From 721762f5bb12bacf921833925a24d4dce7f22908 Mon Sep 17 00:00:00 2001 From: status404 Date: Tue, 22 Aug 2023 16:54:53 +0300 Subject: [PATCH] Docker fix --- docker/Dockerfile | 8 +- docker/README.md | 2 +- docker/bitdeals.asc | 0 docker/entrypoint.sh | 366 ++++++++++++++++++++++++------------------- docker/nginx.conf | 22 +-- 5 files changed, 208 insertions(+), 190 deletions(-) create mode 100644 docker/bitdeals.asc diff --git a/docker/Dockerfile b/docker/Dockerfile index 37b7385..9cdfb7e 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -19,17 +19,13 @@ ARG DEBIAN_FRONTEND="noninteractive" \ DEBCONF_NOWARNINGS="yes" RUN apt-get update -y ; \ apt-get upgrade -y ; \ - apt-get -y install --no-install-recommends locales jq moreutils; \ + apt-get -y install --no-install-recommends locales tzdata jq moreutils; \ apt-get -y install --no-install-recommends gpg gpg-agent ; \ apt-get -y install --no-install-recommends nginx ; \ apt-get -y install --no-install-recommends openssl ca-certificates ; \ apt-get clean ; \ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* -## Generate UTF-8 locales -RUN sed -i '/\.UTF-8/s/^# //g' /etc/locale.gen; \ - locale-gen - ## Add the Module user ARG UNAME ARG UHOME @@ -110,7 +106,7 @@ COPY --from=development /usr/sbin/dm /usr/sbin/dm COPY --from=development /etc/init.d/dm /etc/init.d/dm COPY --from=development --chown=www-data:www-data $UHOME/web-build/build /var/www/web COPY --from=development --chown=$UNAME:$UNAME $UHOME/apostol-dm/docker/bitdeals-testnet.asc /etc/dm/bitdeals-testnet.asc -#COPY --from=development --chown=$UNAME:$UNAME $UHOME/apostol-dm/docker/bitdeals.asc /etc/dm/bitdeals.asc +COPY --from=development --chown=$UNAME:$UNAME $UHOME/apostol-dm/docker/bitdeals.asc /etc/dm/bitdeals.asc COPY --from=development $UHOME/apostol-dm/docker/entrypoint.sh /entrypoint.sh COPY nginx.conf /etc/nginx/sites-enabled/default diff --git a/docker/README.md b/docker/README.md index 8874a72..eedb3d1 100644 --- a/docker/README.md +++ b/docker/README.md @@ -33,7 +33,7 @@ services: - | DM_PGP_SEC= -----BEGIN PGP PRIVATE KEY BLOCK----- - + -----END PGP PRIVATE KEY BLOCK----- volumes: diff --git a/docker/bitdeals.asc b/docker/bitdeals.asc new file mode 100644 index 0000000..e69de29 diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh index 7475b0b..2eafcb4 100755 --- a/docker/entrypoint.sh +++ b/docker/entrypoint.sh @@ -3,7 +3,7 @@ ## ## BitDeals Module configuration helper script for Docker Container. ## It writes an Environment variables to the daemon config files. -## And can generate a Bitcoing and PGP key filies at first start. +## And can generate a Bitcoin and PGP key filies at first start. ## ## Web app requires the dmHost address should be accessable from your browser @@ -14,7 +14,7 @@ DM_TESTNET=${DM_TESTNET:-0} ## Daemon config files CONF_FILES=$(find /etc/dm/ -type f -name "*.conf" -not -name "default.conf") BITDEALS_PGP_FILE="/etc/dm/bitdeals.asc" -BITDEALS_TEST_PGP_FILE="/etc/dm/bitdeals-testnet.asc" +BITDEALS_TESTNET_PGP_FILE="/etc/dm/bitdeals-testnet.asc" PGP_SEC_FILE="$UHOME/pgp-key.sec" BX_CONF_FILE="/usr/local/etc/libbitcoin/bx.cfg" WEB_CONF_FILE="/var/www/web/config.js" @@ -25,179 +25,217 @@ WEB_KEY="$UHOME/ssl-privkey.pem" WEB_DH="/etc/ssl/dhparam.pem" BITCOIN_KEYS_BACKUP="$UHOME/bitcoin.backup_and_remove" -#variable for tput color output +## Variable for tput color output export TERM=xterm -## Write a default variables to dm config -sed -i -e "/\[main\]/,/\[/ s/.*user=.*/user=$UNAME/" \ - -e "/\[main\]/,/\[/ s/.*group=.*/group=$UNAME/" \ - -e "/\[daemon\]/,/\[/ s/.*daemon=.*/daemon=false/" \ - -e "/\[server\]/,/\[/ s/.*listen=.*/listen=0.0.0.0/" \ - -e "/\[server\]/,/\[/ s/.*port=.*/port=4999/" $CONF_FILES +set_locale() +{ + ## Setup locale + if [ "$DM_LC_ALL" ]; then + export LC_ALL="$DM_LC_ALL" + update-locale + fi + + ## Setup Timezone + if [ "$DM_TZ" ]; then + echo $DM_TZ > /etc/timezone + ln -snf /usr/share/zoneinfo/$TZ /etc/localtime + dpkg-reconfigure -f noninteractive tzdata + fi +} -## Change dm Website config -sed -i "s|dmHost:.*|dmHost: \"$DM_FORWEB\",|" $WEB_CONF_FILE +init_config() +{ + ## Write a default variables to dm config + sed -i -e "/\[main\]/,/\[/ s/^user\s*=.*/user=$UNAME/" \ + -e "/\[main\]/,/\[/ s/^group\s*=.*/group=$UNAME/" \ + -e "/\[main\]/,/\[/ s/^workers\s*=.*/workers=$(nproc)/" \ + -e "/\[module\/WebSocket\]/,/\[/ s/^enable\s*=.*/enable=true/" \ + -e "/\[daemon\]/,/\[/ s/^daemon\s*=.*/daemon=false/" \ + -e "/\[server\]/,/\[/ s/^listen\s*=.*/listen=0.0.0.0/" \ + -e "/\[server\]/,/\[/ s/^port\s*=.*/port=4999/" $CONF_FILES + + ## Change dm Website config + sed -i "s|dmHost:.*|dmHost: \"$DM_FORWEB\",|" $WEB_CONF_FILE + + if [ "$DM_WEBAUTH" = 1 -o "$DM_WEBAUTH" = true ]; then + sed -i 's/confAuthorize:.*/confAuthorize: true,/' $WEB_CONF_FILE + else + sed -i 's/confAuthorize:.*/confAuthorize: false,/' $WEB_CONF_FILE + fi -if [ "$DM_WEBAUTH" = 1 -o "$DM_WEBAUTH" = true ]; then - sed -i 's/confAuthorize:.*/confAuthorize: true,/' $WEB_CONF_FILE -else - sed -i 's/confAuthorize:.*/confAuthorize: false,/' $WEB_CONF_FILE -fi -if [ "$DM_LC_ALL" = "ru_RU.UTF-8" ]; then - sed -i 's/defaultLanguage:.*/defaultLanguage: "ru",/' $WEB_CONF_FILE -else - sed -i 's/defaultLanguage:.*/defaultLanguage: "en",/' $WEB_CONF_FILE -fi + if [ "$DM_LC_ALL" = "ru_RU.UTF-8" ]; then + sed -i 's/defaultLanguage:.*/defaultLanguage: "ru",/' $WEB_CONF_FILE + else + sed -i 's/defaultLanguage:.*/defaultLanguage: "en",/' $WEB_CONF_FILE + fi + + ## Add DM_FORWEB to dm oauth config + cat $WEB_CONF_OAUTH | \ + jq --arg host "$(basename $DM_FORWEB)" '.web.redirect_uris=[ + "http://"+$host+"/oauth2/code","http://"+$host+"/oauth2/callback", + "https://"+$host+"/oauth2/code","https://"+$host+"/oauth2/callback"]' | \ + sponge $WEB_CONF_OAUTH + cat $WEB_CONF_SITES | \ + jq --arg host "$(basename $DM_FORWEB)" '.hosts = [$host]' | \ + sponge $WEB_CONF_SITES + + ## Write the PGP keys locations to dm config + sed -i "/\[pgp\]/,/\[/ s%^private\s*=.