This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "signing": { | |
| "profiles": { | |
| "web-servers": { | |
| "usages": [ | |
| "signing", | |
| "key encipherment", | |
| "server auth", | |
| "client auth" | |
| ], | |
| "expiry": "8760h" | |
| } | |
| } | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "CN": "stj.me", | |
| "key": { | |
| "algo": "rsa", | |
| "size": 2048 | |
| }, | |
| "names": [ | |
| { | |
| "C": "US", | |
| "L": "California", | |
| "ST": "San Francisco" | |
| } | |
| ] | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: '3' | |
| services: | |
| nginx: | |
| image: nginx:alpine | |
| # Expose both 80 and 443 | |
| ports: | |
| - 80:80 | |
| - 443:443 | |
| # Mount our config, public CA, and server keys | |
| volumes: | |
| - ./nginx.conf:/etc/nginx/nginx.conf:ro | |
| - ./ca.pem:/var/www/html/ca.pem:ro | |
| - ./server.pem:/etc/certs/server.pem:ro | |
| - ./server-key.pem:/etc/certs/server-key.pem:ro | |
| # This connects the container networks together | |
| depends_on: | |
| - pihole | |
| # For more information on the following configuration, | |
| # checkout https://hub.docker.com/r/pihole/pihole | |
| pihole: | |
| image: pihole/pihole | |
| hostname: pihole | |
| expose: | |
| - 80 | |
| ports: | |
| # DNS ports | |
| - 53:53/tcp | |
| - 53:53/udp | |
| dns: | |
| # Local first | |
| - 127.0.0.1 | |
| # Cloudflare next | |
| - 1.1.1.1 | |
| environment: | |
| ServerIP: "127.0.0.1" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| docker: ca.pem server.pem server-key.pem | |
| docker-compose up | |
| ca.pem ca-key.pem: | |
| cfssl gencert \ | |
| -initca ca-csr.json | cfssljson -bare ca | |
| server.pem server-key.pem: | |
| cfssl gencert \ | |
| -ca=ca.pem \ | |
| -ca-key=ca-key.pem \ | |
| -config=ca-config.json \ | |
| -profile=web-servers \ | |
| server-csr.json | cfssljson -bare server | |
| clean: | |
| rm *.pem *.csr |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http { | |
| # Serve the root certificate for client installation | |
| server { | |
| listen 80 default_server; | |
| listen [::]:80 default_server; | |
| server_name _; | |
| root /var/www/html; | |
| # Redirect to the ca.pem file | |
| location / { | |
| return 301 /ca.pem; | |
| } | |
| # Filename matters here, otherwise iOS will not recognize it | |
| location /ca.pem {} | |
| } | |
| # Redirect pi-hole http traffic to https | |
| server { | |
| listen 80; | |
| listen [::]:80; | |
| server_name pihole.stj.me; | |
| return 301 https://$host$request_uri; | |
| } | |
| # Proxy pihole container over https | |
| server { | |
| listen 443 ssl default_server; | |
| listen [::]:443 ssl default_server; | |
| server_name pihole.stj.me; | |
| # Use the certificates we made | |
| ssl_certificate /etc/certs/server.pem; | |
| ssl_certificate_key /etc/certs/server-key.pem; | |
| # Proxy all requests to the pihole docker container | |
| location / { | |
| proxy_pass http://pihole; | |
| proxy_set_header Host $host; | |
| proxy_http_version 1.1; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_buffering off; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection "upgrade"; | |
| } | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "CN": "pihole", | |
| "hosts": [ | |
| "pihole.stj.me" | |
| ], | |
| "key": { | |
| "algo": "rsa", | |
| "size": 2048 | |
| }, | |
| "names": [ | |
| { | |
| "C": "US", | |
| "L": "CA", | |
| "ST": "San Francisco" | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment