2021-12-07 19:51:31 +00:00
parent e20cc7396a
commit d9c505a2f5
9 changed files with 9 additions and 237 deletions
--- a/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/letsencrypt/docker-compose.yml
+++ b/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/letsencrypt/docker-compose.yml
@@ -1,18 +0,0 @@
 version: '3.1'
 services:
  letsencrypt-nginx-container:
    container_name: 'letsencrypt-nginx-container'
    image: nginx:latest
    ports:
      - "80:80"
    volumes:
      - ./nginx.conf:/etc/nginx/conf.d/default.conf
      - ./letsencrypt-site:/usr/share/nginx/html
    networks:
      - docker-network
 networks:
  docker-network:
    driver: bridge
--- a/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/letsencrypt/letsencrypt-site/index.html
+++ b/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/letsencrypt/letsencrypt-site/index.html
@@ -1,14 +0,0 @@
 <!DOCTYPE html>
 <html>
 <head>
    <meta charset="utf-8" />
    <title>Let's Encrypt First Time Cert Issue Site</title>
 </head>
 <body>
    <h1>Hello world</h1>
    <p>
        This is the temporary site that will only be used for the very first time SSL certificates are issued by Let's Encrypt's
        certbot.
    </p>
 </body>
 </html>
--- a/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/letsencrypt/nginx.conf
+++ b/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/letsencrypt/nginx.conf
@@ -1,13 +0,0 @@
 server {
    listen 80;
    listen [::]:80;
    server_name helloayanova.com www.helloayanova.com v8.helloayanova.com test.helloayanova.com;
    location ~ /.well-known/acme-challenge {
        allow all;
        root /usr/share/nginx/html;
    }
    root /usr/share/nginx/html;
    index index.html;
 }
--- a/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/production/dh-param/dhparam-2048.pem
+++ b/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/production/dh-param/dhparam-2048.pem
@@ -1,8 +0,0 @@
 -----BEGIN DH PARAMETERS-----
 MIIBCAKCAQEA2wcsrWmfQbGC0V8eW14YPtYA1jt2dNeqV6B7Z/w0GnrwjL+xuYhG
 LzDhQuJvhEsDFCd//roBXWOFOZdAR0otkcxaQ+AaP0z/0UsC8NWGnM1G6q4fBju/
 y9e+dqjybyHIX10FtTj/gKV8lBcWJIw7cMmlAShj6xfd1zPPehNswLiRrWHusL/E
 5GkV/x4U76KbViqqTqrV5J6dmnxaNk4s8AphGvqeu/UrewjVf8C+fl6hljICUayJ
 WzHd5Ss/CASPRk91nnhcP9r3XZNyuPkyxmJrlZVElsC94T5Chnth+uix4TpBV/2P
 0Ax8sCLPVlw9Op7Bu7fJ+QJ5gbVk9n93mwIBAg==
 -----END DH PARAMETERS-----
--- a/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/production/docker-compose.yml
+++ b/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/production/docker-compose.yml
@@ -1,22 +0,0 @@
 version: '3.1'
 services:
  production-nginx-container:
    container_name: 'production-nginx-container'
    image: nginx:latest
    restart: always
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./production.conf:/etc/nginx/conf.d/default.conf
      - ./production-site:/usr/share/nginx/html
      - ./dh-param/dhparam-2048.pem:/etc/ssl/certs/dhparam-2048.pem
      - /docker-volumes/etc/letsencrypt/live/helloayanova.com/fullchain.pem:/etc/letsencrypt/live/helloayanova.com/fullchain.pem
      - /docker-volumes/etc/letsencrypt/live/helloayanova.com/privkey.pem:/etc/letsencrypt/live/helloayanova.com/privkey.pem
 networks:
  default:
    external:
      name: docker-network
--- a/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/production/production-site/index.html
+++ b/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/production/production-site/index.html
@@ -1,13 +0,0 @@
 <!DOCTYPE html>
 <html>
 <head>
    <meta charset="utf-8" />
    <title>HelloAyaNova</title>
 </head>
 <body>
    <h1>Hello AyaNova</h1>
    <p>
        Test site
    </p>
 </body>
 </html>
--- a/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/production/production.conf
+++ b/dist/docker/linux-x64/host/docker-nginx-ayanova-sample-config/production/production.conf
@@ -1,142 +0,0 @@
 server {
    listen 80;
    listen [::]:80;
    server_name helloayanova.com www.helloayanova.com;
    location ^~ /.well-known/acme-challenge {
        root /usr/share/nginx/html;
        default_type text/plain;
        allow all;
    }
    location / {
        rewrite ^ https://$host$request_uri? permanent;
    }
 }
 #https://helloayanova.com
 server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name helloayanova.com;
    server_tokens off;
    ssl_certificate /etc/letsencrypt/live/helloayanova.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/helloayanova.com/privkey.pem;
    ssl_buffer_size 8k;
    ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;
    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
    ssl_ecdh_curve secp384r1;
    ssl_session_tickets off;
    # OCSP stapling
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8;
    location ^~ /.well-known/acme-challenge {
        root /usr/share/nginx/html;
        default_type text/plain;
        allow all;
    }
    return 301 https://www.helloayanova.com$request_uri;
 }
 #https://www.helloayanova.com
 #This is the "web" server for static files outside of AyaNova app server
 server {
    server_name www.helloayanova.com;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_tokens off;
    ssl on;
    ssl_buffer_size 8k;
    ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;
    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
    ssl_ecdh_curve secp384r1;
    ssl_session_tickets off;
    # OCSP stapling
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8 8.8.4.4;
    ssl_certificate /etc/letsencrypt/live/helloayanova.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/helloayanova.com/privkey.pem;
    location ^~ /.well-known/acme-challenge {
        root /usr/share/nginx/html;
        default_type text/plain;
        allow all;
    }
    location / {
        #security headers
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-Frame-Options "DENY" always;
        #CSP
        add_header Content-Security-Policy "frame-src 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com https://ajax.googleapis.com; img-src 'self'; style-src 'self' https://maxcdn.bootstrapcdn.com; font-src 'self' data: https://maxcdn.bootstrapcdn.com; form-action 'self'; upgrade-insecure-requests;" always;
        add_header Referrer-Policy "strict-origin-when-cross-origin" always;
   }
    root /usr/share/nginx/html;
    index index.html;
 }
 #https://v8.helloayanova.com, https://test.helloayanova.com   helloayanova
 server {
    server_name test.helloayanova.com v8.helloayanova.com;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_tokens off;
    ssl on;
    ssl_buffer_size 8k;
    ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;
    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
    ssl_ecdh_curve secp384r1;
    ssl_session_tickets off;
    # OCSP stapling
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8 8.8.4.4;
    ssl_certificate /etc/letsencrypt/live/helloayanova.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/helloayanova.com/privkey.pem;
    location ^~ /.well-known/acme-challenge {
        root /usr/share/nginx/html;
        default_type text/plain;
        allow all;
    }
    location / {
        #security headers
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
        add_header X-Frame-Options "DENY" always;
        #CSP
        #https://developers.google.com/web/fundamentals/security/csp/
        add_header Content-Security-Policy "frame-src 'self'; default-src 'self'; script-src 'self' 'unsafe-inline' https://apis.google.com; img-src 'self' data:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://fonts.googleapis.com/ https://fonts.gstatic.com; form-action 'self'; upgrade-insecure-requests;" always;
        add_header Referrer-Policy "strict-origin-when-cross-origin" always;
        #This is "ayanova" because it's the docker network and port
        proxy_pass http://ayanova:7575;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "";
        proxy_set_header Host $http_host;
        proxy_cache_bypass $http_upgrade;
 	#These timeouts are only required for large trial data generation which should be re-coded to start the process and return immediately
 	#AS of alpha-4 large data generation on D.O. takes 1'04'' so setting these to 3 minutes as a safe margin
 	proxy_connect_timeout       180;
 	proxy_send_timeout          180;
 	proxy_read_timeout          180;
 	send_timeout                180;
   }
 }
--- a/dist/docker/linux-x64/restartnginx.sh
+++ b/dist/docker/linux-x64/restartnginx.sh
@@ -1,6 +0,0 @@
 #!/bin/bash
 cd /docker/letsencrypt-docker-nginx/src/production 
 docker-compose down
 docker-compose up -d
 #docker start dock-pg10 dock-pgadmin
 #/docker/letsencrypt-docker-nginx/src/production run sudo docker-compose up -d
--- a/docs/8.0/ayanova/docs/ops-install-linux.md
+++ b/docs/8.0/ayanova/docs/ops-install-linux.md
@@ -1,4 +1,12 @@
-# AYANOVA SERVER LINUX INSTALLATION
+# AYANOVA LINUX INSTALLATION
 single standalone ubuntu desktop
    one computer
 server lan ubuntu
    local network
 nginx lan ubuntu
    internet