added params for multiple domains

nginx/Dockerfile

@@ -1,7 +1,7 @@
 FROM nginx
 
 ### Copy files from the temp build
-COPY ./nginx/temp/index.html /opt/<CHANGE_ME>/public/index.html
+COPY ./nginx/temp/index.html /opt/app/public/index.html
 
 ### Setup SSL
 RUN mkdir -p /etc/ssl/private && chmod 700 /etc/ssl/private
@@ -10,12 +10,17 @@ RUN mkdir -p /etc/ssl/certs && chmod 700 /etc/ssl/certs
 ### Copy the SSL Certificate and Key
 COPY ./nginx/keys/letsencrypt.key /etc/ssl/private/letsencrypt.key
 COPY ./nginx/keys/letsencrypt.crt /etc/ssl/certs/letsencrypt.crt
+COPY ./nginx/keys/letsencrypt-freehand.key /etc/ssl/private/letsencrypt-freehand.key
+COPY ./nginx/keys/letsencrypt-freehand.crt /etc/ssl/certs/letsencrypt-freehand.crt
+
 
 ### Configure Nginx to Use SSL
 RUN mkdir -p /etc/nginx/snippets
 COPY ./nginx/configs/letsencrypt.conf /etc/nginx/snippets/letsencrypt.conf
 COPY ./nginx/configs/ssl-params.conf /etc/nginx/snippets/ssl-params.conf
+COPY ./nginx/configs/letsencrypt-freehand.conf /etc/nginx/snippets/letsencrypt-freehand.conf
+COPY ./nginx/configs/ssl-params-freehand.conf /etc/nginx/snippets/ssl-params-freehand.conf
 
 ### Move over the nginx.conf and default.config server configs
 COPY ./nginx/configs/default.conf /etc/nginx/conf.d/default.conf
-COPY ./nginx/configs/nginx.conf /etc/nginx/nginx.conf
+COPY ./nginx/configs/nginx.conf /etc/nginx/nginx.conf

nginx/configs/default.conf

@@ -1,29 +1,80 @@
 # Upstream sites for proxy-ing
-upstream wp {
-     server <CHANGE_ME>:8082;
+upstream craft {
+    server 138.68.233.29:8080;
+}
+upstream freehand {
+    server 138.68.233.29:8082;
 }
 
-### Redirect regular traffic to SSL
+### FREEHAND ###
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name freehand.com www.freehand.com;
+    
+    index index.html index.html index.php;
+
+    location / {
+        proxy_set_header    Host                 $host;
+        proxy_set_header    X-Real-IP            $remote_addr;
+        proxy_set_header    X-Forwarded-For      $proxy_add_x_forwarded_for;
+        proxy_set_header    X-Forwarded-Proto    $scheme;
+
+        proxy_pass         http://freehand;
+        proxy_redirect     off;
+    }
+}
+### SSL Stuff
 server {
-    listen 80 default_server;
-    listen [::]:80 default_server;
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
 
-    server_name <CHANGE_ME> www.<CHANGE_ME>;
+    server_name freehand.com www.freehand.com;
 
-    # return 301 https://$host$request_uri;
+    include snippets/letsencrypt-freehand.conf;
+    include snippets/ssl-params-freehand.conf;
 
-    # root /opt/app/public/;
-    # WP Test
     root /var/www/html;
     index index.html index.htm index.php index.nginx-debian.html;
 
+    location / {
+        proxy_set_header        Host              $host;
+        proxy_set_header        X-Real-IP         $remote_addr;
+        proxy_set_header        X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header        X-Forwarded-Proto $scheme;
+        proxy_set_header        Accept-Encoding   "";
+        proxy_set_header        Proxy             "";
+
+        proxy_pass          http://freehand;
+        proxy_redirect      off;
+    }
+
+    location ~/\.ht {
+        deny all;
+    }
+}
+
+### CRAFT IN AMERICA ###
+### Redirect regular traffic to SSL
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name craftinamerica.org www.craftinamerica.org;
+    
+    # return 302 https://$host$request_uri;
+    
+    # WP
+    index index.html index.htm index.php index.nginx-debian.html;
+
     location / {
         proxy_set_header    Host                 $host;
         proxy_set_header    X-Real-IP            $remote_addr;
         proxy_set_header    X-Forwarded-For      $proxy_add_x_forwarded_for;
         proxy_set_header    X-Forwarded-Proto    $scheme;
 
