diff --git a/dc3/Dockerfile b/dc3/Dockerfile index c5ac6fe..5656015 100644 --- a/dc3/Dockerfile +++ b/dc3/Dockerfile @@ -19,4 +19,7 @@ MAINTAINER pnoker pnokers.icloud.com RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime -COPY ./dist/ /usr/share/nginx/html/ \ No newline at end of file +COPY ./dc3/ssl/ /etc/ssl/ +COPY ./dc3/nginx/ /etc/nginx/ +COPY ./dist/ /usr/share/nginx/html/ +COPY ./dc3/conf.crt/ /etc/nginx/conf.crt/ \ No newline at end of file diff --git a/dc3/conf.crt/dc3.com/dc3.com_chain.crt b/dc3/conf.crt/dc3.com/dc3.com_chain.crt new file mode 100644 index 0000000..771ac16 --- /dev/null +++ b/dc3/conf.crt/dc3.com/dc3.com_chain.crt @@ -0,0 +1,61 @@ +-----BEGIN CERTIFICATE----- +MIIFpzCCBI+gAwIBAgIQBFr2Pk9xnibnGTX7JVjzvTANBgkqhkiG9w0BAQsFADBy +MQswCQYDVQQGEwJDTjElMCMGA1UEChMcVHJ1c3RBc2lhIFRlY2hub2xvZ2llcywg +SW5jLjEdMBsGA1UECxMURG9tYWluIFZhbGlkYXRlZCBTU0wxHTAbBgNVBAMTFFRy +dXN0QXNpYSBUTFMgUlNBIENBMB4XDTIwMDEwMzAwMDAwMFoXDTIxMDEwMjEyMDAw +MFowHzEdMBsGA1UEAxMUaW90LXBvcnRhbC55eXVhcC5jb20wggEiMA0GCSqGSIb3 +DQEBAQUAA4IBDwAwggEKAoIBAQDtp+zKHcVQHhzY36VhQqKK4SQc0FvrsV14ZN0n +XEAfXENqI1JWiN/7y7eg4ASCoZGXhPO6ImaK5qdf1GuWXYuN4OjuhF/GwYmD6n71 +nDolYV9B8YJeCx1+LGegNvGFT4nVI6+0CnuvnAI0vgbZX0ol4QyPYXe02Xcr2EP7 +FklHU5l+S6/wn3/4OVcWQjAIJV+B+FFzoKmGwKJA7y667uI5xmcWKn+LcUIHx3zf +dKfwOOGhOtlTavd3oYeJoxhCVvUvPcwAoZ9S/13sGt/fHSllscDymNiDMBfVqdIQ +jGJRJ0qC+tvg85SuCCnf6lnrlthx+t2V/ITl3jwCnvQBjLcpAgMBAAGjggKKMIIC +hjAfBgNVHSMEGDAWgBR/05nzoEcOMQBWViKOt8ye3coBijAdBgNVHQ4EFgQUsPet +uKBh4dcRnGsr2jl5ECEBAuYwHwYDVR0RBBgwFoIUaW90LXBvcnRhbC55eXVhcC5j +b20wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcD +AjBMBgNVHSAERTBDMDcGCWCGSAGG/WwBAjAqMCgGCCsGAQUFBwIBFhxodHRwczov +L3d3dy5kaWdpY2VydC5jb20vQ1BTMAgGBmeBDAECATCBkgYIKwYBBQUHAQEEgYUw +gYIwNAYIKwYBBQUHMAGGKGh0dHA6Ly9zdGF0dXNlLmRpZ2l0YWxjZXJ0dmFsaWRh +dGlvbi5jb20wSgYIKwYBBQUHMAKGPmh0dHA6Ly9jYWNlcnRzLmRpZ2l0YWxjZXJ0 +dmFsaWRhdGlvbi5jb20vVHJ1c3RBc2lhVExTUlNBQ0EuY3J0MAkGA1UdEwQCMAAw +ggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdgC72d+8H4pxtZOUI5eqkntHOFeVCqtS +6BqQlmQ2jh7RhQAAAW9rJ/viAAAEAwBHMEUCIBLVxlvsr3GhjBl0EX4Z6NCmodQL +5E8se95FolzVQkdHAiEAqOZVKrlQcKeQlxwWoZylSFVy/+F2+WrbsL2XDajID8UA +dgCHdb/nWXz4jEOZX73zbv9WjUdWNv9KtWDBtOr/XqCDDwAAAW9rJ/ylAAAEAwBH +MEUCIAQ4oJbihRuqghX5k50pWH19traRHVaGz3+Lb0u9J697AiEAhGsMxEvaVDkn +48kGzhtIXJhrfQ6zdlfSTIUInAjHyaswDQYJKoZIhvcNAQELBQADggEBAJ9VwA8Y +8/XDwy42GpqUU6Q72JUEh/BY4E84gzgE2DmBsF7qau4zRdTEJT3H3a6CpNAwa9yo +/vGpoGyBcY+fvVyTX5NNVIDhRGxy2pmzQCpW/quHv1GL9GCGIz3dtIOG9GH2297e +xzHhUkn/RpGLorlp8t/YQuLYvFdI9F4jJbINdRdwARuOgGscW2t1tH9x8UXBLLRd +x9BoJ4tel7sMt8KRXf0lB05QuHzUNqcxZRW0a0hL876YuZtx8cup88K9uLWwEWh8 +pz2kib0Hyzb8hjB1ha3Sdj+ejBMPzwqeRhKdrjUqbDiRyGhoBosKAOnZ92gRfQLQ +wxRVxDDwwYhxccQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIErjCCA5agAwIBAgIQBYAmfwbylVM0jhwYWl7uLjANBgkqhkiG9w0BAQsFADBh +MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 +d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD +QTAeFw0xNzEyMDgxMjI4MjZaFw0yNzEyMDgxMjI4MjZaMHIxCzAJBgNVBAYTAkNO +MSUwIwYDVQQKExxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMuMR0wGwYDVQQL +ExREb21haW4gVmFsaWRhdGVkIFNTTDEdMBsGA1UEAxMUVHJ1c3RBc2lhIFRMUyBS +U0EgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCgWa9X+ph+wAm8 +Yh1Fk1MjKbQ5QwBOOKVaZR/OfCh+F6f93u7vZHGcUU/lvVGgUQnbzJhR1UV2epJa +e+m7cxnXIKdD0/VS9btAgwJszGFvwoqXeaCqFoP71wPmXjjUwLT70+qvX4hdyYfO +JcjeTz5QKtg8zQwxaK9x4JT9CoOmoVdVhEBAiD3DwR5fFgOHDwwGxdJWVBvktnoA +zjdTLXDdbSVC5jZ0u8oq9BiTDv7jAlsB5F8aZgvSZDOQeFrwaOTbKWSEInEhnchK +ZTD1dz6aBlk1xGEI5PZWAnVAba/ofH33ktymaTDsE6xRDnW97pDkimCRak6CEbfe +3dXw6OV5AgMBAAGjggFPMIIBSzAdBgNVHQ4EFgQUf9OZ86BHDjEAVlYijrfMnt3K +AYowHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDgYDVR0PAQH/BAQD +AgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjASBgNVHRMBAf8ECDAG +AQH/AgEAMDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3Au +ZGlnaWNlcnQuY29tMEIGA1UdHwQ7MDkwN6A1oDOGMWh0dHA6Ly9jcmwzLmRpZ2lj +ZXJ0LmNvbS9EaWdpQ2VydEdsb2JhbFJvb3RDQS5jcmwwTAYDVR0gBEUwQzA3Bglg +hkgBhv1sAQIwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29t +L0NQUzAIBgZngQwBAgEwDQYJKoZIhvcNAQELBQADggEBAK3dVOj5dlv4MzK2i233 +lDYvyJ3slFY2X2HKTYGte8nbK6i5/fsDImMYihAkp6VaNY/en8WZ5qcrQPVLuJrJ +DSXT04NnMeZOQDUoj/NHAmdfCBB/h1bZ5OGK6Sf1h5Yx/5wR4f3TUoPgGlnU7EuP +ISLNdMRiDrXntcImDAiRvkh5GJuH4YCVE6XEntqaNIgGkRwxKSgnU3Id3iuFbW9F +UQ9Qqtb1GX91AJ7i4153TikGgYCdwYkBURD8gSVe8OAco6IfZOYt/TEwii1Ivi1C +qnuUlWpsF1LdQNIdfbW3TSe0BhQa7ifbVIfvPWHYOu3rkg1ZeMo6XRU9B4n5VyJY +RmE= +-----END CERTIFICATE----- diff --git a/dc3/conf.crt/dc3.com/dc3.com_key.key b/dc3/conf.crt/dc3.com/dc3.com_key.key new file mode 100644 index 0000000..cc36a0c --- /dev/null +++ b/dc3/conf.crt/dc3.com/dc3.com_key.