From 1fbb656d14a38acaf644564e14ad43b4629b0c55 Mon Sep 17 00:00:00 2001
From: Mike Phares <mike.phares@infineon.com>
Date: Mon, 14 Nov 2022 19:02:36 -0700
Subject: [PATCH] ssl

---
 .gitignore                     |  2 ++
 conf/includes/code-server.conf | 25 +++++++++++++++++++++++
 conf/includes/default.conf     |  8 ++++++++
 conf/includes/json.conf        |  7 ++++++-
 conf/includes/localhost.conf   | 36 ++++++++++++++++++++++++++++++++++
 conf/nginx.conf                | 12 +++++++++---
 6 files changed, 86 insertions(+), 4 deletions(-)
 create mode 100644 .gitignore
 create mode 100644 conf/includes/code-server.conf
 create mode 100644 conf/includes/default.conf
 create mode 100644 conf/includes/localhost.conf

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..78e7043
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+conf/includes/localhost.crt
+conf/includes/localhost.key
\ No newline at end of file
diff --git a/conf/includes/code-server.conf b/conf/includes/code-server.conf
new file mode 100644
index 0000000..42cd670
--- /dev/null
+++ b/conf/includes/code-server.conf
@@ -0,0 +1,25 @@
+server {
+    server_name phares3757.ddns.net;
+    location / {
+        proxy_pass http://localhost:8007/;
+        proxy_set_header Host $host;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection upgrade;
+        proxy_set_header Accept-Encoding gzip;
+    }
+    listen [::]:443 ssl ipv6only=on; # managed by Certbot
+    listen 443 ssl; # managed by Certbot
+    ssl_certificate /etc/letsencrypt/live/phares3757.ddns.net/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/phares3757.ddns.net/privkey.pem; # managed by Certbot
+    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+}
+server {
+    if ($host = phares3757.ddns.net) {
+        return 301 https://$host$request_uri;
+        } # managed by Certbot
+    listen 80;
+    listen [::]:80;
+    server_name phares3757.ddns.net;
+    return 404; # managed by Certbot
+}
\ No newline at end of file
diff --git a/conf/includes/default.conf b/conf/includes/default.conf
new file mode 100644
index 0000000..c6b4fe2
--- /dev/null
+++ b/conf/includes/default.conf
@@ -0,0 +1,8 @@
+server {
+    listen 8008 default_server;
+    listen [::]:8008 default_server;
+    ## Trun on /cgi-bin/ support to run CGI apps ##
+    include /etc/nginx/fcgiwrap.conf;
+    root /var/www/html;
+    server_name _;
+}
diff --git a/conf/includes/json.conf b/conf/includes/json.conf
index d801e61..8dc037f 100644
--- a/conf/includes/json.conf
+++ b/conf/includes/json.conf
@@ -1,13 +1,18 @@
-# location ~ /admin(.*)/$ {
 location ~* .(3gp|apng|avi|avif|bmp|css|cur|flv|gif|htm|html|ico|jfif|jpeg|jpg|js|mid|mov|mp3|mp4|mpeg|mpg|ogg|pdf|php|pjp|pjpeg|png|svg|tif|tiff|txt|wav|webp|wmf|wml|wmv|xml|xml)$ {
     expires 1d;
     index index.html index.htm;
+    # ln -s /etc/nginx/sites-available/json /etc/nginx/sites-enabled/
+    # ln -s /srv/samba/share/637998119172547651 /var/www/html/637998119172547651
+    # ln -s /var/www/html/NGINdeX.io /var/www/html/637998119172547651/NGINdeX.io
+    # ln -s /srv/git /var/www/html/637998119172547651/git
+    # root /var/www/html/637998119172547651;
     # mklink /J "D:\Tmp\Phares\www\pictures" "D:\Documents\Pictures"
     # mklink /J "D:\Tmp\Phares\www\NGINdeX.io" "L:\GitHub\NGINdeX.io"
     root "D://Tmp//phares//www";
 }
 location / {
     index index.html index.htm;
+    # root /var/www/html/637998119172547651;
     # mklink /J "D:\Tmp\Phares\www\pictures" "D:\Documents\Pictures"
     # mklink /J "D:\Tmp\Phares\www\NGINdeX.io" "L:\GitHub\NGINdeX.io"
     root "D://Tmp//phares//www";
diff --git a/conf/includes/localhost.conf b/conf/includes/localhost.conf
new file mode 100644
index 0000000..b733e71
--- /dev/null
+++ b/conf/includes/localhost.conf
@@ -0,0 +1,36 @@
+[req]
+default_bits       = 2048
+default_keyfile    = localhost.key
+distinguished_name = req_distinguished_name
+req_extensions     = req_ext
+x509_extensions    = v3_ca
+
+[req_distinguished_name]
+countryName                 = Country Name (2 letter code)
+countryName_default         = US
+stateOrProvinceName         = State or Province Name (full name)
+stateOrProvinceName_default = Arizona
+localityName                = Locality Name (eg, city)
+localityName_default        = Mesa
+organizationName            = Organization Name (eg, company)
+organizationName_default    = localhost
+organizationalUnitName      = organizationalunit
+organizationalUnitName_default = Development
+commonName                  = Common Name (e.g. server FQDN or YOUR name)
+commonName_default          = localhost
+commonName_max              = 64
+
+[req_ext]
+subjectAltName = @alt_names
+
+[v3_ca]
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1   = localhost
+DNS.2   = 127.0.0.1
+
+# https://webscoot.io/blog/create-self-signed-certificate-ubuntu-windows-nginx/
+# cd "C:\Program Files\Git\usr\bin"
+# openssl
+# req -x509 -nodes -days 365 -newkey rsa:2048 -keyout L:\Git\NGINX-Conf\conf\includes\localhost.key -out L:\Git\NGINX-Conf\conf\includes\localhost.crt -config L:\Git\NGINX-Conf\conf\includes\localhost.conf
diff --git a/conf/nginx.conf b/conf/nginx.conf
index 257981d..b875486 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -8,9 +8,15 @@ http {
     sendfile on;
     keepalive_timeout 65;
     server {
-        listen 5050;
+        listen 80;
+        listen 443 ssl http2;
+        listen [::]:443 ssl http2;
         server_name localhost;
-        include "includes/html.conf";
+        ssl_certificate "includes/localhost.crt";
+        ssl_certificate_key "includes/localhost.key";
+        ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
+        # include "includes/html.conf";
+        include "includes/BaGet.conf";
         error_page 500 502 503 504 /50x.html;
         include "includes/html-error.conf";
     }
@@ -54,7 +60,7 @@ http {
         include "includes/EAF-Viewer.Server.conf";
     }
 }
-# mklink /J "C:\Users\phares\AppData\Local\IFXApps\nginx-1.20.1\conf" "L:\Git\NGINX-Conf\conf"
+# mklink /J "C:\Users\mikep\AppData\Local\PharesApps\nginx-1.20.1\conf" "L:\Git\NGINX-Conf\conf"
 # cd "C:\Users\ECMESEAF\AppData\Local\IFXApps\nginx-1.20.1"
 # .\nginx -t
 # .\nginx -s reload