-        proxy_pass          http://wp;
+        proxy_pass          http://craft;
         proxy_redirect      off;
     }
 }
@@ -33,7 +84,7 @@ server {
     listen 443 ssl http2;
     listen [::]:443 ssl http2;
 
-    server_name <CHANGE_ME> www.<CHANGE_ME>;
+    server_name craftinamerica.org www.craftinamerica.org;
 
     include snippets/letsencrypt.conf;
     include snippets/ssl-params.conf;
@@ -41,10 +92,6 @@ server {
     root /var/www/html;
     index index.html index.htm index.php index.nginx-debian.html;
 
-    # location / {
-    #    try_files $uri $uri/ /index.php;
-    # }
-
     location / {
         proxy_set_header        Host              $host;
         proxy_set_header        X-Real-IP         $remote_addr;
@@ -53,11 +100,11 @@ server {
         proxy_set_header        Accept-Encoding   "";
         proxy_set_header        Proxy             "";
 
-        proxy_pass          http://wp;
+        proxy_pass          http://craft;
         proxy_redirect      off;
     }
 
     location ~/\.ht {
         deny all;
     }
-}
+}

nginx/configs/letsencrypt-freehand.conf

@@ -0,0 +1,2 @@
+ssl_certificate /etc/ssl/certs/letsencrypt-freehand.crt;
+ssl_certificate_key /etc/ssl/private/letsencrypt-freehand.key;

nginx/configs/nginx.conf

@@ -13,6 +13,8 @@ events {
 http {
     include       /etc/nginx/mime.types;
     default_type  application/octet-stream;
+    
+    client_max_body_size 8M;
 
     log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                       '$status $body_bytes_sent "$http_referer" '
@@ -25,8 +27,16 @@ http {
 
     keepalive_timeout  65;
 
-    #gzip  on;
-
+    gzip  on;
+    gzip_vary on;
+    gzip_min_length 10240;
+    gzip_proxied expired no-cache no-store private auth;
+    gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
+    gzip_disable "MSIE [1-6]\.";
+    
+    # Enable ngx_http_gzip_static_module for serving compressed files when possible.
+    gzip_static on;
+ 
     # Bring over default server config
     include /etc/nginx/conf.d/default.conf;
-}
+}

nginx/configs/ssl-params-freehand.conf

@@ -0,0 +1,21 @@
+# from https://cipherli.st/
+# and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
+
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ssl_prefer_server_ciphers on;
+ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+ssl_ecdh_curve secp384r1;
+ssl_session_cache shared:SSL:10m;
+ssl_session_tickets off;
+ssl_stapling on;
+ssl_stapling_verify on;
+resolver 8.8.8.8 8.8.4.4 valid=300s;
+resolver_timeout 5s;
+# Disable preloading HSTS for now.  You can use the commented out header line that includes
+# the "preload" directive if you understand the implications.
+#add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
+add_header Strict-Transport-Security "max-age=63072000; includeSubdomains";
+add_header X-Frame-Options DENY;
+add_header X-Content-Type-Options nosniff;
+
+# ssl_dhparam /etc/ssl/certs/dhparam.pem;

nginx/keys/letsencrypt-freehand.crt

@@ -0,0 +1,58 @@
+-----BEGIN CERTIFICATE-----
+MIIFYTCCBEmgAwIBAgISAxJMYRLwhiqyGvCcOFKn4DtxMA0GCSqGSIb3DQEBCwUA
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA2MjUyMjUyMzJaFw0x
+OTA5MjMyMjUyMzJaMBcxFTATBgNVBAMTDGZyZWVoYW5kLmNvbTCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAM1DOZUvV7kgraqzY0g9YW0vVz6zRLyssqV/
+VKIIumjEek9MB8q2qTjHdnrAiL9eWMkYCQb/xsShbtf1YxHZMl/rbJaptN2jGxh8
+f2YJkMlhiYiV0m8dR5SLi0kjbeqC28XuenBiduvcvfO9uv3zAAW/MH0CpxTt7dtq
+V1pJLYnDdR1aqAEmOV9fLxLYKDhVLTsZV4troM4TEyhLAZgNoazcGhIPXK2g9kQ8
+ENUIRJApVZlGLoGr4KTIZIqDhwWaCcpSfF9oOVPnv7nNLVDn6DJkP/zsD2LEkeJa
+L7ZEgA8E7N+2abQRscgrakll/KYh+fuR6tcLTS4JE1uPQ3+uClMCAwEAAaOCAnIw
+ggJuMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
+AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUeHRKcp9eARJ6UEMM7vSRIlv08vUw
+HwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUHAQEEYzBh
+MC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
+MC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
+LzApBgNVHREEIjAgggxmcmVlaGFuZC5jb22CEHd3dy5mcmVlaGFuZC5jb20wTAYD
+VR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYa
+aHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHx
+AO8AdgBj8tvN6DvMLM8LcoQnV2szpI1hd4+9daY4scdoVEvYjQAAAWuRDioPAAAE
+AwBHMEUCIQCL1wDJkafkw5uogoNi8o6nAjXpZcgCSll3UB1S5gDPFQIgZII28iP1
+/8KX4WnyYvJ/ehojbIduebji944H7QPkVAYAdQB0ftqDMa0zEJEhnM4lT0Jwwr/9
+XkIgCMY3NXnmEHvMVgAAAWuRDiwQAAAEAwBGMEQCIBkNlK4+EK9FObn7loy4Qxki
+J464c69zz+3bwxWP0WB8AiBTZmfLx5QqPmfl//HUwKAI/IrnAHhskQVp4i3aD6gI
+dTANBgkqhkiG9w0BAQsFAAOCAQEAaUNTu9mY2Exq3JwbFXXVxebrJq04/7UKaQWq
+g+JchKIcG9/AHTyNRVd9knnwDna/oidjX/tN5b0x2ckKifQNbR674aRQu9XpY/MT
+siyb0uvAu1+utX6GkYOgVw47FI1dPHjGWQZSqswCpf4FqbwmQuXokhRPeNjYy+3f
+6BwtAzVJVYCK6+UVgP3WSGdb2MEB235yHkWHgmsrIERSxKjajG1RM8OoC12G4+N+
+1VduykUXhxiO/foefEs4DfLjWspybyHVdnbzLmt/95Ox8aVyvx2UOoFO8bSbCTBF
+PAasUO2BTJO79okCKsvfRBFih7wVFF1/IjcQ9T/EfD2nC9kuxg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+-----END CERTIFICATE-----

