Skip to content
This repository has been archived by the owner on Jul 27, 2018. It is now read-only.

Use isso with SSL #10

Open
Zagur opened this issue Jun 22, 2018 · 3 comments
Open

Use isso with SSL #10

Zagur opened this issue Jun 22, 2018 · 3 comments

Comments

@Zagur
Copy link

Zagur commented Jun 22, 2018
edited
Loading

I have created a configuration for NGINX and can create a certificate with SSL.

`server {
listen 80;
server_name isso.domain.cc;

location /.well-known/ {
            root /var/www/www/isso;
    }

location / {
    proxy_set_header   X-Real-IP $remote_addr;
    proxy_set_header   Host      $host;
    proxy_pass         http://127.0.0.1:8080;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/isso.domain.cc/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/isso.domain.cc/privkey.pem; # managed by Certbot
    ssl_session_cache shared:le_nginx_SSL:1m; # managed by Certbot
    ssl_session_timeout 1440m; # managed by Certbot

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # managed by Certbot
    ssl_prefer_server_ciphers on; # managed by Certbot

    ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA"; # managed by Certbot

}`

Then, when deploying with docker the image I can not access through HTTPS.

docker run -d --restart=always --name isso -p 8080:8080 -v /home/isso/data:/data -e ISSO_HOST="https://isso.domain.cc" sheogorath/isso-docker

Any ideas?
@SISheogorath
Copy link
Owner

SISheogorath commented Jun 22, 2018
edited
Loading

Probably because the port in isso is 80 not 8080 :D

So your docker command should look like: docker run -d --restart=always --name isso -p 127.0.0.1:8080:80 -v /home/isso/data:/data -e ISSO_HOST="https://isso.domain.cc" sheogorath/isso-docker

Apart from that, please notice that I switched this image away from GitHub and Docker Hub to Octo.sh and Quay.io.

@Zagur
Copy link
Author

Zagur commented Jun 23, 2018

Oh shit! Now it works! Sorry.

I'm using the new repository now, but I have a doubt: When I try to use ISSO with SSL, I get an error in Firefox "Access-Control-Allow-Origin". I have been modifying the configuration of NGINX but I can not find a solution. Any idea?

@SISheogorath
Copy link
Owner

For ISSO_NAME and ISSO_HOST you should use your blog's domain. (blog.example.com)

This is the template I used to run my (disabled comments now and use a static blog)

https://octo.sh/Sheogorath/ansible-infrastructure/blob/master/roles/ghost/templates/docker-compose.yml#L27-47

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Zagur @SISheogorath