search

SISheogorath / isso-docker

This repo was moved to a gitlab instance
https://octo.sh/container-library/isso-docker
MIT License
3 stars 7 forks source link

Use isso with SSL #10

Open Zagur opened 6 years ago

Zagur commented 6 years ago

I have created a configuration for NGINX and can create a certificate with SSL.

`server { listen 80; server_name isso.domain.cc;

location /.well-known/ {
            root /var/www/www/isso;
    }

location / {
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   Host      $host;
    proxy_pass         http://127.0.0.1:8080;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/isso.domain.cc/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/isso.domain.cc/privkey.pem; # managed by Certbot
    ssl_session_cache shared:le_nginx_SSL:1m; # managed by Certbot
    ssl_session_timeout 1440m; # managed by Certbot

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # managed by Certbot
    ssl_prefer_server_ciphers on; # managed by Certbot

    ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA"; # managed by Certbot

}`

Then, when deploying with docker the image I can not access through HTTPS.

docker run -d --restart=always --name isso -p 8080:8080 -v /home/isso/data:/data -e ISSO_HOST="https://isso.domain.cc" sheogorath/isso-docker

Any ideas?

SISheogorath commented 6 years ago

Probably because the port in isso is 80 not 8080 :D

So your docker command should look like: docker run -d --restart=always --name isso -p 127.0.0.1:8080:80 -v /home/isso/data:/data -e ISSO_HOST="https://isso.domain.cc" sheogorath/isso-docker

Apart from that, please notice that I switched this image away from GitHub and Docker Hub to Octo.sh and Quay.io.

Zagur commented 6 years ago

Oh shit! Now it works! Sorry.

I'm using the new repository now, but I have a doubt: When I try to use ISSO with SSL, I get an error in Firefox "Access-Control-Allow-Origin". I have been modifying the configuration of NGINX but I can not find a solution. Any idea?

SISheogorath commented 6 years ago

For ISSO_NAME and ISSO_HOST you should use your blog's domain. (blog.example.com)

This is the template I used to run my (disabled comments now and use a static blog)

https://octo.sh/Sheogorath/ansible-infrastructure/blob/master/roles/ghost/templates/docker-compose.yml#L27-47