nginx/keys/letsencrypt-freehand.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDNQzmVL1e5IK2q
+s2NIPWFtL1c+s0S8rLKlf1SiCLpoxHpPTAfKtqk4x3Z6wIi/XljJGAkG/8bEoW7X
+9WMR2TJf62yWqbTdoxsYfH9mCZDJYYmIldJvHUeUi4tJI23qgtvF7npwYnbr3L3z
+vbr98wAFvzB9AqcU7e3baldaSS2Jw3UdWqgBJjlfXy8S2Cg4VS07GVeLa6DOExMo
+SwGYDaGs3BoSD1ytoPZEPBDVCESQKVWZRi6Bq+CkyGSKg4cFmgnKUnxfaDlT57+5
+zS1Q5+gyZD/87A9ixJHiWi+2RIAPBOzftmm0EbHIK2pJZfymIfn7kerXC00uCRNb
+j0N/rgpTAgMBAAECggEAI2KtcJyCwPVzOvRF71Q1kX8RyUtaVDRpb8JtsqlSiXEl
+rLnstfObZKBuOmcqq+L152TvWXeKqqcx1qUE+TS6THLne2myNmtB5oy/4bVQcocQ
+EK3TYzhm+KK91lP3RPBeNtcP4IP5AFxDmttgexsDK/pzv3lPmHoUATlp6bSn1xG9
+8h5ypsWy/hwEhNusI5WFjuaQCjsIycCZxwkzUM5JXl9P2ZSUdCdith6jO4WTumdB
+D5LnpBM86SEyBj15q3HY0ppaHEcQ5+o4MneO6WoLiO66QNCnE3cTIsWC4juFLbcc
+FIGx1Ri/Ay+MuoNqBwcXqTagSlSmjhQELeYC9ihwIQKBgQDsWG5f0OXAq/SO6JGV
+YgU4i8uhjKx/hhEDV+HVQg7PpxvYLcb/E/ibc3wBG4uh2rqJVkgOw7ZAm5M4Jc/j
+9bwKNZv9IYsiM1cf2zISx6l9IrqtR3HhowxiaseSTGFiY7tTl7uRiwiUlFjA8C+n
+OVvro7/wrF+kFQB8HJ5Sb0qhqQKBgQDeVRHg1htckBdRP0Di4pnjdFeo1cFIPJoR
+dCrDPnBtlVj5IvKIdEYtSESV0PFvughv7j/OpXfM+5wnjqHIp6W1KLGtXGGSmIp1
+b8OhvgRvb1J9pYFAMMiq3u2HtlQ+CxUrticFgWRhrdnS263HbzIIWqsySy/344uw
+cciLRsiBmwKBgQC6j4NwtuDlGddOB18D3//nBtKSjwyLDTTYwsJNKHuwhmSAXII8
+T3Nqodo8tZWfCZ09U5JFtU9j6GppY8+aThtEo9SiF5xQPt6DEu+Py3OKh6N7rG3E
+goQAG/G1Ff25QKhZ7+frlygKwJ7ejbnP8oMQmo2kWSyVxM5BKgX/ZEIxIQKBgQCE
+AEHzGWt5U1tks4dUrXDsaGC7Lt3og4J9pljVPrcFeMwwbp1Mgqw/qk5+HGWcDfmA
+axWbHQa5vxEBM1++gDqUCisjYFvV65cZDlg6KVT8zD1Pt/m7ILujJ2QjVQ9DHtVc
+9HLKg/4TOGLBHAhbBhvQdfR6kcVTCdgf1A5bEpVszQKBgF5V2aasXAl5DgRNOsBt
+VuJ6300374vHEvYGqFlbIBzS6qK2OM247nCyqPQSntEsIsEnp+KHMk1+9yVx3+mA
+cY1X7FUq3F8sD52AlgkZmVb7zfYz0J5aNgbk4xLGtqXsioZgM4+ctVADTnS6OrQf
+lBNJePtUlg7M6ha5qrSKgDyi
+-----END PRIVATE KEY-----