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEA7afsyh3FUB4c2N+lYUKiiuEkHNBb67FdeGTdJ1xAH1xDaiNS +Vojf+8u3oOAEgqGRl4TzuiJmiuanX9Rrll2LjeDo7oRfxsGJg+p+9Zw6JWFfQfGC +XgsdfixnoDbxhU+J1SOvtAp7r5wCNL4G2V9KJeEMj2F3tNl3K9hD+xZJR1OZfkuv +8J9/+DlXFkIwCCVfgfhRc6CphsCiQO8uuu7iOcZnFip/i3FCB8d833Sn8DjhoTrZ +U2r3d6GHiaMYQlb1Lz3MAKGfUv9d7Brf3x0pZbHA8pjYgzAX1anSEIxiUSdKgvrb +4POUrggp3+pZ65bYcfrdlfyE5d48Ap70AYy3KQIDAQABAoIBAQCYmuMHKjTAbIWz +kXDd0m8TZNzOj9DmuN6/Z21HUApw2MsFRacioAPL6RWB/TeINn2J4TqsRFi6SsAh +XgKz7F+nfEu2lVP3CeHmzlY2GtqPlEYZzx4ai2Kl2Ze1HnLaWqe0MJUrtCuWKUSV +X4yAWpr/VdK94yV+AMJwag/FFJt7a2t3Z1UtratsVeQrzAbCPZCiI2nw90Ljjfha +qFXGXDuUaJXrUrLDGWtnZz+URGXqjCxESehDzgU2mU8FykLjbom9aYPwZa1uxatz +dgr7tQuPtJ6ElLWs9eHtACRspXd2/I2ZFWAGdQefFEGIspKBSipG8M9PKAk6raGJ +QXrXNxSNAoGBAPbDkHB5yyjTr2IfpGre+YgcB4OpKkINKpUaJTlkjtmHpXGOPUI3 +G1lls9utebFaGgiaQIbW7Fdwm1LpYyKN/zCESua4ptsYxjmjWZb+3do96wXjLxW5 +Qjhx9KmuWlLq7ZMkhj5krX4t2XNAa7nFuBbcXb4M3iIU/52T/wegDaTbAoGBAPaN +Fxz0OtRuwJGlAjy3/0Os2Ki6x1xLjJk+gl5RPBnMRG82zzGs24FY5c+c9byTwnmp ++HBq4Druyqc3BUh00b3kMLkqjSE2dpGWLd+bgC3SJEoJ9hAJFO10YBApV6wIhosz +cPbvH+QR965NLQe4u7Bnn8Yhe6CP8byz8V73VrFLAoGAA3mvoBXnCZUppC0j6Klp +RER4yp7oTHPZBK6QlaVX6bJiXx4MuNED3pdzGAXyb9AAC9z4Sa3fOEAKv/kvfz4W +uP0z/Nne57kKmac2TM0cHMXAeJ3BfQHV7+uS8YzWEtLiM69RALH0S5GjvV7L5Zrm +Q9QosdOGkV5QV0zNS7MyXf8CgYAkbH+npWUzkREd8zS7Z6tsghKYCs/9EKQ614NH +D9VDMmxByeUeP51GJK3+1/9t1p56fuPXJ9Lsoe6KeZRsOeXqmdWg5WpoJ7WomHk6 +eaycGFmIHqSdhdnzoqe2e4UaQ0AtPHJJ6NXbSdQ/ieNHKsF/tC9kg/nRpLJf4G2e +TAggtQKBgGJx5c86a/85YErQIV/KY795BRQQr8P85a2miXmLbK3rTe3T+ezgyOsh +Ccupqsmqls2EkYLDYpJlnn3VOZHX29c26gV4Zz8THP/OrRmtZBXtGiZmyoYZxcNH +FnX2jHF6TPRtg5lW5CmKT+9Uyry4nBSgqiBm96K5EB7eWMxe1EZE +-----END RSA PRIVATE KEY----- diff --git a/dc3/conf.crt/dc3.com/fileauth.txt b/dc3/conf.crt/dc3.com/fileauth.txt new file mode 100644 index 0000000..08bc320 --- /dev/null +++ b/dc3/conf.crt/dc3.com/fileauth.txt @@ -0,0 +1 @@ +202001021106594c5heikns08tw3hudmz7f6iookwmug3v24re8daw53v9kc86fp \ No newline at end of file diff --git a/dc3/docker-compose.yml b/dc3/docker-compose.yml index f3d62c5..6f1b06c 100644 --- a/dc3/docker-compose.yml +++ b/dc3/docker-compose.yml @@ -8,9 +8,10 @@ services: image: pnoker/dc3-web:3.0 restart: always ports: - - 3000:80 + - 80:80 + - 443:443 container_name: dc3.web - hostname: dc3.web + hostname: dc3.com networks: dc3net: aliases: diff --git a/dc3/nginx/conf.d/default.conf b/dc3/nginx/conf.d/default.conf new file mode 100644 index 0000000..3ee685b --- /dev/null +++ b/dc3/nginx/conf.d/default.conf @@ -0,0 +1,44 @@ +server { + listen 80; + server_name dc3.com localhost; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + return 301 https://$server_name$request_uri; +} + +server { + listen 443 ssl; + server_name dc3.com localhost; + + add_header X-Xss-Protection 1; + add_header X-Frame-Options DENY; + add_header X-Content-Type-Options nosniff; + + ssl_prefer_server_ciphers on; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_dhparam /etc/ssl/certs/dhparam.pem; + ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4"; + + ssl_certificate_key /etc/nginx/conf.crt/dc3.com/dc3.com_key.key; + ssl_certificate /etc/nginx/conf.crt/dc3.com/dc3.com_chain.crt; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } +} + diff --git a/dc3/nginx/nginx.conf b/dc3/nginx/nginx.conf new file mode 100644 index 0000000..17a594e --- /dev/null +++ b/dc3/nginx/nginx.conf @@ -0,0 +1,32 @@ +user nginx; +worker_processes auto; + +error_log /var/log/nginx/error.log warn; +pid /var/run/nginx.pid; + +events { + multi_accept on; + worker_connections 2048; + use epoll; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + gzip on; + tcp_nopush on; + sendfile on; + + keepalive_timeout 65; + ssl_session_timeout 10m; + ssl_session_cache shared:SSL:10m; + + include /etc/nginx/conf.d/*.conf; +} diff --git a/dc3/ssl/certs/dhparam.pem b/dc3/ssl/certs/dhparam.pem new file mode 100644 index 0000000..6ef60d7 --- /dev/null +++ b/dc3/ssl/certs/dhparam.pem @@ -0,0 +1,8 @@ +-----BEGIN DH PARAMETERS----- +MIIBCAKCAQEAsp+BdCoH3P0L+q1Ew8L5Xt+2FvxlA+Fk9IXEHPEJszU/BDos3BEd +3V7jlmR/WZOJmwnjbyS+P/xI4fprQFZUhZSZPvotlGnUrZbwcPUDtqR7ELnrGFlt +YnUKMAVBSDCYsqVncxfoaEYVEG1Z64dwP4R4EFO600Wl7k9ympIYp6DXh96nRi8N +4aeZ0Dsm/JG+ymnEgG6W3alN7ACgd+Lt/UlxmxzUf+mp4RRofiY4jyQe+WxeTzkc +3j0eZ11Z3vbUz2FmH/xXYsH8DFEHRF3sayLPZeg/hXlL14ckYnCG3ywhNRBZWu/h +ofNGWs1RF2n+uaNlwSbSxb408FK7kFS2wwIBAg== +-----END DH PARAMETERS-----