master
Jeff Moe 5 years ago
parent 3ae771680e
commit 06b35047ed

@ -15,3 +15,60 @@ ssh -N -C -L 8153:localhost:8153 gocd
# On workstation, go to: # On workstation, go to:
# http://127.0.0.1:8153/ # http://127.0.0.1:8153/
# See: https://docs.gocd.org/current/configuration/dev_authentication.html
# Configure to set up admin user (before opening to public)
# http://127.0.0.1:8153/go/admin/security/auth_configs
# Create a new authorization configuration
# Name it "forksand" for Id.
# Plugin: Password File Authentication Plugin
# Password file path: /etc/go/password.properties
# No:
touch /etc/go/password.properties
chown go:go /etc/go/password.properties
# meh, use apache utils for password, but use nginx for proxy
apt install apache2-utils
# Create password:
htpasswd -B /etc/go/password.properties jebba
# Then login again with new user created above:
# http://127.0.0.1:8153/
# Go here:
# http://127.0.0.1:8153/go/admin/users
# And enable the new user as an admin
# Set up reverse proxy like:
# https://docs.gocd.org/current/installation/configure-reverse-proxy.html
# Set up nginx
apt install nginx
# Note, install barfs because it tries to set up IPv6 by default
# Edit this file and remove the line after:
vim /etc/nginx/sites-available/default
listen [::]:80 default_server;
# Then run to finish nginx install:
apt -f install
# Open up firewall ports on main firewall and iptables.
# Set up certbot:
apt install python3-certbot-nginx
certbot \
--authenticator standalone \
--installer nginx \
-d gocd.forksand.com \
--email letsencrypt@forksand.com \
--pre-hook "systemctl stop nginx" \
--post-hook "systemctl start nginx"
# Make sure all is good, if so, set up nginx as proxy.
# Disks
# Check here:
# /var/lib/go-server/
# /var/lib/go-server/artifacts

@ -0,0 +1,47 @@
server {
server_name gocd.forksand.com;
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name gocd.forksand.com; # managed by Certbot
location / {
# try_files $uri $uri/ =404;
# Proxy everything over to the GoCD server
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass http://localhost:8153/;
# To be able to upload artifacts larger than default size of 1mb, ensure that you set this up to a large value.
# setting to `0` will disable checking for body size.
# See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size
client_max_body_size 10000m;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/gocd.forksand.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/gocd.forksand.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
if ($host = gocd.forksand.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
server_name gocd.forksand.com;
return 404; # managed by Certbot
}
Loading…
Cancel
Save