:recycle: cleaned-up some scripts | adjusted nginx configs

docker-compose.yml

@@ -2,7 +2,7 @@ version: '3'
 
 services:
     nginx:
-	container_name: "nginx-proxy"
+        container_name: "nginx-proxy"
         build:
             context: .
             dockerfile: ./nginx/Dockerfile

kill_production.sh

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 ### Stops and removes the nginx proxy
-docker stop production_nginx_1 && docker rm production_nginx_1
+docker stop nginx-proxy && docker rm nginx-proxy
 
 ### Stops and removes the nodejs app container
-# docker stop production_nodejs_1 && docker rm production_nodejs_1
+# docker stop production_nodejs_1 && docker rm production_nodejs_1

nginx/configs/default.conf

@@ -13,17 +13,7 @@ server {
 
     server_name freehand.com www.freehand.com;
     
-    index index.html index.html index.php;
-
-    location / {
-        proxy_set_header    Host                 $host;
-        proxy_set_header    X-Real-IP            $remote_addr;
-        proxy_set_header    X-Forwarded-For      $proxy_add_x_forwarded_for;
-        proxy_set_header    X-Forwarded-Proto    $scheme;
-
-        proxy_pass         http://freehand;
-        proxy_redirect     off;
-    }
+    return 301 https://$host$request_uri;
 }
 ### SSL Stuff
 server {
@@ -39,15 +29,25 @@ server {
     index index.html index.htm index.php index.nginx-debian.html;
 
     location / {
-        proxy_set_header        Host              $host;
-        proxy_set_header        X-Real-IP         $remote_addr;
-        proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;
-        proxy_set_header        X-Forwarded-Proto $scheme;
-        proxy_set_header        Accept-Encoding   "";
-        proxy_set_header        Proxy             "";
-
-        proxy_pass          http://freehand;
-        proxy_redirect      off;
+	#blocks blank user_agents
+        if ($http_user_agent = "") { return  301 $scheme://www.google.com/; }
+
+        proxy_set_header        Host                $host;
+        proxy_set_header        X-Forwarded-Host    $host;
+        proxy_set_header        X-Forwarded-Server  $host;
+        proxy_set_header        X-Forwarded-Proto   $scheme;
+        proxy_set_header        X-Real-IP           $remote_addr;
+        proxy_set_header        X-Forwarded-For     $proxy_add_x_forwarded_for;
+        proxy_set_header        Accept-Encoding     "";
+        proxy_set_header        Proxy               "";
+
+        proxy_pass_request_headers   on;
+        proxy_pass                   http://freehand;
+        proxy_redirect               off;
+
+        proxy_connect_timeout   300;
+        proxy_send_timeout      300;
+        proxy_read_timeout      300;
     }
 
     location ~/\.ht {
@@ -63,22 +63,8 @@ server {
 
     server_name craftinamerica.org www.craftinamerica.org;
     
-    # return 302 https://$host$request_uri;
-    
-    # WP
-    index index.html index.htm index.php index.nginx-debian.html;
-
-    location / {
-        proxy_set_header    Host                 $host;
-        proxy_set_header    X-Real-IP            $remote_addr;
-        proxy_set_header    X-Forwarded-For      $proxy_add_x_forwarded_for;
-        proxy_set_header    X-Forwarded-Proto    $scheme;
-
-        proxy_pass          http://craft;
-        proxy_redirect      off;
-    }
+    return 301 https://$host$request_uri;
 }
-
 ### SSL Stuff
 server {
     listen 443 ssl http2;
@@ -93,6 +79,9 @@ server {
     index index.html index.htm index.php index.nginx-debian.html;
 
     location / {
+        #blocks blank user_agents
+        if ($http_user_agent = "") { return  301 $scheme://www.google.com/; }
+
         proxy_set_header        Host              $host;
         proxy_set_header        X-Real-IP         $remote_addr;
         proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;

nginx/configs/nginx.conf

@@ -14,7 +14,7 @@ http {
     include       /etc/nginx/mime.types;
     default_type  application/octet-stream;
     
-    client_max_body_size 8M;
+    client_max_body_size 16M;
 
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                       '$status $body_bytes_sent "$http_referer" '

rebuild_production.sh

@@ -1,2 +1,2 @@
 #!/bin/sh
-docker-compose build --no-cache && docker-compose up
+docker-compose build --no-cache && docker-compose up -d

renew_keys.sh

@@ -1,15 +1,15 @@
 #!/bin/bash
 
-docker stop production_nginx_1
+docker stop nginx-proxy
 
 ### Get new keys
 sudo certbot renew
 
 ### Remove the old keys
-rm /proxy/nginx/keys/letsencrypt/old/letsencrypt*
+rm /proxy/nginx/keys/old/letsencrypt*
 
-### Deprecate and back up the current keys
-mv /opt/proxy/nginx/keys/letsencrypt* /opt/proxy/nginx/keys/old
+### Deprecate and back-up the current keys
+mv /opt/proxy/nginx/keys/letsencrypt* /opt/proxy/nginx/keys/old/
 
 ### Copy over the new keys
 sudo cat /etc/letsencrypt/live/craftinamerica.org/fullchain.pem > /opt/proxy/nginx/keys/letsencrypt.crt
@@ -17,4 +17,4 @@ sudo cat /etc/letsencrypt/live/craftinamerica.org/privkey.pem > /opt/proxy/nginx
 sudo cat /etc/letsencrypt/live/freehand.com/fullchain.pem > /opt/proxy/nginx/keys/letsencrypt-freehand.crt
 sudo cat /etc/letsencrypt/live/freehand.com/privkey.pem > /opt/proxy/nginx/keys/letsencrypt-freehand.key
 
-echo "RUN the ./rebuild.sh script now to move over the newly generated keys and restart the container"
+echo "RUN the ./rebuild_production.sh script now to move over the newly generated keys and restart the container"