*%private=$PGP_SEC_FILE%" $CONF_FILES + + if [ "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true ]; then + sed -i "/\[pgp\]/,/\[/ s%^public\s*=.*%public=$BITDEALS_TESTNET_PGP_FILE%" $CONF_FILES + else + sed -i "/\[pgp\]/,/\[/ s%^public\s*=.*%public=$BITDEALS_PGP_FILE%" $CONF_FILES + fi + + ## Write a user variables to the daemon config files. + if [ "$DM_BITCOIN" ]; then + sed -i "/\[module\]/,/\[/ s/^address\s*=.*/address=$DM_BITCOIN/" $CONF_FILES + fi + if [ "$DM_FEE" ]; then + sed -i "/\[module\]/,/\[/ s/^#\?fee\s*=.*/fee=$DM_FEE/" $CONF_FILES + fi + if [ "$DM_PGP_PASSWORD" ] ; then + ## Escaping the '/' in password line for use it in `sed` + DM_PGP_PASSWORD="$(echo $DM_PGP_PASSWORD | sed 's/\//\\\//g')" + sed -i "/\[pgp\]/,/\[/ s/^passphrase\s*=.*/passphrase=$DM_PGP_PASSWORD/" $CONF_FILES + fi + if [ "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true ]; then + sed -i "/\[main\]/,/\[/ s/^testnet\s*=.*/testnet=true/" $CONF_FILES + else + sed -i "/\[main\]/,/\[/ s/^testnet\s*=.*/testnet=false/" $CONF_FILES + fi + + ## Write PGP key variables to files + if [ "$DM_BITDEALS_PGP" ]; then + echo "$BITDEALS_PGP" > "$BITDEALS_PGP_FILE" + fi + if [ "$DM_BITDEALS_TESTNET_PGP" ]; then + echo "$BITDEALS_TESTNET_PGP" > "$BITDEALS_TESTNET_PGP_FILE" + fi + if [ "$DM_PGP_SEC" ]; then + echo "$DM_PGP_SEC" > "$PGP_SEC_FILE" + fi -[ "$DM_LC_ALL" ] && \ - export LC_ALL="$DM_LC_ALL" + ## Setup testnet settings in libbitcoin-explorer config for new user bitcoin address generation + [ "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true ] && \ + sed -i -e "/\[wallet\]/,/\[/ s/wif_version? \s*=.*/wif_version = 239/" \ + -e "/\[wallet\]/,/\[/ s/hd_public_version \s*=.*/hd_public_version = 70617039/" \ + -e "/\[wallet\]/,/\[/ s/hd_secret_version \s*=.*/hd_secret_version = 70615956/" \ + -e "/\[wallet\]/,/\[/ s/pay_to_public_key_hash_version \s*=.*/pay_to_public_key_hash_version = 111/" \ + -e "/\[wallet\]/,/\[/ s/pay_to_script_hash_version \s*=.*/pay_to_script_hash_version = 196/" \ + -e "/\[network\]/,/\[/ s/identifier \s*=.*/identifier = 118034699/" \ + -e "/seed = mainnet[0-9].libbitcoin.net:8333/ s/^/#/" \ + -e "/url = tcp:\/\/mainnet.libbitcoin.net:9091/ s/^/#/" \ + -e "/block_url = tcp:\/\/mainnet.libbitcoin.net:9093/ s/^/#/" \ + -e "/transaction_url = tcp:\/\/mainnet.libbitcoin.net:9094/ s/^/#/" \ + -e "/#seed = testnet[0-9].libbitcoin.net:18333/ s/^#//" \ + -e "/#url = tcp:\/\/testnet.libbitcoin.net:19091/ s/^#//" \ + -e "/#block_url = tcp:\/\/testnet.libbitcoin.net:19093/ s/^#//" \ + -e "/#transaction_url = tcp:\/\/testnet.libbitcoin.net:19094/ s/^#//" "$BX_CONF_FILE" +} -## Add DM_FORWEB to dm oauth config -cat $WEB_CONF_OAUTH | \ - jq --arg host "$DM_FORWEB" '.web | .redirect_uris=[$host+"/oauth2/code",$host+"/oauth2/callback"]' | \ - sponge $WEB_CONF_OAUTH -cat $WEB_CONF_SITES | \ - jq --arg host "$(basename $DM_FORWEB)" '.hosts = [$host]' | \ - sponge $WEB_CONF_SITES - -## Write the PGP keys locations to dm config -sed -i "/\[pgp\]/,/\[/ s%^private=.*%private=$PGP_SEC_FILE%" $CONF_FILES - -if [ "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true ]; then - sed -i "/\[pgp\]/,/\[/ s%^public=.*%public=$BITDEALS_TEST_PGP_FILE%" $CONF_FILES - else - sed -i "/\[pgp\]/,/\[/ s%^public=.*%public=$BITDEALS_PGP_FILE%" $CONF_FILES -fi - -## Write a user variables to the daemon config files. -if [ "$DM_BITCOIN" ]; then - sed -i "/\[module\]/,/\[/ s/^address=.*/address=$DM_BITCOIN/" $CONF_FILES -fi -if [ "$DM_FEE" ]; then - sed -i "/\[module\]/,/\[/ s/^#\?fee=.*/fee=$DM_FEE/" $CONF_FILES -fi -if [ "$DM_PGP_PASSWORD" ] ; then - #escaping the '/' in password line for use it in `sed` - DM_PGP_PASSWORD="$(echo $DM_PGP_PASSWORD | sed 's/\//\\\//g')" - sed -i "/\[pgp\]/,/\[/ s/^passphrase=.*/passphrase=$DM_PGP_PASSWORD/" $CONF_FILES -fi -if [ "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true ]; then - sed -i "/\[main\]/,/\[/ s/.*testnet=.*/testnet=true/" $CONF_FILES -else - sed -i "/\[main\]/,/\[/ s/.*testnet=.*/testnet=false/" $CONF_FILES -fi - -## Write PGP key variables to files -if [ "$DM_BITDEALS_PGP" ]; then - echo "$BITDEALS_PGP" > "$BITDEALS_PGP_FILE" -fi -if [ "$DM_BITDEALS_TEST_PGP" ]; then - echo "$BITDEALS_TEST_PGP" > "$BITDEALS_TEST_PGP_FILE" -fi -if [ "$DM_PGP_SEC" ]; then - echo "$DM_PGP_SEC" > "$PGP_SEC_FILE" -fi - -## Create user PGP key if the file is empty -if [ ! -f "$PGP_SEC_FILE" ] -then - [ "$DM_ACCOUNT_URL" ] || \ - { echo -en "\nGenerating new PGP key...\nPlease enter your site URL like https://example.com : " ; \ - read DM_ACCOUNT_URL ;} - - #GNUPGHOME="$(mktemp -d)" ;# works for gpg2 - gpg --faked-system-time $(TZ=UTC date --date=$(date +'%Y-%m-%d') +%s) \ - --pinentry-mode loopback --passphrase "$DM_PGP_PASSWORD" \ - --openpgp --batch --gen-key 2>/dev/null <<-EOF - Key-Type: RSA - Key-Usage: cert,sign - Key-Length: 1024 - Subkey-Type: RSA - Subkey-Usage: encr - Subkey-Length: 1024 - Name-Real: Account_URL - Name-Comment: ${DM_ACCOUNT_URL:-https://example-$RANDOM$RANDOM.com} - Expire-Date: 0 +generate_pgp_key() +{ + ## Create user PGP key if the file is empty + if [ ! -f "$PGP_SEC_FILE" ] + then + [ "$DM_ACCOUNT_URL" ] || \ + { echo -en "\nGenerating new PGP key...\nPlease enter your site URL like https://example.com : " ; \ + read DM_ACCOUNT_URL ;} + + #GNUPGHOME="$(mktemp -d)" ; ## Works for gpg2 + gpg --faked-system-time $(TZ=UTC date --date=$(date +'%Y-%m-%d') +%s) \ + --pinentry-mode loopback --passphrase "$DM_PGP_PASSWORD" \ + --openpgp --batch --gen-key 2>/dev/null <<-EOF + Key-Type: RSA + Key-Usage: cert,sign + Key-Length: 1024 + Subkey-Type: RSA + Subkey-Usage: encr + Subkey-Length: 1024 + Name-Real: Account_URL + Name-Comment: ${DM_ACCOUNT_URL:-https://example-$RANDOM$RANDOM.com} + Expire-Date: 