Add dev web platform and dev webapp

docker/conf/applications/dev.reports.c2a-systeme.fr.conf

@@ -0,0 +1,64 @@
+# http://nginx.org/en/docs/http/websocket.html
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    '' close;
+}
+
+# http server
+server {
+    listen       80;
+    listen       [::]:80;
+
+    server_name  dev.reports.c2a-systeme.fr;
+
+    location / {
+        # redirect everything to HTTPS
+        return 301 https://$host$request_uri;
+    }
+}
+
+# https server
+server {
+    server_name  dev.reports.c2a-systeme.fr;
+    listen       443 http2;
+    listen       [::]:443 http2;
+
+    ssl                  on;
+    ssl_certificate      /etc/letsencrypt/live/dev.reports.c2a-systeme.fr/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/dev.reports.c2a-systeme.fr/privkey.pem;
+    ssl_session_timeout  10m;
+    ssl_session_cache shared:SSL:50m;
+
+    # Enable server-side protection against BEAST attacks
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don't use SSLv3 ref: POODLE
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
+        
+    # RFC-7919 recommended: https://wiki.mozilla.org/Security/Server_Side_TLS#ffdhe4096
+    ssl_dhparam /etc/ssl/ffdhe4096.pem;
+    ssl_ecdh_curve secp521r1:secp384r1;
+
+    # Enable OCSP stapling 
+    # ref. http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    ssl_trusted_certificate /etc/letsencrypt/live/dev.reports.c2a-systeme.fr/fullchain.pem;
+    resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s; # Cloudflare
+    resolver_timeout 5s;
+
+    auth_basic "Restricted";
+    auth_basic_user_file /etc/nginx/.htpasswd;
+
+    root /var/www/html/c2a-web-app-dev;
+    index index.html;
+
+    # Required for LE certificate enrollment using certbot
+    location '/.well-known/acme-challenge' {
+        default_type "text/plain";
+        root /var/www/html;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.html =404;
+    }
+}

docker/conf/applications/dev.www.c2a-systeme.fr.conf

@@ -0,0 +1,64 @@
+# http://nginx.org/en/docs/http/websocket.html
+map $http_upgrade $connection_upgrade {
+    default upgrade;
+    '' close;
+}
+
+# http server
+server {
+    listen       80;
+    listen       [::]:80;
+
+    server_name  dev.www.c2a-systeme.fr;
+
+    location / {
+        # redirect everything to HTTPS
+        return 301 https://$host$request_uri;
+    }
+}
+
+# https server
+server {
+    server_name  dev.www.c2a-systeme.fr;
+    listen       443 http2;
+    listen       [::]:443 http2;
+
+    ssl                  on;
+    ssl_certificate      /etc/letsencrypt/live/dev.www.c2a-systeme.fr/fullchain.pem;
+    ssl_certificate_key  /etc/letsencrypt/live/dev.www.c2a-systeme.fr/privkey.pem;
+    ssl_session_timeout  10m;
+    ssl_session_cache shared:SSL:50m;
+
+    # Enable server-side protection against BEAST attacks
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # don't use SSLv3 ref: POODLE
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384";
+        
+    # RFC-7919 recommended: https://wiki.mozilla.org/Security/Server_Side_TLS#ffdhe4096
+    ssl_dhparam /etc/ssl/ffdhe4096.pem;
+    ssl_ecdh_curve secp521r1:secp384r1;
+
+    # Enable OCSP stapling 
+    # ref. http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox
+    ssl_stapling on;
+    ssl_stapling_verify on;
+    ssl_trusted_certificate /etc/letsencrypt/live/dev.www.c2a-systeme.fr/fullchain.pem;
+    resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s; # Cloudflare
+    resolver_timeout 5s;
+
+    auth_basic "Restricted";
+    auth_basic_user_file /etc/nginx/.htpasswd;
+
+    root /var/www/html/c2a-web-platform-dev;
+    index index.html;
+
+    # Required for LE certificate enrollment using certbot
+    location '/.well-known/acme-challenge' {
+        default_type "text/plain";
+        root /var/www/html;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.html =404;
+    }
+}

docker/install-nginx.sh

@@ -8,7 +8,9 @@ certbot certonly --manual --preferred-challenges=dns --email mathieu.sanchez@out
 certbot certonly --manual --preferred-challenges=dns --email mathieu.sanchez@outlook.fr -i nginx -d dev.api.c2a-systeme.fr
 certbot certonly --manual --preferred-challenges=dns --email mathieu.sanchez@outlook.fr -i nginx -d reports.c2a-systeme.fr
 certbot certonly --manual --preferred-challenges=dns --email mathieu.sanchez@outlook.fr -i nginx -d jenkins.c2a-systeme.fr
+certbot certonly --manual --preferred-challenges=dns --email mathieu.sanchez@outlook.fr -i nginx -d dev.www.c2a-systeme.fr
 certbot certonly --manual --preferred-challenges=dns --email mathieu.sanchez@outlook.fr -i nginx -d portainer.c2a-systeme.fr
+certbot certonly --manual --preferred-challenges=dns --email mathieu.sanchez@outlook.fr -i nginx -d dev.reports.c2a-systeme.fr
 
 cp ./docker/conf/nginx.conf /etc/nginx/
 cp ./docker/conf/mime.types /etc/nginx/

install.sh

@@ -9,7 +9,8 @@ apt-get install -y \
     curl \
     gnupg2 \
     software-properties-common \
-    htop
+    htop \
+    apache2-utils
 curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
 apt-key fingerprint 0EBFCD88
 add-apt-repository \