Merge pull request #48 from Hugo-C/fix-netdata-lets-encrypt-certificate

Fix Netdata let's encrypt certificate

docker-compose-LE.yml

@@ -4,7 +4,7 @@ services:
 
   letsencrypt:
     image: certbot/certbot:latest
-    command: sh -c "certbot certonly --standalone -d jarm.online --text --agree-tos --email [email protected] --server https://acme-v02.api.letsencrypt.org/directory --rsa-key-size 4096 --verbose --keep-until-expiring --preferred-challenges=http && chown -R 1001:1001 /etc/letsencrypt/ && chmod -R 755 /etc/letsencrypt/"
+    command: sh -c "certbot certonly --standalone -d jarm.online -d netdata.jarm.online --text --agree-tos --email [email protected] --server https://acme-v02.api.letsencrypt.org/directory --rsa-key-size 4096 --verbose --keep-until-expiring --preferred-challenges=http && chown -R 1001:1001 /etc/letsencrypt/ && chmod -R 755 /etc/letsencrypt/"
     entrypoint: ""
     volumes:
       - "letsencrypt:/etc/letsencrypt"

jarm_online_gui/nginx.conf.prod

@@ -97,8 +97,17 @@ http {
     ssl_protocols TLSv1.3 TLSv1.2;
     ssl_prefer_server_ciphers on;
     add_header   Strict-Transport-Security "max-age=63072000" always;
-    ssl_certificate        /etc/nginx/ssl/www.hugocjarm.software.pem;
-    ssl_certificate_key    /etc/nginx/ssl/www.hugocjarm.software.key;
+    ssl_certificate       /etc/letsencrypt/live/jarm.online/fullchain.pem;
+    ssl_certificate_key   /etc/letsencrypt/live/jarm.online/privkey.pem;
+
+    location /.well-known/acme-challenge {
+        resolver 127.0.0.11 valid=30s;
+        set $upstream letsencrypt;
+        proxy_pass http://$upstream:80;
+        proxy_set_header Host            $host;
+        proxy_set_header X-Forwarded-For $remote_addr;
+        proxy_set_header X-Forwarded-Proto https;
+    }
 
     location / {
         limit_req zone=mylimit burst=25 delay=10;