy_public
--- a/services/nginx/docker/nginx.conf.d/default.conf
+++ b/services/nginx/docker/nginx.conf.d/default.conf
@@ -1,44 +0,0 @@
-server {
-    listen       80;
-    server_name  localhost;
-
-    #access_log  /var/log/nginx/host.access.log  main;
-
-    location / {
-        root   /usr/share/nginx/html;
-        index  index.html index.htm;
-    }
-
-    #error_page  404              /404.html;
-
-    # redirect server error pages to the static page /50x.html
-    #
-    error_page   500 502 503 504  /50x.html;
-    location = /50x.html {
-        root   /usr/share/nginx/html;
-    }
-
-    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
-    #
-    #location ~ \.php$ {
-    #    proxy_pass   http://127.0.0.1;
-    #}
-
-    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
-    #
-    #location ~ \.php$ {
-    #    root           html;
-    #    fastcgi_pass   127.0.0.1:9000;
-    #    fastcgi_index  index.php;
-    #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
-    #    include        fastcgi_params;
-    #}
-
-    # deny access to .htaccess files, if Apache's document root
-    # concurs with nginx's one
-    #
-    #location ~ /\.ht {
-    #    deny  all;
-    #}
-}
-
--- a/services/nginx/docker/nginx.conf.d/has.conf
+++ b/services/nginx/docker/nginx.conf.d/has.conf
@@ -4,8 +4,20 @@ map $http_upgrade $connection_upgrade {
 }

 server {
-    listen 80 default_server;
-    proxy_buffering off;
+    listen 80;
+    server_name casa.limbosolutions.com *.casa.limbosolutions.com;
+    return 301 https://has.casa.limbosolutions.com$request_uri;
+}
+
+
+server {
+
+    listen 443 ssl;
+    ssl_certificate /etc/ssl/tls.crt;
+    ssl_certificate_key /etc/ssl/tls.key;
+    ssl_protocols TLSv1.2 TLSv1.3;
+    ssl_ciphers HIGH:!aNULL:!MD5;
+
    location / {
        proxy_pass http://homeassistant-app:80;
        proxy_set_header Host $host;
@@ -15,7 +27,6 @@ server {
        proxy_set_header Connection $connection_upgrade;
    }

-
 }


--- a/services/rclone-certs/docker-compose.yaml
+++ b/services/rclone-certs/docker-compose.yaml
@@ -0,0 +1,24 @@
+version: '3.8'
+
+services:
+  rclone:
+    image: rclone/rclone:latest
+    container_name: rclone
+    environment:
+      - TZ=UTC
+      - RCLONE_CONFIG_S3_TYPE=s3
+      - RCLONE_CONFIG_S3_PROVIDER=SeaweedFS
+      - RCLONE_CONFIG_S3_ACCESS_KEY_ID=${RCLONE_S3_ACCESS_KEY_ID}
+      - RCLONE_CONFIG_S3_SECRET_ACCESS_KEY=${RCLONE_S3_SECRET_ACCESS_KEY}
+      - RCLONE_CONFIG_S3_ENDPOINT=${RCLONE_S3_ENDPOINT}
+      - RCLONE_CONFIG_S3_BUCKET=${RCLONE_S3_BUCKET}
+      
+    volumes:
+      - casa-certs:/certs
+    command: sync s3:/casa.certs /certs
+    restart: no
+volumes:
+  casa-certs:
+    name: casa-certs
+    external: false
+