feat: add certs for secured admin

Dockerfile

@@ -2,4 +2,6 @@ FROM nginx:latest
 
 COPY privkey.pem /etc/nginx/
 COPY fullchain.pem /etc/nginx/
+COPY key.pem /etc/nginx/
+COPY cert.pem /etc/nginx/
 COPY default.conf /etc/nginx/conf.d/

cert.pem

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDMDCCAhigAwIBAgIIekwtR/9AxDowDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE
+AxMVbWluaWNhIHJvb3QgY2EgNGZmNGMxMB4XDTI0MDEyMTAwMTA0NVoXDTI2MDIy
+MDAwMTA0NVowFjEUMBIGA1UEAxMLc2FkbWluLnBlbmEwggEiMA0GCSqGSIb3DQEB
+AQUAA4IBDwAwggEKAoIBAQC5BIHp82z+PKTPyCaN2avT4IhlndnOLVlA5d0wxPXB
+lznLqB54gigFitaL7iDzAoBmQGjewwzJD4GemR31vTxmkSvpvH8/9ooeiIMJpMcV
+h8eGpmyLBvwZ/V0W8ucetQEiZU+w8HFpQhYN7g8nYU9SPuZqVDq9Ywa1QkiwOiuo
+gM5AZzCUUQ49BaqLwXw8COfmnkFWBaH1WhEoYAV2GhYuYBIHI+03DTO/94R0Rymr
+q34LNC58mL5HXWX420JtJik9FE2waJeHVWOOrRZrdUY5q+L49nxlVKXouPcEV4Vx
+gSnR+dzReulaWxpCb1Z+n9R3z2gkXSff+bEbHupCUBCbAgMBAAGjeDB2MA4GA1Ud
+DwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0T
+AQH/BAIwADAfBgNVHSMEGDAWgBQd0TImkz6CUxiYP6EAT2Fwmo+yKDAWBgNVHREE
+DzANggtzYWRtaW4ucGVuYTANBgkqhkiG9w0BAQsFAAOCAQEAF6DZLmyICFdKsgQh
+o6vr9G6FCmY9rVZHPxz1yTvbA+dPkpYCoOjLHDv6lc7wPqXQ5ei6iDGvkLMJvamU
+vbv23NgcBaP3m4PEH4EWzIH2yqhAEVyMBOHG4Rtthi4NU22d5AKDv4nYnWKhyf6v
+9CqGIV1huB+sEzlMMjgwEB6bZqsVvKEJqt//234GtNHTBCx5lRvVFCBQqbhxAGux
+mjb0MpJ3Sspg3k5+wxzkvmqkEfQGXqUxJIQNGWg717MUgjnRjJkJUMztK4lBIIr7
+GskYF+0vficG18X7bbNkyCzgq8InafgQELV2DxIQZvHo1p6fW2tgrrHScZSbQy1i
+Y8CnMg==
+-----END CERTIFICATE-----

default.conf

@@ -12,10 +12,10 @@ server {
     add_header Access-Control-Allow-Headers content-type,authorization always;
       return 200;
     }
-    if ($host = admin.pena.digital) {
+    if ($host = sadmin.pena) {
       proxy_pass http://10.6.0.11:59301;
     }
-    if ($host != admin.pena.digital) {
+    if ($host != sadmin.pena) {
       proxy_pass http://10.6.0.11:59300;
     }
     proxy_hide_header Access-Control-Allow-Origin;
@@ -273,7 +273,7 @@ server {
     }
 	}
 