0 EOF - tput setaf 2 - cat <<-EOF - - $(gpg -k --keyid-format long 2>/dev/null | tail -n5) - $(gpg --armor --export-secret-keys --passphrase "$DM_PGP_PASSWORD" | tee "$PGP_SEC_FILE") - + tput setaf 2 + cat <<-EOF + + $(gpg -k --keyid-format long 2>/dev/null | tail -n5) + $(gpg --armor --export-secret-keys --passphrase "$DM_PGP_PASSWORD" | tee "$PGP_SEC_FILE") + EOF - tput sgr0 - gpgconf --kill all -else - echo -e "NOTE: Your PGP key location: $PGP_SEC_FILE" -fi - -## Change PGP keyfile owner -if [ -f "$PGP_SEC_FILE" ]; then - chown $UNAME:$UNAME "$PGP_SEC_FILE" - chmod 600 "$PGP_SEC_FILE" -fi - -## Setup testnet settings in libbitcoin-explorer config for new user bitcoin address generation -[ "$DM_TESTNET" = 1 -o "$DM_TESTNET" = true ] && \ - sed -i -e "/\[wallet\]/,/\[/ s/wif_version? =.*/wif_version = 239/" \ - -e "/\[wallet\]/,/\[/ s/hd_public_version =.*/hd_public_version = 70617039/" \ - -e "/\[wallet\]/,/\[/ s/hd_secret_version =.*/hd_secret_version = 70615956/" \ - -e "/\[wallet\]/,/\[/ s/pay_to_public_key_hash_version =.*/pay_to_public_key_hash_version = 111/" \ - -e "/\[wallet\]/,/\[/ s/pay_to_script_hash_version =.*/pay_to_script_hash_version = 196/" \ - -e "/\[network\]/,/\[/ s/identifier =.*/identifier = 118034699/" \ - -e "/seed = mainnet[0-9].libbitcoin.net:8333/ s/^/#/" \ - -e "/url = tcp:\/\/mainnet.libbitcoin.net:9091/ s/^/#/" \ - -e "/block_url = tcp:\/\/mainnet.libbitcoin.net:9093/ s/^/#/" \ - -e "/transaction_url = tcp:\/\/mainnet.libbitcoin.net:9094/ s/^/#/" \ - -e "/#seed = testnet[0-9].libbitcoin.net:18333/ s/^#//" \ - -e "/#url = tcp:\/\/testnet.libbitcoin.net:19091/ s/^#//" \ - -e "/#block_url = tcp:\/\/testnet.libbitcoin.net:19093/ s/^#//" \ - -e "/#transaction_url = tcp:\/\/testnet.libbitcoin.net:19094/ s/^#//" "$BX_CONF_FILE" - -## Create new Bitcoin keys. If user address (_DM_BITCOIN var) is empty. -_DM_BITCOIN="$(sed -n '/^[ \t]*\[module\]/,/\[/s/^[ \t]*address[ \t]*=[ \t]*//p' $CONF_FILES)" - -B=$(tput bold ; tput setaf 1) -N=$(tput sgr0) - -if [ -z "$_DM_BITCOIN" ] -then - ## Generate bitcoin keys - PRIVKEY="$(cat /dev/random | tr -cd "[:digit:]" | head -c 64)" - PUBKEY="$(bx ec-to-public $PRIVKEY)" - BITCOIN="$(bx ec-to-address $PUBKEY)" - PRIVKEYWIF="$(bx ec-to-wif $PRIVKEY)" - - ## Write the bitcoin address to the daemon config - sed -i "/\[module\]/,/\[/ s/^address=.*/address=$BITCOIN/" $CONF_FILES - - ## Show bitcoin key - tee -a $BITCOIN_KEYS_BACKUP <<-EOF - - ${B}Please backup this BITCOIN KEY:${N} - Private key (WIF form): $PRIVKEYWIF - Public key: $PUBKEY - Bitcoin address: $BITCOIN + tput sgr0 + gpgconf --kill all + else + echo -e "NOTE: Your PGP key location: $PGP_SEC_FILE" + fi + + ## Change PGP keyfile owner + if [ -f "$PGP_SEC_FILE" ]; then + chown $UNAME:$UNAME "$PGP_SEC_FILE" + chmod 600 "$PGP_SEC_FILE" + fi +} +generate_btc_key() +{ + ## Create new Bitcoin keys. If user address (_DM_BITCOIN var) is empty. + _DM_BITCOIN="$(sed -n '/^[ \t]*\[module\]/,/\[/s/^[ \t]*address[ \t]*=[ \t]*//p' $CONF_FILES)" + + B=$(tput bold ; tput setaf 1) + N=$(tput sgr0) + + if [ -z "$_DM_BITCOIN" ] + then + ## Generate bitcoin keys + PRIVKEY="$(cat /dev/random | tr -cd "[:digit:]" | head -c 64)" + PUBKEY="$(bx ec-to-public $PRIVKEY)" + BITCOIN="$(bx ec-to-address $PUBKEY)" + PRIVKEYWIF="$(bx ec-to-wif $PRIVKEY)" + + ## Write the bitcoin address to the daemon config + sed -i "/\[module\]/,/\[/ s/^address\s*=.*/address=$BITCOIN/" $CONF_FILES + + ## Show bitcoin key + tee -a $BITCOIN_KEYS_BACKUP <<-EOF + + ${B}Please backup this BITCOIN KEY:${N} + Private key (WIF form): $PRIVKEYWIF + Public key: $PUBKEY + Bitcoin address: $BITCOIN + EOF - chmod 600 $BITCOIN_KEYS_BACKUP -else - test -f $BITCOIN_KEYS_BACKUP \ - && echo -e "NOTE: Your Bitcoin key saved to $(dirname $BITCOIN_KEYS_BACKUP)/${B}$(basename $BITCOIN_KEYS_BACKUP)${N}"\ - || echo -e "NOTE: Your Bitcoin address: $_DM_BITCOIN" -fi + chmod 600 $BITCOIN_KEYS_BACKUP + else + test -f $BITCOIN_KEYS_BACKUP \ + && echo -e "NOTE: Your Bitcoin key saved to $(dirname $BITCOIN_KEYS_BACKUP)/${B}$(basename $BITCOIN_KEYS_BACKUP)${N}"\ + || echo -e "NOTE: Your Bitcoin address: $_DM_BITCOIN" + fi +} + +generate_ssl_key() +{ + ## Generate self-signed certificate + if ! [ -f $WEB_KEY -a -f $WEB_CERT ]; then + openssl req -x509 -nodes -days 365 -newkey rsa:2048 -batch \ + -keyout $WEB_KEY \ + -out $WEB_CERT + fi + if ! [ -f $WEB_DH ]; then + echo "Generating DH parameters, 1024 bit long safe prime" + openssl dhparam -out $WEB_DH 1024 2>/dev/null + fi +} + + +set_locale +init_config +generate_pgp_key +generate_btc_key +generate_ssl_key -## Generate self-signed certificate -if ! [ -f $WEB_KEY -a -f $WEB_CERT ]; then - openssl req -x509 -nodes -days 365 -newkey rsa:2048 -batch \ - -keyout $WEB_KEY \ - -out $WEB_CERT -fi -if ! [ -f $WEB_DH ]; then - echo "Generating DH parameters, 1024 bit long safe prime" - openssl dhparam -out $WEB_DH 1024 2>/dev/null -fi ## Run the daemon /etc/init.d/nginx start diff --git a/docker/nginx.conf b/docker/nginx.conf index d31daa1..8594224 100644 --- a/docker/nginx.conf +++ b/docker/nginx.conf @@ -2,27 +2,11 @@ server { listen 80 default_server; listen [::]:80 default_server; - index index.html; - server_name _; - rewrite ^/$ /dm/ permanent; - location / { - root /var/www/web; - index index.html; - try_files $uri $uri/ /index.html; + return 301 https://$host$request_uri; } - - location ^~ /api/ { - proxy_pass http://127.0.0.1:4999; - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header Connection "close"; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } } server { @@ -51,8 +35,8 @@ server { listen [::]:443 ssl ipv6only=on; listen 443 ssl; - ssl_certificate /home/dm/fullchain.pem; - ssl_certificate_key /home/dm/privkey.pem; + ssl_certificate /home/dm/ssl-fullchain.pem; + ssl_certificate_key /home/dm/ssl-privkey.pem; ssl_dhparam /etc/ssl/dhparam.pem; }