Skip to content
This repository has been archived by the owner on Jan 9, 2023. It is now read-only.

Commit

Permalink
Merge pull request #111 from MatthewDorner/docker-ssl-fix
Browse files Browse the repository at this point in the history
Change http port and offer non-automatic SSL option.
  • Loading branch information
donaldwasserman authored Aug 21, 2018
2 parents f79ccea + 9e2855a commit 81d11f1
Show file tree
Hide file tree
Showing 7 changed files with 110 additions and 25 deletions.
8 changes: 6 additions & 2 deletions DEPLOYMENT_GUIDE.md
Original file line number Diff line number Diff line change
Expand Up @@ -58,11 +58,15 @@ Follow these five easy steps to get HospitalRun up and running

2. Run `cd hospitalrun-server`. This should take you into the `hospitalrun-server` root folder

3. From this location, edit the `docker-compose.yml` file. Within the nginx service, edit the `DOMAIN_NAME` argument and replace `www.example.com` as shown in the image below with the publicly accessible domain name that HospitalRun will run on
3. From this location, edit the `docker-compose.yml` file.

To use automatic SSL cert generation, edit the `DOMAIN_NAME` argument and replace `www.example.com` as shown in the image below with the publicly accessible domain name that HospitalRun will run on.

To instead use your own SSL cert, change the `SSL_TYPE` argument to `self` and place your certificate files at `data/nginx/cert/ssl.crt` and `data/nginx/cert/ssl.key`. You will need to create a `data/nginx/cert` path from the root folder if you haven't run the server yet.

4. Save the file and run `docker-compose up --build -d`. You should wait for some ten minutes or less for your environment to be up and running. Deployment speed will vary based on your internet connection speed and the quality of your infrastructure

5. Go to [http://localhost:8055/](http://localhost:8055/) in a browser and login with username ```hradmin``` and password ```test```
5. Go to [http://localhost/](http://localhost/) in a browser and login with username ```hradmin``` and password ```test```

![screenshot](screenshot.png)

Expand Down
6 changes: 4 additions & 2 deletions docker-compose.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,18 @@ services:
build:
args:
DOMAIN_NAME: www.example.com
SSL_TYPE: auto
context: nginx/.
dockerfile: Dockerfile
links:
- hospitalrun
ports:
- "8055:80"
- "80:80"
- "443:443"
image: hospitalrun_nginx
volumes:
- ./data/nginx/letsencrypt:/etc/letsencrypt
- ./data/nginx/cert:/etc/nginx/cert

hospitalrun:
container_name: hospitalrun
Expand Down Expand Up @@ -74,4 +76,4 @@ services:

volumes:
esdata1:
driver: local
driver: local
15 changes: 10 additions & 5 deletions nginx/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -2,22 +2,27 @@ FROM nginx:1.11.10
LABEL Maintainer Mofesola Babalola <[email protected]>

ARG DOMAIN_NAME
ARG SSL_TYPE

RUN apt-get -y update && apt-get install -y cron

COPY conf/certbot-auto /usr/bin/
RUN certbot-auto --os-packages-only --non-interactive

ENV DOMAIN_NAME $DOMAIN_NAME
ENV SSL_TYPE $SSL_TYPE

WORKDIR /etc/nginx
COPY conf/nginx.conf /etc/nginx/nginx.conf
COPY conf/default.conf.tmpl /etc/nginx/conf.d/default.conf.tmpl
COPY conf/defaultssl.conf.tmpl /etc/nginx/conf.d/defaultssl.conf.tmpl

COPY conf/default.conf.tmpl /etc/nginx/conf.d/default
COPY conf/defaultautossl.conf.tmpl /etc/nginx/conf.d/defaultautossl.tmpl
COPY conf/defaultselfssl.conf.tmpl /etc/nginx/conf.d/defaultselfssl

COPY conf/entrypoint.sh entrypoint.sh

RUN chmod +x entrypoint.sh
RUN envsubst < /etc/nginx/conf.d/default.conf.tmpl > /etc/nginx/conf.d/default.conf \
&& envsubst < /etc/nginx/conf.d/defaultssl.conf.tmpl > /etc/nginx/conf.d/defaultssl
RUN envsubst < /etc/nginx/conf.d/defaultautossl.tmpl > /etc/nginx/conf.d/defaultautossl

ENTRYPOINT /etc/nginx/entrypoint.sh
EXPOSE 80 443
EXPOSE 80 443
2 changes: 1 addition & 1 deletion nginx/conf/default.conf.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -44,4 +44,4 @@ server {
}


}
}
73 changes: 73 additions & 0 deletions nginx/conf/defaultautossl.conf.tmpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
server {
listen 80;
server_name _;

#charset koi8-r;
access_log /dev/stdout;
error_log /dev/stderr warn;


location / {
rewrite ^(.*)$ https://$host$request_uri;
}

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ /\.ht {
deny all;
}
}

server {
listen 80;
server_name localhost;

#charset koi8-r;
access_log /dev/stdout;
error_log /dev/stderr debug;


location / {
proxy_pass http://hospitalrun:3000;
}

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ /\.ht {
deny all;
}
}

server {
listen 443 ssl;
server_name _;

#charset koi8-r;
access_log /dev/stdout;
error_log /dev/stderr warn;


location / {

proxy_pass http://hospitalrun:3000;

# Add HTTP Strict Transport Security for good measure.
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";
}

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ /\.ht {
deny all;
}


ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem;
}
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,6 @@ server {
deny all;
}


ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem;
}
ssl_certificate /etc/nginx/cert/ssl.crt;
ssl_certificate_key /etc/nginx/cert/ssl.key;
}
24 changes: 13 additions & 11 deletions nginx/conf/entrypoint.sh
Original file line number Diff line number Diff line change
@@ -1,13 +1,15 @@
#!/usr/bin/env bash
(crontab -l 2>/dev/null; echo "30 2 * * 1 /usr/bin/certbot-auto renew --quiet --no-self-upgrade >> /var/log/letsencrypt/le-renew.log") | crontab -
mkdir -p /var/log/letsencrypt && touch /var/log/letsencrypt/install.log
if [ ! -f /etc/letsencrypt/live/${DOMAIN_NAME}/cert.pem ]; then
certbot-auto certonly --standalone --non-interactive --agree-tos --email admin@${DOMAIN_NAME} -d ${DOMAIN_NAME} 2>&1 | tee /var/log/letsencrypt/install.log \
&& if [ -f /etc/letsencrypt/live/${DOMAIN_NAME}/cert.pem ]; then
mv /etc/nginx/conf.d/defaultssl /etc/nginx/conf.d/defaultssl.conf \
&& rm /etc/nginx/conf.d/default.conf \
&& nginx -s reload
fi \
&
rm /etc/nginx/conf.d/*.conf
if [ "$SSL_TYPE" = "auto" ]; then
if [ ! -f /etc/letsencrypt/live/${DOMAIN_NAME}/cert.pem ]; then
mkdir -p /var/log/letsencrypt && touch /var/log/letsencrypt/install.log \
&& certbot-auto certonly --standalone --non-interactive --agree-tos --email admin@${DOMAIN_NAME} -d ${DOMAIN_NAME} 2>&1 | tee /var/log/letsencrypt/install.log
fi \
&& (crontab -l 2>/dev/null; echo "30 2 * * 1 /usr/bin/certbot-auto renew --quiet --no-self-upgrade >> /var/log/letsencrypt/le-renew.log") | crontab - \
&& cp /etc/nginx/conf.d/defaultautossl /etc/nginx/conf.d/defaultautossl.conf
elif [ "$SSL_TYPE" = "self" ]; then
cp /etc/nginx/conf.d/defaultselfssl /etc/nginx/conf.d/defaultselfssl.conf
elif [ "$SSL_TYPE" = "none" ]; then
cp /etc/nginx/conf.d/default /etc/nginx/conf.d/default.conf
fi
nginx -g "daemon off;"
nginx -g "daemon off;"

0 comments on commit 81d11f1

Please sign in to comment.