From d9c505a2f51fc988e42bcbbd02d5b69c91c658f4 Mon Sep 17 00:00:00 2001 From: John Cardinal Date: Tue, 7 Dec 2021 19:51:31 +0000 Subject: [PATCH] --- .../letsencrypt/docker-compose.yml | 18 --- .../letsencrypt/letsencrypt-site/index.html | 14 -- .../letsencrypt/nginx.conf | 13 -- .../production/dh-param/dhparam-2048.pem | 8 - .../production/docker-compose.yml | 22 --- .../production/production-site/index.html | 13 -- .../production/production.conf | 142 ------------------ dist/docker/linux-x64/restartnginx.sh | 6 - docs/8.0/ayanova/docs/ops-install-linux.md | 10 +- 9 files changed, 9 insertions(+), 237 deletions(-) delete mode 100644 dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/letsencrypt/docker-compose.yml delete mode 100644 dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/letsencrypt/letsencrypt-site/index.html delete mode 100644 dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/letsencrypt/nginx.conf delete mode 100644 dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/production/dh-param/dhparam-2048.pem delete mode 100644 dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/production/docker-compose.yml delete mode 100644 dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/production/production-site/index.html delete mode 100644 dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/production/production.conf delete mode 100644 dist/docker/linux-x64/restartnginx.sh diff --git a/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/letsencrypt/docker-compose.yml b/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/letsencrypt/docker-compose.yml deleted file mode 100644 index 9d4f9c31..00000000 --- a/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/letsencrypt/docker-compose.yml +++ /dev/null @@ -1,18 +0,0 @@ -version: '3.1' - -services: - - letsencrypt-nginx-container: - container_name: 'letsencrypt-nginx-container' - image: nginx:latest - ports: - - "80:80" - volumes: - - ./nginx.conf:/etc/nginx/conf.d/default.conf - - ./letsencrypt-site:/usr/share/nginx/html - networks: - - docker-network - -networks: - docker-network: - driver: bridge diff --git a/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/letsencrypt/letsencrypt-site/index.html b/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/letsencrypt/letsencrypt-site/index.html deleted file mode 100644 index 255923ff..00000000 --- a/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/letsencrypt/letsencrypt-site/index.html +++ /dev/null @@ -1,14 +0,0 @@ - - - - - Let's Encrypt First Time Cert Issue Site - - -

Hello world

-

- This is the temporary site that will only be used for the very first time SSL certificates are issued by Let's Encrypt's - certbot. -

- - diff --git a/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/letsencrypt/nginx.conf b/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/letsencrypt/nginx.conf deleted file mode 100644 index d4dc46d0..00000000 --- a/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/letsencrypt/nginx.conf +++ /dev/null @@ -1,13 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name helloayanova.com www.helloayanova.com v8.helloayanova.com test.helloayanova.com; - - location ~ /.well-known/acme-challenge { - allow all; - root /usr/share/nginx/html; - } - - root /usr/share/nginx/html; - index index.html; -} diff --git a/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/production/dh-param/dhparam-2048.pem b/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/production/dh-param/dhparam-2048.pem deleted file mode 100644 index 27eabc38..00000000 --- a/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/production/dh-param/dhparam-2048.pem +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN DH PARAMETERS----- -MIIBCAKCAQEA2wcsrWmfQbGC0V8eW14YPtYA1jt2dNeqV6B7Z/w0GnrwjL+xuYhG -LzDhQuJvhEsDFCd//roBXWOFOZdAR0otkcxaQ+AaP0z/0UsC8NWGnM1G6q4fBju/ -y9e+dqjybyHIX10FtTj/gKV8lBcWJIw7cMmlAShj6xfd1zPPehNswLiRrWHusL/E -5GkV/x4U76KbViqqTqrV5J6dmnxaNk4s8AphGvqeu/UrewjVf8C+fl6hljICUayJ -WzHd5Ss/CASPRk91nnhcP9r3XZNyuPkyxmJrlZVElsC94T5Chnth+uix4TpBV/2P -0Ax8sCLPVlw9Op7Bu7fJ+QJ5gbVk9n93mwIBAg== ------END DH PARAMETERS----- diff --git a/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/production/docker-compose.yml b/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/production/docker-compose.yml deleted file mode 100644 index 6f86fa98..00000000 --- a/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/production/docker-compose.yml +++ /dev/null @@ -1,22 +0,0 @@ -version: '3.1' - -services: - - production-nginx-container: - container_name: 'production-nginx-container' - image: nginx:latest - restart: always - ports: - - "80:80" - - "443:443" - volumes: - - ./production.conf:/etc/nginx/conf.d/default.conf - - ./production-site:/usr/share/nginx/html - - ./dh-param/dhparam-2048.pem:/etc/ssl/certs/dhparam-2048.pem - - /docker-volumes/etc/letsencrypt/live/helloayanova.com/fullchain.pem:/etc/letsencrypt/live/helloayanova.com/fullchain.pem - - /docker-volumes/etc/letsencrypt/live/helloayanova.com/privkey.pem:/etc/letsencrypt/live/helloayanova.com/privkey.pem - -networks: - default: - external: - name: docker-network diff --git a/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/production/production-site/index.html b/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/production/production-site/index.html deleted file mode 100644 index 4184f227..00000000 --- a/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/production/production-site/index.html +++ /dev/null @@ -1,13 +0,0 @@ - - - - - HelloAyaNova - - -

Hello AyaNova

-

- Test site -

- - diff --git a/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/production/production.conf b/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/production/production.conf deleted file mode 100644 index c62769a7..00000000 --- a/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/production/production.conf +++ /dev/null @@ -1,142 +0,0 @@ -server { - listen 80; - listen [::]:80; - server_name helloayanova.com www.helloayanova.com; - location ^~ /.well-known/acme-challenge { - root /usr/share/nginx/html; - default_type text/plain; - allow all; - } - location / { - rewrite ^ https://$host$request_uri? permanent; - } -} -#https://helloayanova.com -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name helloayanova.com; - server_tokens off; - ssl_certificate /etc/letsencrypt/live/helloayanova.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/helloayanova.com/privkey.pem; - ssl_buffer_size 8k; - ssl_dhparam /etc/ssl/certs/dhparam-2048.pem; - ssl_protocols TLSv1.2 TLSv1.1 TLSv1; - ssl_prefer_server_ciphers on; - ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; - ssl_ecdh_curve secp384r1; - ssl_session_tickets off; - # OCSP stapling - ssl_stapling on; - ssl_stapling_verify on; - resolver 8.8.8.8; - location ^~ /.well-known/acme-challenge { - root /usr/share/nginx/html; - default_type text/plain; - allow all; - } - return 301 https://www.helloayanova.com$request_uri; -} -#https://www.helloayanova.com -#This is the "web" server for static files outside of AyaNova app server -server { - server_name www.helloayanova.com; - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_tokens off; - ssl on; - ssl_buffer_size 8k; - ssl_dhparam /etc/ssl/certs/dhparam-2048.pem; - ssl_protocols TLSv1.2 TLSv1.1 TLSv1; - ssl_prefer_server_ciphers on; - ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; - ssl_ecdh_curve secp384r1; - ssl_session_tickets off; - # OCSP stapling - ssl_stapling on; - ssl_stapling_verify on; - resolver 8.8.8.8 8.8.4.4; - ssl_certificate /etc/letsencrypt/live/helloayanova.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/helloayanova.com/privkey.pem; - location ^~ /.well-known/acme-challenge { - root /usr/share/nginx/html; - default_type text/plain; - allow all; - } - - - location / { - #security headers - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; - add_header X-XSS-Protection "1; mode=block" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Frame-Options "DENY" always; - #CSP - add_header Content-Security-Policy "frame-src 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com; img-src 'self'; style-src 'self' https://maxcdn.bootstrapcdn.com; font-src 'self' data: https://maxcdn.bootstrapcdn.com; form-action 'self'; upgrade-insecure-requests;" always; - add_header Referrer-Policy "strict-origin-when-cross-origin" always; - } - - - root /usr/share/nginx/html; - index index.html; -} - -#https://v8.helloayanova.com, https://test.helloayanova.com helloayanova -server { - server_name test.helloayanova.com v8.helloayanova.com; - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_tokens off; - ssl on; - ssl_buffer_size 8k; - ssl_dhparam /etc/ssl/certs/dhparam-2048.pem; - ssl_protocols TLSv1.2 TLSv1.1 TLSv1; - ssl_prefer_server_ciphers on; - ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; - ssl_ecdh_curve secp384r1; - ssl_session_tickets off; - # OCSP stapling - ssl_stapling on; - ssl_stapling_verify on; - resolver 8.8.8.8 8.8.4.4; - ssl_certificate /etc/letsencrypt/live/helloayanova.com/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/helloayanova.com/privkey.pem; - location ^~ /.well-known/acme-challenge { - root /usr/share/nginx/html; - default_type text/plain; - allow all; - } - - location / { - #security headers - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; - add_header X-XSS-Protection "1; mode=block" always; - add_header X-Content-Type-Options "nosniff" always; - add_header X-Frame-Options "DENY" always; - - #CSP - #https://developers.google.com/web/fundamentals/security/csp/ - add_header Content-Security-Policy "frame-src 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' https://apis.google.com; img-src 'self' data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com; form-action 'self'; upgrade-insecure-requests;" always; - add_header Referrer-Policy "strict-origin-when-cross-origin" always; - - #This is "ayanova" because it's the docker network and port - proxy_pass http://ayanova:7575; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection ""; - proxy_set_header Host $http_host; - proxy_cache_bypass $http_upgrade; - - #These timeouts are only required for large trial data generation which should be re-coded to start the process and return immediately - #AS of alpha-4 large data generation on D.O. takes 1'04'' so setting these to 3 minutes as a safe margin - - proxy_connect_timeout 180; - proxy_send_timeout 180; - proxy_read_timeout 180; - send_timeout 180; - - - } - - -} diff --git a/dist/docker/linux-x64/restartnginx.sh b/dist/docker/linux-x64/restartnginx.sh deleted file mode 100644 index 66560c61..00000000 --- a/dist/docker/linux-x64/restartnginx.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -cd /docker/letsencrypt-docker-nginx/src/production -docker-compose down -docker-compose up -d -#docker start dock-pg10 dock-pgadmin -#/docker/letsencrypt-docker-nginx/src/production run sudo docker-compose up -d diff --git a/docs/8.0/ayanova/docs/ops-install-linux.md b/docs/8.0/ayanova/docs/ops-install-linux.md index 760fbda8..634093d6 100644 --- a/docs/8.0/ayanova/docs/ops-install-linux.md +++ b/docs/8.0/ayanova/docs/ops-install-linux.md @@ -1,4 +1,12 @@ -# AYANOVA SERVER LINUX INSTALLATION +# AYANOVA LINUX INSTALLATION +single standalone ubuntu desktop + one computer + +server lan ubuntu + local network + +nginx lan ubuntu + internet \ No newline at end of file