New SSL Scripts

2020-04-13 21:36:48 -07:00
parent d55355dac5
commit 4e7b834673
8 changed files with 187 additions and 127 deletions
--- a/.ebextensions/02_nginx.config
+++ b/.ebextensions/02_nginx.config
@@ -0,0 +1,105 @@
+files:
+  "/etc/nginx/nginx.pre":
+    mode: "000644"
+    owner: root
+    group: root
+    content: |
+      user nginx;
+      worker_processes auto;
+      error_log /var/log/nginx/error.log;
+      pid /var/run/nginx.pid;
+
+      events {
+        worker_connections  1024;
+      }
+
+      http {
+        port_in_redirect off;
+        default_type application/octet-stream;
+
+        log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+                        '$status $body_bytes_sent "$http_referer" '
+                        '"$http_user_agent" "$http_x_forwarded_for"';
+
+        log_format healthd '$msec"$uri"$status"$request_time"$upstream_response_time"$http_x_forwarded_for';
+
+        access_log /var/log/nginx/access.log  main;
+        sendfile on;
+        keepalive_timeout 65;
+
+        include /etc/nginx/mime.types;
+        include /etc/nginx/conf.d/*.conf;
+      }
+
+  "/etc/nginx/conf.d/http_custom.conf":
+    mode: "000644"
+    owner: root
+    group: root
+    content: |
+      server {
+        listen 8080;
+
+        location ~ /.well-known/  {
+          root /var/www/letsencrypt/;
+        }
+
+        location / {
+          return 301 https://$host$request_uri;
+        }
+      }
+
+  "/etc/nginx/conf.d/https_custom.pre":
+    mode: "000644"
+    owner: root
+    group: root
+    content: |
+      upstream nodejs {
+          server 127.0.0.1:5000;
+          keepalive 256;
+      }
+      server {
+        listen 443 ssl default;
+        server_name localhost;
+        error_page 497 https://$host$request_uri;
+
+        if ($time_iso8601 ~ "^(\d{4})-(\d{2})-(\d{2})T(\d{2})") {
+          set $year $1;
+          set $month $2;
+          set $day $3;
+          set $hour $4;
+        }
+
+        access_log /var/log/nginx/healthd/application.log.$year-$month-$day-$hour healthd;
+        access_log /var/log/nginx/access.log main;
+
+        location / {
+            proxy_pass http://nodejs;
+            proxy_set_header Connection "";
+            proxy_http_version 1.1;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "Upgrade";
+        }
+
+        gzip on;
+        gzip_comp_level 4;
+        gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+        ssl_certificate /etc/letsencrypt/live/ebcert/fullchain.pem;
+        ssl_certificate_key /etc/letsencrypt/live/ebcert/privkey.pem;
+        ssl_session_timeout 5m;
+        ssl_protocols TLSv1.1 TLSv1.2;
+        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+        ssl_prefer_server_ciphers on;
+
+        if ($host ~* ^www\.(.*)) {
+          set $host_without_www $1;
+          rewrite ^(.*) https://$host_without_www$1 permanent;
+        }
+
+        if ($ssl_protocol = "") {
+          rewrite ^ https://$host$request_uri? permanent;
+        }
+      }