This repository has been archived by the owner on Jan 9, 2023. It is now read-only.
-
-
Notifications
You must be signed in to change notification settings - Fork 644
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #111 from MatthewDorner/docker-ssl-fix
Change http port and offer non-automatic SSL option.
- Loading branch information
Showing
7 changed files
with
110 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -2,22 +2,27 @@ FROM nginx:1.11.10 | |
LABEL Maintainer Mofesola Babalola <[email protected]> | ||
|
||
ARG DOMAIN_NAME | ||
ARG SSL_TYPE | ||
|
||
RUN apt-get -y update && apt-get install -y cron | ||
|
||
COPY conf/certbot-auto /usr/bin/ | ||
RUN certbot-auto --os-packages-only --non-interactive | ||
|
||
ENV DOMAIN_NAME $DOMAIN_NAME | ||
ENV SSL_TYPE $SSL_TYPE | ||
|
||
WORKDIR /etc/nginx | ||
COPY conf/nginx.conf /etc/nginx/nginx.conf | ||
COPY conf/default.conf.tmpl /etc/nginx/conf.d/default.conf.tmpl | ||
COPY conf/defaultssl.conf.tmpl /etc/nginx/conf.d/defaultssl.conf.tmpl | ||
|
||
COPY conf/default.conf.tmpl /etc/nginx/conf.d/default | ||
COPY conf/defaultautossl.conf.tmpl /etc/nginx/conf.d/defaultautossl.tmpl | ||
COPY conf/defaultselfssl.conf.tmpl /etc/nginx/conf.d/defaultselfssl | ||
|
||
COPY conf/entrypoint.sh entrypoint.sh | ||
|
||
RUN chmod +x entrypoint.sh | ||
RUN envsubst < /etc/nginx/conf.d/default.conf.tmpl > /etc/nginx/conf.d/default.conf \ | ||
&& envsubst < /etc/nginx/conf.d/defaultssl.conf.tmpl > /etc/nginx/conf.d/defaultssl | ||
RUN envsubst < /etc/nginx/conf.d/defaultautossl.tmpl > /etc/nginx/conf.d/defaultautossl | ||
|
||
ENTRYPOINT /etc/nginx/entrypoint.sh | ||
EXPOSE 80 443 | ||
EXPOSE 80 443 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -44,4 +44,4 @@ server { | |
} | ||
|
||
|
||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
server { | ||
listen 80; | ||
server_name _; | ||
|
||
#charset koi8-r; | ||
access_log /dev/stdout; | ||
error_log /dev/stderr warn; | ||
|
||
|
||
location / { | ||
rewrite ^(.*)$ https://$host$request_uri; | ||
} | ||
|
||
error_page 500 502 503 504 /50x.html; | ||
location = /50x.html { | ||
root /usr/share/nginx/html; | ||
} | ||
location ~ /\.ht { | ||
deny all; | ||
} | ||
} | ||
|
||
server { | ||
listen 80; | ||
server_name localhost; | ||
|
||
#charset koi8-r; | ||
access_log /dev/stdout; | ||
error_log /dev/stderr debug; | ||
|
||
|
||
location / { | ||
proxy_pass http://hospitalrun:3000; | ||
} | ||
|
||
error_page 500 502 503 504 /50x.html; | ||
location = /50x.html { | ||
root /usr/share/nginx/html; | ||
} | ||
location ~ /\.ht { | ||
deny all; | ||
} | ||
} | ||
|
||
server { | ||
listen 443 ssl; | ||
server_name _; | ||
|
||
#charset koi8-r; | ||
access_log /dev/stdout; | ||
error_log /dev/stderr warn; | ||
|
||
|
||
location / { | ||
|
||
proxy_pass http://hospitalrun:3000; | ||
|
||
# Add HTTP Strict Transport Security for good measure. | ||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;"; | ||
} | ||
|
||
error_page 500 502 503 504 /50x.html; | ||
location = /50x.html { | ||
root /usr/share/nginx/html; | ||
} | ||
location ~ /\.ht { | ||
deny all; | ||
} | ||
|
||
|
||
ssl_certificate /etc/letsencrypt/live/${DOMAIN_NAME}/fullchain.pem; | ||
ssl_certificate_key /etc/letsencrypt/live/${DOMAIN_NAME}/privkey.pem; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,13 +1,15 @@ | ||
#!/usr/bin/env bash | ||
(crontab -l 2>/dev/null; echo "30 2 * * 1 /usr/bin/certbot-auto renew --quiet --no-self-upgrade >> /var/log/letsencrypt/le-renew.log") | crontab - | ||
mkdir -p /var/log/letsencrypt && touch /var/log/letsencrypt/install.log | ||
if [ ! -f /etc/letsencrypt/live/${DOMAIN_NAME}/cert.pem ]; then | ||
certbot-auto certonly --standalone --non-interactive --agree-tos --email admin@${DOMAIN_NAME} -d ${DOMAIN_NAME} 2>&1 | tee /var/log/letsencrypt/install.log \ | ||
&& if [ -f /etc/letsencrypt/live/${DOMAIN_NAME}/cert.pem ]; then | ||
mv /etc/nginx/conf.d/defaultssl /etc/nginx/conf.d/defaultssl.conf \ | ||
&& rm /etc/nginx/conf.d/default.conf \ | ||
&& nginx -s reload | ||
fi \ | ||
& | ||
rm /etc/nginx/conf.d/*.conf | ||
if [ "$SSL_TYPE" = "auto" ]; then | ||
if [ ! -f /etc/letsencrypt/live/${DOMAIN_NAME}/cert.pem ]; then | ||
mkdir -p /var/log/letsencrypt && touch /var/log/letsencrypt/install.log \ | ||
&& certbot-auto certonly --standalone --non-interactive --agree-tos --email admin@${DOMAIN_NAME} -d ${DOMAIN_NAME} 2>&1 | tee /var/log/letsencrypt/install.log | ||
fi \ | ||
&& (crontab -l 2>/dev/null; echo "30 2 * * 1 /usr/bin/certbot-auto renew --quiet --no-self-upgrade >> /var/log/letsencrypt/le-renew.log") | crontab - \ | ||
&& cp /etc/nginx/conf.d/defaultautossl /etc/nginx/conf.d/defaultautossl.conf | ||
elif [ "$SSL_TYPE" = "self" ]; then | ||
cp /etc/nginx/conf.d/defaultselfssl /etc/nginx/conf.d/defaultselfssl.conf | ||
elif [ "$SSL_TYPE" = "none" ]; then | ||
cp /etc/nginx/conf.d/default /etc/nginx/conf.d/default.conf | ||
fi | ||
nginx -g "daemon off;" | ||
nginx -g "daemon off;" |