fixed : removed semicolon

dockerized/first-level-nginx/certs/reterup_bundle_cert.pem

@@ -0,0 +1,51 @@
+-----BEGIN CERTIFICATE-----
+MIIEoDCCA4igAwIBAgIUaKFdbeWJZJZL8wTBpD2DwN+JVkUwDQYJKoZIhvcNAQEL
+BQAwgYsxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTQw
+MgYDVQQLEytDbG91ZEZsYXJlIE9yaWdpbiBTU0wgQ2VydGlmaWNhdGUgQXV0aG9y
+aXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlh
+MB4XDTI1MDMxMDEzMjIwMFoXDTQwMDMwNjEzMjIwMFowYjEZMBcGA1UEChMQQ2xv
+dWRGbGFyZSwgSW5jLjEdMBsGA1UECxMUQ2xvdWRGbGFyZSBPcmlnaW4gQ0ExJjAk
+BgNVBAMTHUNsb3VkRmxhcmUgT3JpZ2luIENlcnRpZmljYXRlMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmRQ0ujY0sOsuOosqTURUSXeesuU2ZmPTecJ
+BmtYRD6z2+0u/eryHke1J8+P8pK7EGV3/TVKCcxJr0NHZiMmysEJKszx5WLDWJgc
+ct7uPWlb/Fsk+uep+WXJQwln1rpn2owu9fC8Umk7jvc7S9X3AbrpAjQg0e1oMwQY
+OgrbqyWzxjN0KAx3+wNLwBOJt49FZrfL8IqoNu8Fd67kKVJgcw8e+kmRxIOVqJ6M
+/GDW4PLsZInfhvcUnd1hbryaXjuIUL7+brV/h4O7AKVp2q8Y8HSsqSbBqlnCBJzw
+HhhDJM0huacEmMWOAp95oXkNXcUhOq5XdlxbdYiCz5GLg/4OUwIDAQABo4IBIjCC
+AR4wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQnBKifvPJehekEum2O83LhMDsirDAf
+BgNVHSMEGDAWgBQk6FNXXXw0QIep65TbuuEWePwppDBABggrBgEFBQcBAQQ0MDIw
+MAYIKwYBBQUHMAGGJGh0dHA6Ly9vY3NwLmNsb3VkZmxhcmUuY29tL29yaWdpbl9j
+YTAjBgNVHREEHDAaggwqLnJldGVydXAuaXSCCnJldGVydXAuaXQwOAYDVR0fBDEw
+LzAtoCugKYYnaHR0cDovL2NybC5jbG91ZGZsYXJlLmNvbS9vcmlnaW5fY2EuY3Js
+MA0GCSqGSIb3DQEBCwUAA4IBAQByz/7GAw13STwG/WdMCG7Pek2F3HPbsIDzvrQT
+0eplFnec/xJCXF8Kb3wI2bQdSSOrFjPzI3a+pDJzxRFIfNWWTVLwcK2ET2jRV6/S
+CZWrd9WOZ7Xd4V+irXyvKBOXiHbC35wk6vmTOUbT8BhBMiNRzWnF/bekeLRUPVPD
+7en6zC/0/YXLyLogq/Cexr6MZj+oLHKA4hnKzcGQR5quLQPGfyF+YcVecbj3D8iM
+VzmKMvIVtH38xfYjCvOHU9+ipl6MpqEjFw94ZRYzzZ5fpe/ObogvDMm4Igd/JiiJ
+N/Kv2dPxeeMbJu4WEfjw2WeEJYaIBNy+tPB7gEUB2tLv7Ce1
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIID+rOSdTGfGcwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNV
+BAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTQwMgYDVQQLEytDbG91
+ZEZsYXJlIE9yaWdpbiBTU0wgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQH
+Ew1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMB4XDTE5MDgyMzIx
+MDgwMFoXDTI5MDgxNTE3MDAwMFowgYsxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBD
+bG91ZEZsYXJlLCBJbmMuMTQwMgYDVQQLEytDbG91ZEZsYXJlIE9yaWdpbiBTU0wg
+Q2VydGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMw
+EQYDVQQIEwpDYWxpZm9ybmlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAwEiVZ/UoQpHmFsHvk5isBxRehukP8DG9JhFev3WZtG76WoTthvLJFRKFCHXm
+V6Z5/66Z4S09mgsUuFwvJzMnE6Ej6yIsYNCb9r9QORa8BdhrkNn6kdTly3mdnykb
+OomnwbUfLlExVgNdlP0XoRoeMwbQ4598foiHblO2B/LKuNfJzAMfS7oZe34b+vLB
+yrP/1bgCSLdc1AxQc1AC0EsQQhgcyTJNgnG4va1c7ogPlwKyhbDyZ4e59N5lbYPJ
+SmXI/cAe3jXj1FBLJZkwnoDKe0v13xeF+nF32smSH0qB7aJX2tBMW4TWtFPmzs5I
+lwrFSySWAdwYdgxw180yKU0dvwIDAQABo2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYD
+VR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQUJOhTV118NECHqeuU27rhFnj8KaQw
+HwYDVR0jBBgwFoAUJOhTV118NECHqeuU27rhFnj8KaQwDQYJKoZIhvcNAQELBQAD
+ggEBAHwOf9Ur1l0Ar5vFE6PNrZWrDfQIMyEfdgSKofCdTckbqXNTiXdgbHs+TWoQ
+wAB0pfJDAHJDXOTCWRyTeXOseeOi5Btj5CnEuw3P0oXqdqevM1/+uWp0CM35zgZ8
+VD4aITxity0djzE6Qnx3Syzz+ZkoBgTnNum7d9A66/V636x4vTeqbZFBr9erJzgz
+hhurjcoacvRNhnjtDRM0dPeiCJ50CP3wEYuvUzDHUaowOsnLCjQIkWbR7Ni6KEIk
+MOz2U0OBSif3FTkhCgZWQKOOLo1P42jHC3ssUZAtVNXrCk3fw9/E15k8NPkBazZ6
+0iykLhH1trywrKRMVw67F44IE8Y=
+-----END CERTIFICATE-----

dockerized/first-level-nginx/configs/node.conf

@@ -18,6 +18,9 @@ http {
         server swarm1w4.sselab.ddns.net;
     }
 
+    upstream rup_cluster {
+        server rup1.sselab.ddns.net;
+    }
 
     #TODO manage certs
     # server {
@@ -38,17 +41,60 @@ http {
 
 
     # Optional server block for HTTP to HTTPS redirection
-    server {
-        listen 80;  # Listen on port 80 for HTTP
-        server_name *.sw1.sselab.ddns.net;
+    # server {
+    #     listen 80;  # Listen on port 80 for HTTP
+    #     server_name *.sw1.sselab.ddns.net;
 
         
-        location / {
-            # Redirect all HTTP traffic to HTTPS
-            # TODO requires https
-            # return 301 https://$host$request_uri;
+    #     location / {
+    #         # Redirect all HTTP traffic to HTTPS
+    #         # TODO requires https
+    #         # return 301 https://$host$request_uri;
 
-            proxy_pass http://swarm1_cluster;
+    #         proxy_pass http://swarm1_cluster;
+    #         proxy_http_version 1.1;
+    #         proxy_set_header Upgrade $http_upgrade;
+    #         proxy_set_header Connection 'upgrade';
+    #         proxy_set_header Host $host;
+    #         proxy_cache_bypass $http_upgrade;
+    #         proxy_set_header X-Real-IP $remote_addr;
+    #         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    #     }
+    # }
+
+
+    # server {
+    #     listen 80;
+    #     server_name *.sw1.hassallab.it;
+
+    #     location / {
+    #         # Redirect all HTTP traffic to HTTPS
+    #         # TODO requires https
+    #         # return 301 https://$host$request_uri;
+
+    #         proxy_pass http://swarm1_cluster;
+    #         proxy_http_version 1.1;
+    #         proxy_set_header Upgrade $http_upgrade;
+    #         proxy_set_header Connection 'upgrade';
+    #         proxy_set_header Host $host;
+    #         proxy_cache_bypass $http_upgrade;
+    #         proxy_set_header X-Real-IP $remote_addr;
+    #         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    #     }
+    # }
+
+
+    server {
+        listen 443 ssl;
+        server_name cloud.reterup.it *.cloud.reterup.it;
+
+        ssl_certificate /etc/nginx/reterup-bundle.pem;
+        ssl_certificate_key /etc/nginx/reterup-privkey.pem;
+
+        location /{
+
+            #Redirect to simple_app
+            proxy_pass http://rup_cluster;
             proxy_http_version 1.1;
             proxy_set_header Upgrade $http_upgrade;
             proxy_set_header Connection 'upgrade';
@@ -56,39 +102,28 @@ http {
             proxy_cache_bypass $http_upgrade;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+
+            proxy_redirect http:// https://;
         }
+
     }
 
-
-    server {
+    #static landing page for sselab.ddns.net / hassallab.it
+   server {
         listen 80;
-        server_name *.sw1.hassallab.it;
-
-        location / {
-            # Redirect all HTTP traffic to HTTPS
-            # TODO requires https
-            # return 301 https://$host$request_uri;
-
-            proxy_pass http://swarm1_cluster;
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection 'upgrade';
-            proxy_set_header Host $host;
-            proxy_cache_bypass $http_upgrade;
-            proxy_set_header X-Real-IP $remote_addr;
-            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        }
-    }
-
-
-    #Default Catch-all serving
-    server {
-        listen 80 default_server;
-        server_name _;
+        server_name sselab.ddns.net *.sselab.ddns.net hassallab.it *.hassallab.it;
         root /var/www/default;
 
         location /{
             try_files  $uri /$uri /index.html;
         }
+   }
+
+
+    #Default Catch-all redirects to https
+    server {
+        listen 80 default_server;
+        server_name _;
+        return 301 https://$host$request_uri;
     }
 }

dockerized/first-level-nginx/swarmed/compose.yaml

@@ -29,9 +29,20 @@ services:
           target: /etc/nginx/nginx.conf
         - source: nginx_static
           target: /var/www/default/index.html
+      secrets:
+        - source: reterup_bundle_cert
+          target: /etc/nginx/reterup-bundle.pem
+        - source: reterup_key
+          target: /etc/nginx/reterup-privkey.pem
 
 configs:
   nginx_conf:
     file: ../configs/node.conf
   nginx_static:
     file: ../content/index.html
+
+secrets:
+  reterup_bundle_cert:
+    file: ../certs/reterup_bundle_cert.pem
+  reterup_key:
+    file: ../certs/reterup-privkey.pem

dockerized/nextcloud-aio/Caddyfile

@@ -0,0 +1,9 @@
+https://cloud.reterup.it:443 {
+
+    tls /root/certs/cert.pem /root/certs/privkey.pem {
+        ca_root /root/certs/origin_ca_rsa_root.pem
+    }
+
+    header Strict-Transport-Security max-age=31536000;
+    reverse_proxy localhost:11000
+}

dockerized/nextcloud-aio/certs/cert.pem

@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEoDCCA4igAwIBAgIUaKFdbeWJZJZL8wTBpD2DwN+JVkUwDQYJKoZIhvcNAQEL
+BQAwgYsxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTQw
+MgYDVQQLEytDbG91ZEZsYXJlIE9yaWdpbiBTU0wgQ2VydGlmaWNhdGUgQXV0aG9y
+aXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlh
+MB4XDTI1MDMxMDEzMjIwMFoXDTQwMDMwNjEzMjIwMFowYjEZMBcGA1UEChMQQ2xv
+dWRGbGFyZSwgSW5jLjEdMBsGA1UECxMUQ2xvdWRGbGFyZSBPcmlnaW4gQ0ExJjAk
+BgNVBAMTHUNsb3VkRmxhcmUgT3JpZ2luIENlcnRpZmljYXRlMIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmRQ0ujY0sOsuOosqTURUSXeesuU2ZmPTecJ
+BmtYRD6z2+0u/eryHke1J8+P8pK7EGV3/TVKCcxJr0NHZiMmysEJKszx5WLDWJgc
+ct7uPWlb/Fsk+uep+WXJQwln1rpn2owu9fC8Umk7jvc7S9X3AbrpAjQg0e1oMwQY
+OgrbqyWzxjN0KAx3+wNLwBOJt49FZrfL8IqoNu8Fd67kKVJgcw8e+kmRxIOVqJ6M
+/GDW4PLsZInfhvcUnd1hbryaXjuIUL7+brV/h4O7AKVp2q8Y8HSsqSbBqlnCBJzw
+HhhDJM0huacEmMWOAp95oXkNXcUhOq5XdlxbdYiCz5GLg/4OUwIDAQABo4IBIjCC
+AR4wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
+ATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQnBKifvPJehekEum2O83LhMDsirDAf
+BgNVHSMEGDAWgBQk6FNXXXw0QIep65TbuuEWePwppDBABggrBgEFBQcBAQQ0MDIw
+MAYIKwYBBQUHMAGGJGh0dHA6Ly9vY3NwLmNsb3VkZmxhcmUuY29tL29yaWdpbl9j
+YTAjBgNVHREEHDAaggwqLnJldGVydXAuaXSCCnJldGVydXAuaXQwOAYDVR0fBDEw
+LzAtoCugKYYnaHR0cDovL2NybC5jbG91ZGZsYXJlLmNvbS9vcmlnaW5fY2EuY3Js
+MA0GCSqGSIb3DQEBCwUAA4IBAQByz/7GAw13STwG/WdMCG7Pek2F3HPbsIDzvrQT
+0eplFnec/xJCXF8Kb3wI2bQdSSOrFjPzI3a+pDJzxRFIfNWWTVLwcK2ET2jRV6/S
+CZWrd9WOZ7Xd4V+irXyvKBOXiHbC35wk6vmTOUbT8BhBMiNRzWnF/bekeLRUPVPD
+7en6zC/0/YXLyLogq/Cexr6MZj+oLHKA4hnKzcGQR5quLQPGfyF+YcVecbj3D8iM
+VzmKMvIVtH38xfYjCvOHU9+ipl6MpqEjFw94ZRYzzZ5fpe/ObogvDMm4Igd/JiiJ
+N/Kv2dPxeeMbJu4WEfjw2WeEJYaIBNy+tPB7gEUB2tLv7Ce1
+-----END CERTIFICATE-----

dockerized/nextcloud-aio/certs/origin_ca_rsa_root.pem

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEADCCAuigAwIBAgIID+rOSdTGfGcwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNV
+BAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTQwMgYDVQQLEytDbG91
+ZEZsYXJlIE9yaWdpbiBTU0wgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQH
+Ew1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMB4XDTE5MDgyMzIx
+MDgwMFoXDTI5MDgxNTE3MDAwMFowgYsxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBD
+bG91ZEZsYXJlLCBJbmMuMTQwMgYDVQQLEytDbG91ZEZsYXJlIE9yaWdpbiBTU0wg
+Q2VydGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMw
+EQYDVQQIEwpDYWxpZm9ybmlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+AQEAwEiVZ/UoQpHmFsHvk5isBxRehukP8DG9JhFev3WZtG76WoTthvLJFRKFCHXm
+V6Z5/66Z4S09mgsUuFwvJzMnE6Ej6yIsYNCb9r9QORa8BdhrkNn6kdTly3mdnykb
+OomnwbUfLlExVgNdlP0XoRoeMwbQ4598foiHblO2B/LKuNfJzAMfS7oZe34b+vLB
+yrP/1bgCSLdc1AxQc1AC0EsQQhgcyTJNgnG4va1c7ogPlwKyhbDyZ4e59N5lbYPJ
+SmXI/cAe3jXj1FBLJZkwnoDKe0v13xeF+nF32smSH0qB7aJX2tBMW4TWtFPmzs5I
+lwrFSySWAdwYdgxw180yKU0dvwIDAQABo2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYD
+VR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQUJOhTV118NECHqeuU27rhFnj8KaQw
+HwYDVR0jBBgwFoAUJOhTV118NECHqeuU27rhFnj8KaQwDQYJKoZIhvcNAQELBQAD
+ggEBAHwOf9Ur1l0Ar5vFE6PNrZWrDfQIMyEfdgSKofCdTckbqXNTiXdgbHs+TWoQ
+wAB0pfJDAHJDXOTCWRyTeXOseeOi5Btj5CnEuw3P0oXqdqevM1/+uWp0CM35zgZ8
+VD4aITxity0djzE6Qnx3Syzz+ZkoBgTnNum7d9A66/V636x4vTeqbZFBr9erJzgz
+hhurjcoacvRNhnjtDRM0dPeiCJ50CP3wEYuvUzDHUaowOsnLCjQIkWbR7Ni6KEIk
+MOz2U0OBSif3FTkhCgZWQKOOLo1P42jHC3ssUZAtVNXrCk3fw9/E15k8NPkBazZ6
+0iykLhH1trywrKRMVw67F44IE8Y=
+-----END CERTIFICATE-----

dockerized/nextcloud-aio/compose.yaml

@@ -9,7 +9,7 @@ services:
     container_name: caddy
     volumes:
       - ./Caddyfile:/etc/caddy/Caddyfile
-      - ./certs:/certs
+      - ./certs:/root/certs
       - ./config:/config
       - ./data:/data
       - ./sites:/srv