nginx/keys/letsencrypt.crt

@@ -0,0 +1,59 @@
+-----BEGIN CERTIFICATE-----
+MIIFdTCCBF2gAwIBAgISA8NRckyZRR/TV3Fulgn1RZqpMA0GCSqGSIb3DQEBCwUA
+MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
+ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xOTA0MTYxODEwMTNaFw0x
+OTA3MTUxODEwMTNaMB0xGzAZBgNVBAMTEmNyYWZ0aW5hbWVyaWNhLm9yZzCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM02zEKd4AN5D+ghHZT3aAtz9Xix
+AlpQSmgP7pBzNBU25awFk49Le64Qy0Yr1iP8o7UkZKWzoXngMEBwBaL4GrkkeeH4
+1XOiSZLPDLxmj3scXdNMFgcvy/HkEDqOsTb/KdV48DmxaavsKLzRJIPHMJ/7d2Cx
+WjgDetIxldYV2fQneZC/omhTNmQe4pgWaCl13P1wMu8RxDkDjXh/JMycXsGxupm6
+Y7CT6IpOVMo3eeHgyHb6NDlaEvD5zfFjN5tksVfn2jt57fc9etYXFiZSjGBZF62p
+XxnsHLvJmS/YEA6qVW8IJzlSu5zZqM3ITwkhbYaA4NTt4S1Ethw7UGEVhWMCAwEA
+AaOCAoAwggJ8MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYI
+KwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUHkZ5qvH65w4t5KAeAtyJ
+vzAJWq4wHwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUH
+AQEEYzBhMC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5
+cHQub3JnMC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5
+cHQub3JnLzA1BgNVHREELjAsghJjcmFmdGluYW1lcmljYS5vcmeCFnd3dy5jcmFm
+dGluYW1lcmljYS5vcmcwTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMB
+AQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEF
+BgorBgEEAdZ5AgQCBIH2BIHzAPEAdwB0ftqDMa0zEJEhnM4lT0Jwwr/9XkIgCMY3
+NXnmEHvMVgAAAWonjonZAAAEAwBIMEYCIQC+PZ/IzwA6TPiur3zxyb51cF3ytqxZ
+fL7t6XCwTw6Y1wIhAOisGcWYd6qcrS7T+CBls1JuLBkkylPKV+5x3xQ6hL/rAHYA
+Y/Lbzeg7zCzPC3KEJ1drM6SNYXePvXWmOLHHaFRL2I0AAAFqJ46IVAAABAMARzBF
+AiBHFUVEfHO7HQD38/97JUtkwCX12tXJJIC984B/KliymwIhAP0U9N3I1vi2sdzH
+md3G7EnsXFrFt2jEIo2VjKW7tlfiMA0GCSqGSIb3DQEBCwUAA4IBAQCGyhm6ivmY
+iNXU+Xj5wQ3dM4B6KGpnCqtuNsg+K1bQ/Ew6pQLWoV/vpDf0cO+G0TGMukYEJk1c
+tqalZ5Vrxk6TBuqSk6Hw2gdM7H8alzLGVTBpVLFfhM1lC92Qc+qZAFCWSaSNym3h
+JZH2iPUPS6p/LVG7YewCCEF0mkFddQApLEgUDHpeldbzgwRPR9u/UYSQYsWyguoF
+Y/T87XFcvR1FIbFDk69cqcJMT1IwtmxX+jN3AVYA05wZqbCPpjPDJsNZB9oN9i4k
+jg9R3SLZ5lBqbIr+YrjF2N4mrY0rA9NPpn64fpLETIjjGMphaTy04sz7vI6jbmyu
+DwKhAZraKScw
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
+SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
+GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
+q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
+SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
+Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
+a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
+/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
+AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
+CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
+bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
+c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
+VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
+ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
+MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
+Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
+AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
+uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
+wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
+X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
+PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
+KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
+-----END CERTIFICATE-----

