Merge pull request #243 from yanokwa/fix-certbot

Use stock run_certbot.sh and add required server_name to conf
getodk · Oct 5, 2021 · 9d6b76c · 9d6b76c
2 parents d8a4ee5 + c9e0463
commit 9d6b76c
Show file tree

Hide file tree

Showing 3 changed files with 2 additions and 39 deletions.
diff --git a/files/nginx/odk.conf.template b/files/nginx/odk.conf.template
@@ -1,10 +1,11 @@
 server {
   listen 443 ssl;
+  server_name ${CNAME};
+
   ssl_certificate /etc/${SSL_TYPE}/live/${CNAME}/fullchain.pem;
   ssl_certificate_key /etc/${SSL_TYPE}/live/${CNAME}/privkey.pem;
   ssl_trusted_certificate /etc/${SSL_TYPE}/live/${CNAME}/fullchain.pem;
 
-  # https://ssl-config.mozilla.org/#server=nginx&version=1.17.7&config=intermediate&openssl=1.1.1d&guideline=5.6
   ssl_protocols TLSv1.2 TLSv1.3;
   ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
   ssl_prefer_server_ciphers off;

diff --git a/files/nginx/run_certbot.sh b/files/nginx/run_certbot.sh
diff --git a/nginx.dockerfile b/nginx.dockerfile
@@ -23,7 +23,6 @@ COPY files/local/customssl/*.pem /etc/customssl/live/local/
 COPY files/nginx/default /etc/nginx/sites-enabled/
 COPY files/nginx/inflate_body.lua /usr/share/nginx
 COPY files/nginx/odk.conf.template /usr/share/nginx
-COPY files/nginx/run_certbot.sh /scripts/
 COPY --from=intermediate client/dist/ /usr/share/nginx/html
 COPY --from=intermediate /tmp/version.txt /usr/share/nginx/html/