-  listen [::]:443 ssl ipv6only=on; # managed by Certbot
+  listen [::]:443 ssl ipv6only=on;
   listen 443 ssl; # managed by Certbot
   ssl_certificate /etc/nginx/fullchain.pem; # managed by Certbot
   ssl_certificate_key /etc/nginx/privkey.pem; # managed by Certbot

key.pem

@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEAuQSB6fNs/jykz8gmjdmr0+CIZZ3Zzi1ZQOXdMMT1wZc5y6ge
+eIIoBYrWi+4g8wKAZkBo3sMMyQ+Bnpkd9b08ZpEr6bx/P/aKHoiDCaTHFYfHhqZs
+iwb8Gf1dFvLnHrUBImVPsPBxaUIWDe4PJ2FPUj7malQ6vWMGtUJIsDorqIDOQGcw
+lFEOPQWqi8F8PAjn5p5BVgWh9VoRKGAFdhoWLmASByPtNw0zv/eEdEcpq6t+CzQu
+fJi+R11l+NtCbSYpPRRNsGiXh1Vjjq0Wa3VGOavi+PZ8ZVSl6Lj3BFeFcYEp0fnc
+0XrpWlsaQm9Wfp/Ud89oJF0n3/mxGx7qQlAQmwIDAQABAoIBAHYOdD8t/swzMg8L
+bd5xmHy39xCwKnyu3xbUFdG6u/3tWwmimt7WXmc68i+ToR6u5/NXAhOybgQViuYC
+WeWl/FaOJ3EbwC62R+e3v7V1mTsZyq0WoIgNyutiifXMxMEJSlICR1ll81fwvVXi
+I3VDWHPoguoyGNEj0PHz+6HHXHhFsMUcI6Nwf+n8l6m9LCohvOH28kO5Lbz9pw5H
+laus8GiQyVlsgwJyf6RauUmoSFanisXSt3cOPa1yCVrD7CBZJt2a3Ro1X0rEdpOE
+4WHhTAep4JE3NuMPRCaL7mbolDpz2AHCFV6YMVXYCRpYTtETF/UO3x79KI8QLY8X
+8Q7Ge5ECgYEA9Ayd5dIdmQR1nGpzhyA6cWpKw//6y83TAUA/twE2v3UEFcyNuCTV
+Bo4er9t1PaxImnu+Td2g76h+pOI0djIvtFeHTsB3J+yYF/eMVWlmZM+MAaY8L+bh
+IEKj+nLRe3MQJGjZiG9pUhPPtIaPsBctLUdMLbXwwHAasNgELiIMONcCgYEAwhPf
+xD3StqW8NR+rx70EhijAuZg7+R7y13boBfR2P5Y5re4gckVNbkau6SnrtO7FxWuz
+QjQMCorXalzV/bqxEKqf0nMw3EoXwScgoEB++Hm5LhVaLJkONjB7e89yA49LVS4A
+cMivNu5VbzIgEYCF7ioRQ60SZ5UiyiZyBKC6Gd0CgYEAqUz3XK9eiQBm9pOCgYMC
+CBvMshuqSCgI8R05FiNpb3gl1VmKFuy2O03sS+LaemZCF6kwY6QUOS2SbZ/e9P/r
+yBfQbflmr/OZr0azu6zas6SnY52Gs1RfaJnSV7O/TvyLfjaecd+YGLBVrs6Kb4Yk
+ePy1BCDrWxRp77RrcfV8tRECgYBh4Z4gnkGQpqP2cwOzGCyY8SLKN/I/YZF+g9Tf
+c/zTcxOiGhA5MaSssm9y3xamySnruLbO8+sCwiWE2k9+yVKWIke63yfMYn36h55X
+1E91SAbSLCivh334bJlKx0QscW/ABRRpzX05ChkCnNg5m4VwqbzNUhOPNFM4ew1U
+Mi/J7QKBgBKYR0rMDeSr0w54LKmdAoGuQr5XyUpJ1xAED0CrFff13Vb8usaN7cNo
+9QBCuvXE64lLKz0DeHzTaGoGqVjA6r1JX9cMkFkBPV5Y80bNCZgiWe2leJP33qZz
+kLukXKxa42tcpIw5KFgVrc4nCqQevlleWHJSER24/F1dkSZIhSCt
+-----END RSA PRIVATE KEY-----