nginx/keys/letsencrypt.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDNNsxCneADeQ/o
+IR2U92gLc/V4sQJaUEpoD+6QczQVNuWsBZOPS3uuEMtGK9Yj/KO1JGSls6F54DBA
+cAWi+Bq5JHnh+NVzokmSzwy8Zo97HF3TTBYHL8vx5BA6jrE2/ynVePA5sWmr7Ci8
+0SSDxzCf+3dgsVo4A3rSMZXWFdn0J3mQv6JoUzZkHuKYFmgpddz9cDLvEcQ5A414
+fyTMnF7BsbqZumOwk+iKTlTKN3nh4Mh2+jQ5WhLw+c3xYzebZLFX59o7ee33PXrW
+FxYmUoxgWRetqV8Z7By7yZkv2BAOqlVvCCc5Uruc2ajNyE8JIW2GgODU7eEtRLYc
+O1BhFYVjAgMBAAECggEBAL/xmF5a8rPs4U764oN6YcwMmzZXQl8dKGtrM3XS+404
+OtyKnrlyHe3y8V7iE7q3TJxavPUsLkYjxp4O6YbET6KKlqIhL+2nhu+VUFFMELpT
+DwNa8GOqdjT7X56V5vYM9qEgLHmaEr/m9Tee22uSvU12VPORD1TDFHdUP9TtvV4a
+fO5gfSInlea6zEB50+00rd3OO8RMCUEAt5rTQLCY5voQP3Ago+l8b4Kx/1qUo/mw
+SL4t0mP4mZ48zK5HrydDSiCfUfO9aIx3pWbxmFTHBSI3vb2pNmMDVnZH56rxQaKh
+RfYrUteP59b7tG52shb1UrzEgS/1YUg1huUlHhtg38ECgYEA745gSOuprpKbrBG5
+GIg5g3vRPm0x+cxyjclhWXPsE4MP2atRJoYfxAFbGSS0tEXEle6okPRrYXBP0FuB
+gWydQlpe0ihCblUOfNFC7Lio0173ndX3XtrXtxL0Au+MsFFQavVTwZW93Z0GtqAq
+4MWtW4cg+ApMhV9TR4dOFQO204MCgYEA20zxHHG2mQkofgvTGbw0FJI0Ux45uVbB
+A8dX6b3n7XNMUEKd03w7SHeFQFArTm5GU1sbzsUcJBuidPrf2weu7PnHafqJroqs
+tNCotxOvJvTsbJXgt1/CjqwAqCSRkOUEhHkKGhyqI6sBmfIh0MhehJfvrl9IFgiX
+SpRkXvTzgKECgYB+6U7ZUwByG/mdD0agWIsfvVj9WZxAWq/VrfqFCYToUWb0Sm6T
+mjr5/D3m9CtH1i5vwCBNqy+4T2f5WoEhsAkgPgA+FlYbXbRvK+3ou2u1j3pfhBup
+hQcDVmcvpvlB79JK1+2ngU01OxtzZSdSLWfKNayhu9MOVZIpMuWK/Iy/QQKBgBYl
+LOvsZ74IeLhRxV2B7dht8y65jKa0pgUVqkEGVldaH0izkXB7yRjGSQR3lAf1htCA
+EMzOhsr2p28crmJV4ko35vVCwYiIpGwV7hOevz812HIWqHycBO+XWvGfz7tMBSrD
+dkuwvVWgvSaoltWYhkLpfOCk6oifEXgMiB42qihBAoGAXRoAbV4KsTffl0KPUq8J
+kixO37C1FhsCwHiqNCYqeIqKJrBXcoePHATmS90VMalnffNCbsXOf+YmTbCJIGxT
+DxENL5I8hNGx6aYuTb3uBEVK3T+ioRo8ZkyshJSj17zOqISfyQZuyEgr107pAJes
+vnR1ph0DlsxZQWPx7QSwodE=
+-----END PRIVATE KEY-----

renew_keys.sh

@@ -6,13 +6,15 @@ docker stop production_nginx_1
 sudo certbot renew
 
 ### Remove the old keys
-rm ~/production/nginx/keys/letsencrypt/old/letsencrypt.*
+rm /proxy/nginx/keys/letsencrypt/old/letsencrypt*
 
 ### Deprecate and back up the current keys
-mv ~/production/nginx/keys/letsencrypt.* ~/production/nginx/keys/old
+mv /opt/proxy/nginx/keys/letsencrypt* /opt/proxy/nginx/keys/old
 
 ### Copy over the new keys
-sudo cat /etc/letsencrypt/live/<CHANGE_ME>/fullchain.pem > ~/production/nginx/keys/letsencrypt.crt
-sudo cat /etc/letsencrypt/live/<CHANGE_ME>/privkey.pem > ~/production/nginx/keys/letsencrypt.key
+sudo cat /etc/letsencrypt/live/craftinamerica.org/fullchain.pem > /opt/proxy/nginx/keys/letsencrypt.crt
+sudo cat /etc/letsencrypt/live/craftinamerica.org/privkey.pem > /opt/proxy/nginx/keys/letsencrypt.key
+sudo cat /etc/letsencrypt/live/freehand.com/fullchain.pem > /opt/proxy/nginx/keys/letsencrypt-freehand.crt
+sudo cat /etc/letsencrypt/live/freehand.com/privkey.pem > /opt/proxy/nginx/keys/letsencrypt-freehand.key
 
-echo "RUN the ./rebuild.sh script now to move over the newly generated keys and restart the container"
+echo "RUN the ./rebuild.sh script now to move over the newly generated keys and restart the container"