From 1426d7816a47f2bde3ba6f90d81dfc9ad56989d9 Mon Sep 17 00:00:00 2001
From: Joerg Lehmann <joerg.lehmann@nbit.ch>
Date: Tue, 10 Aug 2021 14:43:53 +0200
Subject: [PATCH] nbit-websites ready to run...

---
 nbit-websites/docker-compose.yml   | 14 +++++++++++++-
 proxy/configuration/tls-config.yml | 13 +++++++++++++
 proxy/docker-compose.yml           | 11 +++--------
 3 files changed, 29 insertions(+), 9 deletions(-)
 create mode 100644 proxy/configuration/tls-config.yml

diff --git a/nbit-websites/docker-compose.yml b/nbit-websites/docker-compose.yml
index 2d12015..bfb9086 100644
--- a/nbit-websites/docker-compose.yml
+++ b/nbit-websites/docker-compose.yml
@@ -3,13 +3,25 @@ version: "3.5"
 services:
 
   simpleservice:
-    image: "traefik/whoami"
+    image: traefik/whoami
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.whoami2.rule=Host(`moby.nbit.ch`) && Path(`/whoami2`)"
       - "traefik.http.routers.whoami2.entrypoints=websecure"
       - "traefik.http.routers.whoami2.tls.certresolver=myresolver"
 
+  nbitwebsite:
+    image: "nginx:latest"
+    volumes:
+      - /home/joerg/nbit-website/document_root:/usr/share/nginx/html
+    labels:
+      - "traefik.enable=true"
+      - "traefik.http.routers.nbitwebsite.rule=Host(`nbit.ch`,`www.nbit.ch`)"
+      - "traefik.http.routers.nbitwebsite.entrypoints=websecure"
+      - "traefik.http.routers.nbitwebsite.tls.certresolver=myresolver"
+      - "traefik.http.routers.nbitwebsite.tls.domains[0].main=nbit.ch"
+      - "traefik.http.routers.nbitwebsite.tls.domains[0].sans=www.nbit.ch"
+
 networks:
   default:
     external: true
diff --git a/proxy/configuration/tls-config.yml b/proxy/configuration/tls-config.yml
new file mode 100644
index 0000000..799659f
--- /dev/null
+++ b/proxy/configuration/tls-config.yml
@@ -0,0 +1,13 @@
+tls:
+  options:
+    default:
+      minVersion: VersionTLS12
+      cipherSuites:
+       - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+       - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+       - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+       - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+       - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+       - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
+    tlsv13only:
+      minVersion: VersionTLS13
diff --git a/proxy/docker-compose.yml b/proxy/docker-compose.yml
index 45b682b..4a1717a 100644
--- a/proxy/docker-compose.yml
+++ b/proxy/docker-compose.yml
@@ -17,6 +17,8 @@ services:
       #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
       - "--certificatesresolvers.myresolver.acme.email=postmaster@nbit.ch"
       - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
+      - "--providers.file.directory=/configuration/"
+      - "--providers.file.watch=true"
     ports:
       - "80:80"
       - "443:443"
@@ -24,14 +26,7 @@ services:
     volumes:
       - "/var/run/docker.sock:/var/run/docker.sock:ro"
       - "data-volume:/letsencrypt"
-
-  simpleservice:
-    image: "traefik/whoami"
-    labels:
-      - "traefik.enable=true"
-      - "traefik.http.routers.whoami.rule=Host(`moby.nbit.ch`) && Path(`/whoami`)"
-      - "traefik.http.routers.whoami.entrypoints=websecure"
-      - "traefik.http.routers.whoami.tls.certresolver=myresolver"
+      - "./configuration/:/configuration/"
 
 volumes:
   data-volume: