Kissaki@programming.dev
on 15 Apr 2025 14:59
nextcollapse
That’s interesting and cool.
Let’s encrypt is an exceptional success story.
Bishma@discuss.tchncs.de
on 15 Apr 2025 15:12
nextcollapse
Hopefully the fact that OTF (and by extension LetsEncrypt) just lost a ton of funding doesn’t turn this into a giant clusterfuck.
alexdeathway@programming.dev
on 15 Apr 2025 15:33
collapse
Automating the ssl certificate for my django project in docker is still one of my greatest feat, So, I can understand the frustration of managing multiple services.
sabreW4K3@lazysoci.al
on 15 Apr 2025 17:30
collapse
Tell me more please
alexdeathway@programming.dev
on 23 May 16:38
collapse
Hey, I was busy with some issues, so I wasn’t able to be active in online spaces. I’m sharing the final tailored draft I documented for my personal use. Please let me know if something doesn’t seem to be on point or needs explanation.
I will also attach the workflow image if possible.
for dev and prod we have different configuration which is used depending on the environment.
threaded - newest
That’s interesting and cool.
Let’s encrypt is an exceptional success story.
Hopefully the fact that OTF (and by extension LetsEncrypt) just lost a ton of funding doesn’t turn this into a giant clusterfuck.
Automating the ssl certificate for my django project in docker is still one of my greatest feat, So, I can understand the frustration of managing multiple services.
Tell me more please
Hey, I was busy with some issues, so I wasn’t able to be active in online spaces. I’m sharing the final tailored draft I documented for my personal use. Please let me know if something doesn’t seem to be on point or needs explanation.
I will also attach the workflow image if possible.
for dev and prod we have different configuration which is used depending on the environment.
for dev
#for dev server { listen 80; server_name localhost; client_max_body_size 10M; location /.well-known/acme-challenge/ { root /vol/www/; } location / { proxy_pass http://django:8000/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } location /static/ { alias /app/static/; } location /media/ { alias /app/media/; } }for prod we use configuration
#for prod server{ listen 80; server_name _; return 444; } server{ listen 443; server_name _; ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem; return 444; } server { listen 80; server_name ${DOMAIN} www.${DOMAIN}; client_max_body_size 10M; location /.well-known/acme-challenge/ { root /vol/www/; } location / { return 301 https://$host$request_uri; } } server { listen 443 ssl; server_name ${DOMAIN} www.${DOMAIN}; client_max_body_size 10M; ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; add_header Referrer-Policy "no-referrer"; location / { <